xworm | hxxps://easyupload[.]io/lmab1o

Analysis

max time kernel
299s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2025, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/lmab1o

Score

10^/10

xworm defense_evasion discovery execution rat themida trojan

Malware Config

Extracted

Family

xworm

patients-fares.gl.at.ply.gg:7179

Attributes

Install_directory
%Temp%
install_file
dsec.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023d5d-283.dat	family_xworm
behavioral1/memory/6364-292-0x0000000000CE0000-0x0000000000CFC000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5680	powershell.exe
7748	powershell.exe
7008	powershell.exe
7372	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	Bootstraper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	Bootstrapper_v2.2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	Bootstraper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	Bootstrapper_v2.2.exe

Executes dropped EXE 8 IoCs

pid	Process
7084	Bootstraper.exe
6176	Bootstrapper_v2.2.exe
6364	vccxvcx.exe
7048	Solara.exe
5604	Bootstraper.exe
6972	Bootstrapper_v2.2.exe
6960	vccxvcx.exe
7460	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
7048	Solara.exe
7048	Solara.exe

Themida packer 29 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/7048-433-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-434-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-436-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-435-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-851-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-852-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-864-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-878-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-879-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-889-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-890-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-891-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-892-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-911-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-940-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-987-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1015-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1054-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1068-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1211-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1230-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1255-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1274-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1293-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1307-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1335-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1345-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1361-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral1/memory/7048-1380-0x0000000180000000-0x00000001810A0000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
718	pastebin.com
656	pastebin.com
657	pastebin.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
630	ip-api.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
7048	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1914016404\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_99863077\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1561978999\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1852975800\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_99863077\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_2016805651\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_99863077\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-el.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1852975800\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Part-IT	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-af.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_99863077\keys.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1193189948\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1193189948\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Filtering Rules	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Part-DE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Part-ES	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Part-ZH	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_2016805651\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1852975800\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1193189948\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\adblock_snippet.js	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1552384045\Part-FR	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_99863077\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-es.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5736_1132818383\hyph-mr.hyb	msedgewebview2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853427103504780"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
7008	powershell.exe
7008	powershell.exe
7008	powershell.exe
5680	powershell.exe
5680	powershell.exe
5680	powershell.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7372	powershell.exe
7372	powershell.exe
7372	powershell.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7748	powershell.exe
7748	powershell.exe
7748	powershell.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe
7048	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5556	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
5736	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeRestorePrivilege	7012	7zG.exe
Token: 35	7012	7zG.exe
Token: SeSecurityPrivilege	7012	7zG.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeSecurityPrivilege	7012	7zG.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeShutdownPrivilege	4180	chrome.exe
Token: SeCreatePagefilePrivilege	4180	chrome.exe
Token: SeDebugPrivilege	6364	vccxvcx.exe
Token: SeShutdownPrivilege	4180	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
7012	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe
4180	chrome.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe
8104	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 4060	4180	chrome.exe	84
PID 4180 wrote to memory of 4060	4180	chrome.exe	84
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 2564	4180	chrome.exe	85
PID 4180 wrote to memory of 3548	4180	chrome.exe	86
PID 4180 wrote to memory of 3548	4180	chrome.exe	86
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87
PID 4180 wrote to memory of 1272	4180	chrome.exe	87

cURL User-Agent 9 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	670	curl/8.9.1-DEV
HTTP User-Agent header	682	curl/8.9.1-DEV
HTTP User-Agent header	833	curl/8.9.1-DEV
HTTP User-Agent header	668	curl/8.9.1-DEV
HTTP User-Agent header	669	curl/8.9.1-DEV
HTTP User-Agent header	671	curl/8.9.1-DEV
HTTP User-Agent header	681	curl/8.9.1-DEV
HTTP User-Agent header	661	curl/8.9.1-DEV
HTTP User-Agent header	667	curl/8.9.1-DEV

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/lmab1o
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffc83ccc40,0x7fffc83ccc4c,0x7fffc83ccc58
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4804,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5060,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5296,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4396,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5096,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5924,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5920,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5068,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6392,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6380,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5740,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6584,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=7008,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=7276,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7432,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7668,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7928,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7924,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=360,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7236,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7420,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6928,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7108,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7060,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8244,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8256,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8024,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8328 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7024,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8292,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8300 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8700,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8856,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9044,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8988,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9020,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9172 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8976,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8184,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8752 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8804,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9588 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9596,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=9736,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9756 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9900,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6880,i,13508622300290450991,261357771148021327,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:5776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6864

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\cxzczx\" -ad -an -ai#7zMap13286:74:7zEvent31090
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7012

C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe
"C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:7084
- C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe
  "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6176
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:7008
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5680
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\AppData\Roaming" --bootstrapperExe "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:7048
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=7048.908.4713663644679784966
      4⤵
      Drops file in Program Files directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5736
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x17c,0x180,0x184,0x158,0x134,0x7fffa88db078,0x7fffa88db084,0x7fffa88db090
        5⤵
        
        PID:7080
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1700,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1704,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
        5⤵
        
        PID:6456
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2056,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:8
        5⤵
        
        PID:6548
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3764,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1
        5⤵
        
        PID:7204
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4768,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:8
        5⤵
        
        PID:8092
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4852,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:8
        5⤵
        
        PID:7736
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4728,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:8
        5⤵
        
        PID:7868
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2168,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
        5⤵
        
        PID:8144
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4932,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
        5⤵
        
        PID:8068
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4836,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:8
        5⤵
        
        PID:2000
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4392,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
        5⤵
        
        PID:5564
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4304,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8
        5⤵
        
        PID:8132
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4388,i,4227182291431842505,3885970177985344554,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
        5⤵
        
        PID:7028
- C:\Users\Admin\AppData\Roaming\vccxvcx.exe
  "C:\Users\Admin\AppData\Roaming\vccxvcx.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6364

C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe
"C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5604
- C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe
  "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6972
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:7372
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:7748
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\AppData\Roaming" --bootstrapperExe "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
    3⤵
    - Executes dropped EXE
    PID:7460
- C:\Users\Admin\AppData\Roaming\vccxvcx.exe
  "C:\Users\Admin\AppData\Roaming\vccxvcx.exe"
  2⤵
  - Executes dropped EXE
  PID:6960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8104
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\cxzczx\CONFIG
  2⤵
  PID:5684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\SolaraTemp.zip

Filesize
10.0MB

MD5
70dee78ca006688aa02c252d11305977

SHA1
b76593c496accf25d1e464c89ccf05dff10255a6

SHA256
7c118309fd4847882a153f300ace21f951851d2d64acd74ee40b37178477e325

SHA512
08decdef55c0d983f9b763d1c142d213060e505706206ae9039a6d9869884d8c5cb9f461dcfecd47e8aeab5efbd98664fbfb17c0ffb41b04420e05a8a7e51db3

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2a0506c7902018d7374b0ec4090c53c0

SHA1
26c6094af2043e1e8460023ac6b778ba84463f30

SHA256
cad1e2eef6e20e88699fac5ef31d495890df118e58c86fc442ea6337aac7a75a

SHA512
4a9856512e7866b8623565886e5f3aebf15c824cb127e24be9afa2a5501a83fa95d209875a8777566bcac9973b38881e18caf6ad160c8d01366a508cafc2164b

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
eb41f31fd4bc8bab8821da4902cb6604

SHA1
f6fc2ea2ac5d390982158b93d49714af8afa26e9

SHA256
25c9a3a3c10f080c2b6485eb94d24e15d53a17fb0992fb2d5db0883a36f5426e

SHA512
3b253644b3512ed14b69dd0e1ba89fe35863a3f7c59d155be7f8bf66e31d67277505e4dcc35eb6244edabfe1beebe728ccd714cd086ad3515b8eba2875c63838

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
923b8db7b8995984c681d2436964f4ed

SHA1
58f024c6302b1fc98b200335345a6f82673ae25d

SHA256
1d7667b34380985573458e446a8bfb8f0d1b1f8ff174f669acab41fad31042f3

SHA512
879a2ebf60b41cc3fad34ac044bfc9b2a3858f6441df2258e8715f9d5d1752291d3d905e9a69449c0f5fba7dd1e7ff0b9e37654800fea8e2f66ce31a21541d4d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe595d59.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
17cb7450b4a2b8c2a8a9c07aafb0bbb2

SHA1
802d565b4dff107e12e7446f3b3124977cef6e07

SHA256
43395f5a402dd5f2b786fa8cbe4fb910c1165a1c24056ef98fe009e472aea42c

SHA512
ff1c90b9de78fb5448dd32ff62998277be6bbea01ac8112e0b5089d14cd861a7c287ee62ca84badc7acd50d5b44f2dce130b909b1c71df6bcec135e91068ef82

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe58e5e6.TMP

Filesize
6KB

MD5
ba0927dbcc1dc78a1b74c8e3c3284343

SHA1
23054b2c38473bc1214fe86bb4fac2b95f942d81

SHA256
f2af5aa2e88fa2e1e0c26e5c27e57229fa995fc86b58ca09ad1c69df8e026d51

SHA512
57c732bad506f3937ad1fa252c6aa184841fa09f5ccbf6998a37d75be74b27f3d179ec609c157f695cc145aee501fccaa4cf651fd7709cb5541713ac50864415

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
8db941c7a421ab5796012d266a58f68f

SHA1
afa7bb595f2e68f4f707016cf3a2f1955878d0c5

SHA256
db4655c1ff5f2f1c4942cacee82413960d971461f5e7010703f04c05afaf7dac

SHA512
0ec0c2d57bc0f61be5639e1dd718eef702ffbe9c023fa71ec44f00af7ee9efd13ef3ac3479fdbda33fb95d8fae529081b555fabfd0193555e89356da5dac78fa

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
5938ca0914c5b9a9a75066263d8e2ebd

SHA1
4a8b0d14910a1085181994e0de38779267e87aa2

SHA256
897505a6bc1e6a47c0ec8b909fce23307ecdac58ad99c8e770d9d759b5911356

SHA512
21b9e61df105e83e07a15c61c27163d802e757470386ec63b32a292815681c3a710223a446a9065457428638f8c30fd705cb56ee83cd2124ee8ee9bda99e0998

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
d28562eeb432529e295421ada24b3259

SHA1
751d0e32eb7994aa338718e311cebd9007c627df

SHA256
e183001ca523cffa44b059aab6065b96617976a1fc59d0645cbf0c6eee8c9bce

SHA512
d13dfe1d37c660511d67bd4740d4851e707c221165b1a407f5cea5c928dc2ac0403fe5413c32aab2cbf263ced154e565e3747e2304be13c0962ab2796541aea5

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5847c2.TMP

Filesize
1KB

MD5
6660d597af2998b41695e3fd1c2e54ee

SHA1
8999e0b13c0bec078f0f294b54865068e7501898

SHA256
95e9e13784d02d63f9c2a9181b23a1c2f99c9b5e14f0a570fedc63af1b2ca628

SHA512
168ce81f0921685ce7435a6c4a8ee89b5e0fc51d14a5fa7d11630266ed861e36301f1b84041e3c26d04c961f3a2635a7491d7d8ce42e7644df0ae7428becf825

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\f01d5be5-072b-4e43-a5d8-33f8afb12397.tmp

Filesize
16KB

MD5
96e3457ff3b10c1913ae9650b7f7de69

SHA1
7459ac1884e29b13949c09e10d681ff6b9d4d212

SHA256
1ee0640f03d091d6861207ee66748fbd79eb40642f609f710695c94d63b425ca

SHA512
1fff5f6a27d3d018c7e35ec51fbc75648e22ba69c7255320b4e19c79a801a99037d94f71ac36f40ed4a74e88f9b7eaa2fb064e766a7b6c4ef9ad715c35c3e149

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f3b6869-a74c-4578-a997-d0edd818b842.tmp

Filesize
649B

MD5
cf9c4a3fde024e8d940c4ee7a217ecd5

SHA1
ca09e4a41a4fefcd57837b760a03be4c0846318f

SHA256
0f4cccd04d4bd56b8fe02e5a436b3dd674d113276bc90e7c47d9b169621b63c7

SHA512
413952e6ac7fe2a4426c16617415aa20f565094f5ef58f9090e2ceb30bb182a962906a90b7a63650b001ca35d8456a74768a84516a3be912048fd201459c1e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
54KB

MD5
4b7ecd257f0e110a4ad582d7d38f4d23

SHA1
2a5bb98230d640c8e18608d9b03771ee9f57a9d9

SHA256
95877c4adbf174b9122e8786e74e4c80a484c4da396fd74d65f5ac8ce626c7a7

SHA512
89423a889e17981c802e58fc81f389296063e3a15983c4e165c34675729ac857a54be0dbc5c9bdf0eb917c0103f6c0502eae8363ca0e9f3ecd898f34f412550b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
28KB

MD5
d941188b9b59bef71f6e45581bf1e79a

SHA1
6e94b7ae29d6e57f671589dc705db04d54212521

SHA256
dc07053ec83b93bc1b877fea01a9117493077e7107bfde0441b53e523d34443e

SHA512
e74cfddad66b90aeaa2c0ba905ce05c30f7dc23eb18c69edc13cfe083f1d12db336acceff22715650a5959718bc723790b0dde4deda698d74850bc25c1426de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\31d839ee39179532_0

Filesize
13KB

MD5
629bded2b473f821b35a0aed19a998c4

SHA1
f830141ecb24cf8d66725c7d7c3849e1c6935bab

SHA256
7f6e6c6db92c5c9f5d8fbc72ae191b089e95f8a368a6e5233c28bd57e95df129

SHA512
a88890dbfee05e21a7b859de827c19fa4db3ddfe5b4c34cc9fd1f4a819f26c8897e09ebb0ebfd1045e8b3d89078aeee11d0c6d8ecad49d93c7549e83ce93f860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34ef9261e729a601_0

Filesize
157KB

MD5
45bc0fe2ca8b2a455e3eb591f23cac69

SHA1
115d6986164139b99d4721f9192d75f9b23964fb

SHA256
2d63c3f082e8bfd1f0d386eb9c130b36931667c672a0af427ea6aebdc0262a58

SHA512
42eb5de0da0ce5aba7c23c99753698ff9c4b0844657ca37157f509db91b08e2faaa657be348452eaa4b523a71e7a789c054833b6737b89e965b0cbaca4188102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5389970451e10557_0

Filesize
325KB

MD5
b47a80109c02f16af04517a6bb5f2caf

SHA1
0600f9808204112fc55a058f26f79a6aa5c4e536

SHA256
79da45f4a568e88f64f5e7f2a97dd18781cbb141e8ca6a570407a5309684b25c

SHA512
fba11385a334fbc98e6c3d63f3e01adc0bddd99959167e62ab82580effb9329e10caabc5cd6a18474400fe3164327d6f2c5bc6a06d5d35cd65476491d7eacdd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5bfeb8e62699b993_0

Filesize
19KB

MD5
934382b14c408812bb8f5c9b563128e8

SHA1
69fa784393e06788b9ec40f5781e37fe2ac7d8a4

SHA256
2226810f543eca6e678f7a022b5ac5f0bcd067e22d899dfa9ca5323c4c4168c8

SHA512
4eec1abe80bde58b003969b0b1d38e57517315bb5f009034da47b30c7ab54877b3319ab1d7dde60923dfa8f9f750faa09642b98f3f6ce59ad461052dc376176d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7dba171c3e1f9e86_0

Filesize
279B

MD5
e260f7f196c45840ed0eabcd80a96d6a

SHA1
f83132f6c24fb10f17cca20821b4d2b50654fdd1

SHA256
ec8ec8bf504a18fcd957963b52ffe6360e868808492de2518f947cd901da2b77

SHA512
edcc7b95798828f54aeae15f6d659c3573af3a86bafb5a3b5586107bfe39b4c3adf7c91d78d2f4a8510e5959c78cf087c73ed430ca8d395bbb43c8b254a3b340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\914848880c877f54_0

Filesize
277B

MD5
9e58d770ee7a0e60149088fbd3e843ea

SHA1
dcde5a239ecee9342df9aced05b420b1845299d9

SHA256
855fd878bd6dc088e1df2ef908cbe3ce153f6a4d27d59bd612058f5da21760b4

SHA512
dc64acc7cf52edb6465c1155ea482aa8ecc268a07fe5f98a4f761309b074d72582c92d826ee8bedeb21c7a235d3b25a4970f3ac18dc4b4c42f6db716ad5cf429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b63238ba0d003c3e_0

Filesize
269B

MD5
283e8f7fec6a094e51d7500e869e0b21

SHA1
fbf2e6fe72b9e79e5c85e6dbe9033f491c4bb04f

SHA256
afdf6b52094ef6387d7dd913f91c73eb44c525b052285b154e0d3480ad78cd2c

SHA512
38f7f16786e103ade0180337ba62b36b9c06ef06d01ca0a072e7fee1ebd1a0e50831ad82e14e5c474fef6e06844fab3abdacba124905be1d449693d861e2e788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba06aca39d38fd5a_0

Filesize
52KB

MD5
311c3d1bec6fc98d6e166dc8f1a4cee3

SHA1
5f87d8d0dce76c2b1df296fb64a7019802c176bc

SHA256
5edc6757d9e72990aaa78a93aea755eb4d967b9d2a60759bc69710ec16393a5d

SHA512
13f68d6f09669126fbea59020789c109ee06127aeaed30fbe82bca54933d8e9193db95c7956347525ec28d527a97e936cff6956a0e651b34b51f0383b1dc6716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3694e2990adac68_0

Filesize
274B

MD5
47c5ca600e51453c083eb44377692a12

SHA1
f26f973dfe45a2f45be7b89c9de4ffed0537e5ce

SHA256
c5f8dbc523125b721b0b10b23a2fc37a26088c63e5bbb7aa136f9557e25df4da

SHA512
b5c88da7304fbcb0e1d40ba2a71369650672022a240c80e90f72b84563a307f9231def360ce88c5451dc84edcd7f61bdf58fecd641c3017b3ecf072de0fd697f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a610e8b3acbc0f861f44619371f265aa

SHA1
57cfb72329b99806fed51776d7b8fa29c2635a68

SHA256
dd9016b16be00a9359a19822cfd66fcb64aa2d3f77c64191db8338739d98111b

SHA512
125a7b275266fdae8daa1ec20b48ff9ef1c963562bbd656ddeaff32c680a91ce6af91f7296d93ee208e0000c0d595793c0f44486f0f00306c87e4ebc551a8095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
9c9d08f6e59c22dd706840b5755ffad9

SHA1
2f4750b0de65d64d4358f66c3b40b0817e9f8c51

SHA256
2448aa41729a40b191370f7144d8f2b00d11169add29c0fa2a20abf9a809e3ba

SHA512
e899afb2f50e2a677e75a8279f177f6c7113c032ecf14b0bf90e6976c41bb91594b620f61c7d843ee7a178f45e891aa7f51c6de6c6710f0fb9c497b01ddce8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa1596154583f6e7072cff02f2176f11

SHA1
92885266bd342ec559b069f61d7c71ea7e110916

SHA256
aa84b732f0058ed1b8d699c77cd45f66cf22e3b6caa3d2a50250ffadac879e6b

SHA512
55a0fb8486c414eb09eb5f32163f67f98f027bf1ad1eb6bc4078b1c45e0ba1691fdd2ad83ae1b4cb824483afe9d5b4741a74d339f08d38107bcec71b64b056b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d59baadab4cf00cf7e8b21e6171a5ea

SHA1
e2d5433b09aaeaffbb96fa49eaee287e8eba6bd5

SHA256
4fef46439a24b1cca71e6b0128b80cecaecc055ab991468c3479cb5817640d21

SHA512
92b3360582b7c91834109fab273c21482d273a0c563e9ef48234329e0442a0839030c70b4d831273bad9a4f15c08b70e1099a794858a5b224e852646fa537cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40536fccd6a48ec3e2888d88360e941e

SHA1
9da082efc10c77c7228badf6ddd8c30182442677

SHA256
d72fbeeff66f38f905fe55a7018f68fedac4b755061eda6f3cd62060f8c8c23f

SHA512
f61d53366057e53a6dfa78fd348c51924cb32c0909185207aa11c781371eb915543dc77bc29a1596624863a3c9951e0f128281ddf2406521f6e721d298feb716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e27e136b80b8a47c5e9d4b0f9e37b7d9

SHA1
5e660e6f4c4e52262806e610678d5897569b5edc

SHA256
4248afdefbe904107a5a80c7212f1cb73d058e73df5fef694eb9b97bf6edccd5

SHA512
6d7990324a19cf9ccb26bf75956b5b14f3c1f2920225820ea12a735c67283cf26357382154e90a99d6ff485b5a68cff42859399c8cada5bed503a307dd8ca22a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae33bbda486fa18e5a7b67d68f8bcd75

SHA1
54bba226e6b0487dc99df85dd2ba441af95bcff1

SHA256
37a426ac532b395025e0105d4f94cc5114da2361bfe9e031b4e4c03270dd85dd

SHA512
03e5f5009829a80681b49a742fa1da965c7dd092760ba6c6c5e873ea4296f326fa804a8a5da37c3a550ac5f79fe66b1db3dfb251c7cda4246f463dcfd5359847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16688867250558ea3e2017839351d7e7

SHA1
c5953fed59810bb19e7ae02364015ea26ceb9929

SHA256
535a57e97468d2ffeec5246532a5d23524770954e65191522686341d22a7439c

SHA512
25290c678448aa3bd6fefaf136ec584c192ec44216ddb5b3f7cada925df98e92f6a65184b6850f8233b9054013c1697aab805cc27c63794bb3329eccf727fadf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
27e41be2334ae051fd7bd4c635dfa88c

SHA1
44028ae3e17529b33eb238f08395e38873fb0e9b

SHA256
3b31bdee68bcb48c5158a306c4c28b92dbe96bd1d5c035f9f4eccc8673aee7d1

SHA512
b05beacba8414ce7e413b6adafba06d09e05e9832a655ddd1a3c077d78c4d99c201e791c91ed5ba709b742acb041773ae70e05cafc2f644c77af307117dba91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d2556d499a0352dc8e13a30b768b8dca

SHA1
8eb8cf6e6d902631397a013af55e54752a802f48

SHA256
8e51430d75ecefd6fb1c2956795b30829f183dc7f083e417b100f2b50b2753ef

SHA512
d294d9e0c4df696063243df2f3ffbf6b61a8c4bbc6a77cec594a1925725c36e96b298a9c378c5a213a6f895cfd7036177368acc81fe3e352361e51b38feed79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
87e60cd414854fd658723f9e55c597f5

SHA1
cfd1f1bdc867eb521731d0ec66dfbd24ae2b1857

SHA256
991d99b2eb8763e299a1e56b814d49c0c056110308d27b5764aa423efa6d1d1b

SHA512
2bec495ef60d797fa490b3def88beed50266e818e70785a312122664c1c899c9aa3e0d0312d80ef2b33fec54e028f3501464120af1a82743107608c329b1acaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7a7bfe40b2b65220afd9e6b1ff1fd8cd

SHA1
62c2d7beaae5775516ab6bfad735c52c4be0c01a

SHA256
5e583be314aa84841f524fa3401b6d35f7a6d30d4665141826bb5cd0ecfaf571

SHA512
343ef38f78f045085ddf8b7e09dc80958eb590404283568519959d2c297f4131ee51a5508aa9070c26d7c0cfe1611ee9e33f28dfdf7616cd0c860b0ac8b8697b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
018e08412638de0ea0e1d31262eb9441

SHA1
6c5376d9f8b9cc0e72c0dec5e50492c67928d7b1

SHA256
a08a70e0aa3d429307f66101d83e6dab229bf6c17d674812bd4417ece73ac371

SHA512
0b753e085c29bd8eed3a0160a83746777b783afe2686283175fa271914c198e639f8cc76218051acd8df05b9c2ac71e5e9efbaf92b5b788296659b0a9adb19a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7beaf31dd6ea73a0db367e23199d0d96

SHA1
88f278a789ce233e831bcf8bdbe2f7a9fc0ff6c9

SHA256
1d226e6661c01a7828f29787e54f3593500f3f66bb24519c9321f937f2e20642

SHA512
0f68589a5d7febaadd839cfb5d165b18939daf5fca545174b85f6c90245fad0ddd6b25a3cc0fca36d2ee244c50c4bfcd78f189a4e70e46fa965654df4b2ca9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9086d150c781a90736309986a3b59f17

SHA1
7269a11200a647eba24ad93d94692c3006a352e3

SHA256
5f8e926785872e2ccac477b929e806c96ad526ba1a9f87749bd0d028e7dba7e3

SHA512
f3e4537b35eec56f8dd8a6452deead2072cc4874788f73ca58325b71b532e37c2892d52a797b016b90ac1778ee4bea7ad8e0582873763907992d12de4cd47908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d7d045a04ae6eb3fa7523db4f61d51de

SHA1
84a236a3dee33e75333e41f0239db3a220bea83b

SHA256
4c2d54e10f1c5ea831b9ebdd240daef2d09f2cfc3a576c6605693faac2f7c1b9

SHA512
821a98dad544e3b2a029f2a0221b44b518ba799402cdf14f61a992085c92693e2322ccf8e3fc7a8a9575920218f456dbb72b6cea4561d71093a0c9d42d42cbd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
284c3e4cbc0d07ac6b7a6024604bb20a

SHA1
ae00c823fbfe1d927ab883061c365ffcda6e4873

SHA256
d1d8c0c719b4e5b2e75648dca1dba83772a018e08b0049427c4f89f27238b0de

SHA512
bc3e46c679b751e2feab200ea6442ad0d30d276e9fb1b9fdcdc71c57d746b66119892615febcca7995bab7b8d977cce043bb15c22ffd913d99926935d4148991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7a52c003ea3131ca92e2406532dd7aa8

SHA1
91530b0b77655f8261eb1c6508d5ad2cfd73eb23

SHA256
e3e549d382b5c77947d7ba4eb94298e6359ff521db799646aadff198a944f238

SHA512
7d69ee9655bf8b412fa62b2a48b9312808f0d9e96d9a2e69aeb65d48b0c6f2c22f0c66ce3296b7e82675804afc129c8d9d81cb8f90a7d00d472f0acf1a267d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
816ce196893af33b13320c7faa749bb2

SHA1
ae9efef4500ed2b7d7cc0f4ca5e9313f9cd3f9f2

SHA256
33ed3cb34c6a78661d064d398b6fc1da272e6b911af3c41a6cd8f5ddc9c3052a

SHA512
e114c3635325f086de00e188c3201451db8021bcc5a16b3877014e09d379c8ba16199cec9fca5f89f1ae52c4296e960d722c43b9287016ad828665db4181d0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f68f34ec7582759d69cac77faed4f196

SHA1
f61cc3a232e5fb1e6d8431548039a803b0c7cd8d

SHA256
51e105ab2470ca87569382d21be4aeef91c844eec65eb6e22b9854f7ff79dbd5

SHA512
1a307019dadf4a23d1d06db535d4fc3f2480199233423b4fd4f9a0759a31ce13ac4aedb8220bea9e0a1ddbf7007e7cd3fafacfdfc6bb79d6faa81b71d4f26807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d029fdae85bface76d1c0fad4776553

SHA1
e275741fb18ad9cf8165208ce8b5a635783a9290

SHA256
5efdfb74a977021d5ae08f079fce7166acf4e9995b15fbe9325c8022edc688ce

SHA512
b952881e65a7f3adcab65205a09da43eacba537dc61751f041115d31a414ce39b51d37417292e7e7c15a9ca512c149c9ece156b9aeacb95a01e62a24848be4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0e8c948d57810b5eea021b2dd9ec4ca

SHA1
c3234df8edbfd3b1cb5fac958d2967e6973dd1dd

SHA256
f920a68455aac04fa84dcbd821f17084b03e21d2da21cdcd91ef57d29243c7e7

SHA512
0bbca060d10d3d7e6c71a1e8f0acb64fedba49d8bf7aa7bd7e905b0dfb5ae6d05e5b8c035b8eafd761863ede23fa821e26d2efebb34d46ac7e370c4b26aa8ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ead39288af3ced8695c2c289a6e5b7b8

SHA1
083e6f4923a519a0387c4a64ea29166117feac7f

SHA256
b04fc001d186cd448dcfeaccde93c1f4715e42e57b63837d9ab6756f249b2e15

SHA512
28573769b65469c5a0226f8941ada41bafbfd14aaa1495d1c094a9a15560ca484a3e56e9b6eb8d1609ef1d3954b9c2317ede60ef0d056cea41801ecf413e2a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b7df13131ea34800911a2f647776556

SHA1
489cc715b8f2423ebde630871626c29fb8728972

SHA256
6f8ce3eef03a6c1135719a26cf8b51e1afe0dac6a0c42ef499ea03a9f0ff64d4

SHA512
ef6c2d84af92c21f4219752b11c3ef37ce36a0dfa0cd92bdae8fbd6cfc8054d11a8e981f722572fba72cdca5980b19f4adb3cb6c7eb6eb5d8857262535773294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae31f2fd036626dae0cd40dd5197501a

SHA1
133b18a674f8c1b12149d4be119fd2256919694e

SHA256
f9bb4d8a779cec35d73c15580627051e2a544a04e7f0363f212eef6a93951188

SHA512
cb3f65d18d15028898defaa7045aa0603f31047f24d201ef820aec32ed1b90a1bb80fb172a7ba436af7fe546d2dec1f66d17eea0415424dcff6fe22eafa31386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d335f0bed138ae0635dfe644e86ffe3d

SHA1
bdd830aabb84a07b9bdc422f74209ff840aa1ba5

SHA256
a8ca26126c3362dc098cc9532e0011bb52284f3f041315f7d50634494873cd95

SHA512
e86f97c501dd3c7a0cab115362caf975082a724b50ea18aa5f835d653546059aa1fd4db8cd302c8240aed69843b7d60dd5f9c01d9b7d6d0dbe766e4d10c11575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aae0dcc0f4aba8c641eb629d4aea59eb

SHA1
6a52ec3042c941d5e215eb584844b046f5bcbb9d

SHA256
89cfbd44f2ac4d99821755f01699bcdfa1d755dd74d8db9d34de42f550a7880c

SHA512
f90b134ae76f2f0968ef068c3661ecf6d6612d2d4ff349abe45bf9a393d77e06efb387d4e765bdb4aa19e967cc6267ec5ae27788d5085140be9860b864237e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e97ceb09b79e2706f4eff0d539e4daf

SHA1
b37c197ff1c92109609e51b3639524a1b0477413

SHA256
276f969d1f96e687b10e2711bdce3ce7af2456da9448f6c574fa8e3b08bc6d00

SHA512
ba924bbfa94ff1252d7dcd5af10c8901bec964975607c4f41044342a588e5c447e7149d06154835bdf4addcd5f8d99f5e30625ad01f780472534ca120441be5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c20cde4db6f944f99a3473681a8d937

SHA1
a6c4145295e5931cdf44773fa59e0ab3fcb70a77

SHA256
cfe396dea9510990d42a6cdf7cd09c76ce2224b15502b0371f7e933c4cd03b25

SHA512
db60627a791725812470a7ded25812bf6c0618e3917b93f05567769a9d5294190892a8ad250936625d698d138c625ced5bab7078be2d960eb258f3169edd31fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
670d1068779bfd4397597ef2f3b6f175

SHA1
a9e0f1df6e53fdde9bf3d85eeb3b49afc9ca4cf8

SHA256
37a85e90220577a1598e22ffcea2cebf1dfb01b718af9069fcd5dfa1578126cc

SHA512
de8951d550bf8e663228abc1333476094b4116571567106edf8f20d4ecf845c6913b086f0340e5358dd8fd4b61043f321d52389f9f894e12627f261a009b9648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87f27a0be052c4bf0586cd8f6f10f55d

SHA1
5f6aa4dfc8033bd7d51efdc7cc23ab630d61e035

SHA256
b24d83441898a78224d22d42ae1c431ac66cc0b0c9c85ddce5d982c2d5452f42

SHA512
52ed4d760daa646868c7c519d16f345a5b8cc9a8371a1e5fb81459a1c9a7d3b8c2d820bd29989142a823dafabc8759305065e472b586b1e381ea9ba00f17a519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec64a11c78d7f018f9a573c20577f55c

SHA1
c4d3aaf9040b700ca7ec36244b4875bd816cb9bf

SHA256
fe6c998697278cfbcaae0bd5ba6e87be37d5a96e08f47ac630aa3f8a8d0a0e2f

SHA512
3a7e07dcc78c764e0a165588e6466cbcfb996de941d50a70b7d8e659873f2ef4b10a30c13bfd4afa6469e120ddffe4d17dbf418ce50cefe960d0e607901c7be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a98c7592cf024d7b37693be4b3761cb

SHA1
b6382ffb17cc62c61ed5e7840ed5c42dd265d23e

SHA256
519bd03f5c5d7ac5bd85ee15d169b85b3a6aeec74d4844788e2579662dcd3545

SHA512
714a52453a6f2ef6443fb8df5fa4d00062e5e830a379006ca366d67ac810fc2764d6c6eb6826623cbcb072c3dd367ec7f22b9c9c19f76455b436e9462cb6562a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ad9959aa212f6cd7fa300e656f4bd11

SHA1
d3afb3bbc8d4cba352f1b1acaf3051c21251a295

SHA256
8104c92b2d4b3cd1034fd01d86d695c2ca368e02e44b9f4647f54ed4624949e9

SHA512
ab1d86e7e2a4c2853d2ca7ce9f7d6df876042da0d08478903e58e9d9654a47ce9d917ffa8fbb71ed0c19b486b106c49d9089289a3d954890d3b77f8ce7d84bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e64dfd0cda7810e434bc2716ae084d4c

SHA1
4161accf4a0132e7d84c6022a6c313cd4e7596c4

SHA256
0b4ded14b53b21e10549a061fff91118ed52f1f603309508ec5f2170d2ef3d1e

SHA512
9b929dcd6a626a72134aeac75ed11b99052ed5ddc0267424b36a8b77391b7be78ee35b09b5e9c3994590906bde888787277c39ca5719edbb242d96c1a68c3fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3916dcf41f9133236ae28c106196fd0

SHA1
0904a06aae79c4209ccc71f21ce150f6b511ab0c

SHA256
218f6f6a653221d6926483b348cd0c1a81d84c047dacf6fca4a6132dffcf2a7e

SHA512
f3026634f5f38ccf1b4e4a1882d71a330768b85f32b0a80ef31f4f963f491d94aa6c417f047ef781d5981e1c9f8ecea57e84c91a62d449be580e7a79998090c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1f3c6f4007fb5f02860bf57ad954ee3

SHA1
e70af04dd841efc123b5f31d16fad36dc8ea2efc

SHA256
d42a66ada3ad21ff720ea204551c173d509d4d83a702b40516986a447847003a

SHA512
d69baec1c394bd3c6316a2b543a984743ace56329ffcb82edee63c1e009a29d309de4a6f13ad7433fc981b69cd49c7d72b2008571877b374616fb5e273c8900c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
060f1c6ca6a0226232eeda09f5200ad3

SHA1
072f74b94207c067301f737c87219b74806133a9

SHA256
78abbd281f629fe4de14ad63abefb08042a6a78f34eedb9a363afd75a61f3662

SHA512
9b668fc2e9570b47b9477a8c6dbb3c25c43d9a8a58cbc5b53b0afe778aca57743d8a8c4bcc553ef9488c9847b51fef352b46e531ee3ce68003c9f5823e8a471b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
133558d777c40bdf48957db01c7e7056

SHA1
b134c50d54e8284ad7300dbee9fe6629db2ae668

SHA256
a51187c717bea7b9c1ed91b436794cb3597e5f50ba5b7ebb6431cc0691277fc8

SHA512
779b8c7a6691bf7eb3e0e9ce14f75c84525d78f8ece7c4046014897ebcaeeff7030ff5b6509c98ce954a5a5826ceafddee8d4f00228dacda3393990cede71986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcd089018fd7cc8fb4cc614223e69aca

SHA1
b99b4528b7eaff2af4657a030722dad2c480a079

SHA256
f199b84ca60799d8dc0af8375da8d7640177ba0790049f64c316628c57de2da8

SHA512
003fc47de2a054b376054f9f406069046e91b2721c587dd84a5bf5ce131d9d717c58073ed1f071fe94af7719980dfb2e4f661cbb1998ac810296d53d947d4166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
4f82c557133439ad256510511c235804

SHA1
0054dc476e2e82518fda12a22c04c211306e9eb6

SHA256
9d6e1916d28bc13e8490d1bfda47af6f0f48b9e4676bbb3d759ac50932c610ec

SHA512
145bebcd444e7a1c24c93192cd13542f017760b656c05be61f8832601fd0725ac019876f394c309ac8f3f1aa41ecff219f7acd7b0ffd25cd5c00d179c4a89d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
42c318011f74942093a3afd2383bbfb0

SHA1
bfd9814e972a74b0620fdcd42b8db14b06cc7e88

SHA256
c239646da8d7d89d3da43c41edbd262129714272367e76ab27efbe5524dc6c2e

SHA512
1f1757ca1ee370350dbb3ab47f996a6105e87b2041bb2672331c7f2a5c4f9b6780168614431b0d412fddc59e2d5e7891865402d0f61987534c8eb53d2d2aed03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
6d42b6da621e8df5674e26b799c8e2aa

SHA1
ab3ce1327ea1eeedb987ec823d5e0cb146bafa48

SHA256
5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c

SHA512
53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gtst2fff.vna.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe

Filesize
2.9MB

MD5
f227cdfd423b3cc03bb69c49babf4da3

SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441

SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

Download Submit
C:\Users\Admin\AppData\Roaming\vccxvcx.exe

Filesize
83KB

MD5
28a9e8bd96230d5e37a9d983e0d11829

SHA1
51a4b9c83190f93d5fdf79c249198c769004996a

SHA256
2701902dbe3784c3d870471b48386c7feae9e6b8b8d3bb34651fcba4cce46804

SHA512
cde6d10d1827245e11a1433ed58d127a107305159994d1f9f6fc0410ce526cef9fc3224ce3c524078144ac1100e10c99c50fa0e71d38be5dbb05946749511892

Download Submit
C:\Users\Admin\Downloads\cxzczx.rar

Filesize
2.8MB

MD5
c9064ffe9b394f27b867a2c6ce9213de

SHA1
4030b4562788de92c404e4c1f92c638751b150e5

SHA256
2457d338df47c16997d52ce9ae29ac10b32abb9608d73144945118136635ef3a

SHA512
abdaeed0cf430858360a3a28bac327325ce8cec9b3f2e10b602f5d307a438e7804762f96c06bac75a4b10b5e4fdabe95cc38713a6a936506cfc13b1be7b36eb8

Download Submit
C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe

Filesize
3.0MB

MD5
236791312535b31022f4fe8218518d37

SHA1
ec9f3b054d621949512d9137f9eeb0ef385915c9

SHA256
45f2ca2d8c9ab563b2067289a68d54cb2d23ed07a4bf2f910857b70955d20c59

SHA512
ed165e2dad95729c0790e779bfad4709a72587577133a607ecfe8870583bed73dd5c333ead7e0969c20160f8463c63636436f91653b2634764af71488b3aaaee

Download Submit
C:\Users\Admin\Downloads\cxzczx\CONFIG

Filesize
79B

MD5
0284fa0391784125ad3b12be8c92c6ae

SHA1
e4fe938288c6804d9c79947ad2e39939a595e9f3

SHA256
789075b8c810f2b63f86dd1f8b7be836178ac679a32f2cb2376e013bc78c68c0

SHA512
9dd8db4e0017ae906e7c4178a54ea16f03aaba4c17658ed96fc384d2cd51f44c6e514872ba5c7e5f43131eb4d25c063531291d70dfab4422260585742a37e235

Download Submit
memory/6176-302-0x0000020477FA0000-0x0000020477FB6000-memory.dmp

Filesize
88KB

Download
memory/6176-331-0x000002044EE70000-0x000002044EF22000-memory.dmp

Filesize
712KB

Download
memory/6176-298-0x0000020477F00000-0x0000020477F0A000-memory.dmp

Filesize
40KB

Download
memory/6176-297-0x0000020478DE0000-0x0000020478EE0000-memory.dmp

Filesize
1024KB

Download
memory/6176-300-0x0000020477F60000-0x0000020477F86000-memory.dmp

Filesize
152KB

Download
memory/6176-295-0x0000020477F20000-0x0000020477F58000-memory.dmp

Filesize
224KB

Download
memory/6176-303-0x0000020477FC0000-0x0000020477FCA000-memory.dmp

Filesize
40KB

Download
memory/6176-296-0x0000020477EF0000-0x0000020477EFE000-memory.dmp

Filesize
56KB

Download
memory/6176-304-0x0000020477F90000-0x0000020477F9A000-memory.dmp

Filesize
40KB

Download
memory/6176-294-0x0000020477AD0000-0x0000020477AD8000-memory.dmp

Filesize
32KB

Download
memory/6176-293-0x0000020473D00000-0x0000020473D10000-memory.dmp

Filesize
64KB

Download
memory/6176-339-0x0000020474020000-0x0000020474032000-memory.dmp

Filesize
72KB

Download
memory/6176-291-0x0000020471500000-0x00000204717E2000-memory.dmp

Filesize
2.9MB

Download
memory/6176-305-0x0000020478EE0000-0x0000020478EE8000-memory.dmp

Filesize
32KB

Download
memory/6176-306-0x0000020478EF0000-0x0000020478F0E000-memory.dmp

Filesize
120KB

Download
memory/6176-337-0x0000020473FB0000-0x0000020473FBA000-memory.dmp

Filesize
40KB

Download
memory/6176-301-0x0000020477F10000-0x0000020477F18000-memory.dmp

Filesize
32KB

Download
memory/6364-292-0x0000000000CE0000-0x0000000000CFC000-memory.dmp

Filesize
112KB

Download
memory/6548-568-0x00007FFFD6EC0000-0x00007FFFD6EC1000-memory.dmp

Filesize
4KB

Download
memory/6548-569-0x00007FFFD6ED0000-0x00007FFFD6ED1000-memory.dmp

Filesize
4KB

Download
memory/6560-489-0x00007FFFD6FF0000-0x00007FFFD6FF1000-memory.dmp

Filesize
4KB

Download
memory/7008-307-0x0000017235AC0000-0x0000017235AE2000-memory.dmp

Filesize
136KB

Download
memory/7048-403-0x0000014FF5490000-0x0000014FF5530000-memory.dmp

Filesize
640KB

Download
memory/7048-864-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-405-0x0000014FF8110000-0x0000014FF864C000-memory.dmp

Filesize
5.2MB

Download
memory/7048-1380-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-406-0x0000014FF7C90000-0x0000014FF7D4A000-memory.dmp

Filesize
744KB

Download
memory/7048-408-0x0000014FF7D50000-0x0000014FF7E02000-memory.dmp

Filesize
712KB

Download
memory/7048-1361-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1345-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-410-0x0000014FF72F0000-0x0000014FF7300000-memory.dmp

Filesize
64KB

Download
memory/7048-1335-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-414-0x0000014FF7F10000-0x0000014FF7FA0000-memory.dmp

Filesize
576KB

Download
memory/7048-1054-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1015-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-987-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-940-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-911-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-892-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-891-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-890-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-889-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-879-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1068-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-878-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-433-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1211-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-852-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-851-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1230-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1255-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1307-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-435-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1274-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-436-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-434-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7048-1293-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/7084-267-0x0000000000EC0000-0x00000000011BC000-memory.dmp

Filesize
3.0MB

Download
memory/7204-598-0x00007FFFD6FF0000-0x00007FFFD6FF1000-memory.dmp

Filesize
4KB

Download
memory/8068-1018-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1017-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1023-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1025-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1026-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1027-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1028-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1024-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1022-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download
memory/8068-1016-0x0000027AD9890000-0x0000027AD9891000-memory.dmp

Filesize
4KB

Download