xworm | hxxps://easyupload[.]io/lmab1o

Analysis

max time kernel
300s
max time network
301s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01/03/2025, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/lmab1o

Score

10^/10

xworm defense_evasion discovery execution motw phishing rat themida trojan

Malware Config

Extracted

Family

xworm

patients-fares.gl.at.ply.gg:7179

Attributes

Install_directory
%Temp%
install_file
dsec.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0007000000027f38-347.dat	family_xworm
behavioral2/memory/6036-358-0x0000000000320000-0x000000000033C000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
896	powershell.exe
2592	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000\Control Panel\International\Geo\Nation	Bootstraper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000\Control Panel\International\Geo\Nation	Bootstrapper_v2.2.exe

Executes dropped EXE 4 IoCs

pid	Process
5536	Bootstraper.exe
1540	Bootstrapper_v2.2.exe
6036	vccxvcx.exe
6560	Solara.exe

Loads dropped DLL 2 IoCs

pid	Process
6560	Solara.exe
6560	Solara.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/6560-529-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral2/memory/6560-530-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral2/memory/6560-531-0x0000000180000000-0x00000001810A0000-memory.dmp	themida
behavioral2/memory/6560-532-0x0000000180000000-0x00000001810A0000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
18	pastebin.com
712	pastebin.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
593	ip-api.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
386	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	1040	chrome.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
6560	Solara.exe

Drops file in Windows directory 30 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_714511706\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_656962031\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-FR	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-IT	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_714511706\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1026592967\crl-set	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_656962031\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1527520927\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\adblock_snippet.js	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-ES	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_656962031\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_656962031\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-NL	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-RU	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_714511706\protocols.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_656962031\crs.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1026592967\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-ZH	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1527520927\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1527520927\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1026592967\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Filtering Rules	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6340_1115439507\Part-DE	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853427110955447"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
896	powershell.exe
896	powershell.exe
896	powershell.exe
2592	powershell.exe
2592	powershell.exe
2592	powershell.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe
6560	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
6340	msedgewebview2.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
4824	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 3264	1256	chrome.exe	81
PID 1256 wrote to memory of 3264	1256	chrome.exe	81
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 4412	1256	chrome.exe	82
PID 1256 wrote to memory of 1040	1256	chrome.exe	83
PID 1256 wrote to memory of 1040	1256	chrome.exe	83
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84
PID 1256 wrote to memory of 5116	1256	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

cURL User-Agent 9 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	738	curl/8.9.1-DEV
HTTP User-Agent header	740	curl/8.9.1-DEV
HTTP User-Agent header	718	curl/8.9.1-DEV
HTTP User-Agent header	739	curl/8.9.1-DEV
HTTP User-Agent header	754	curl/8.9.1-DEV
HTTP User-Agent header	755	curl/8.9.1-DEV
HTTP User-Agent header	1080	curl/8.9.1-DEV
HTTP User-Agent header	734	curl/8.9.1-DEV
HTTP User-Agent header	737	curl/8.9.1-DEV

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/lmab1o
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff8b135cc40,0x7ff8b135cc4c,0x7ff8b135cc58
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4356,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5056,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4348,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5460,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5464,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5860,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5088,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5768,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5888,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6088,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6084,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6216,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6492,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6644,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6788,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6920,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7084,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7212,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7360,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7624,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7796,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7040,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8140,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8132,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8284,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8428,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8720,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8836,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9012,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9172,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9160,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9292 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9428,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9448,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9580 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9708,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9736 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9852,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9568 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9412,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8880 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8652,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9508,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9524,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9496 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6036,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9644,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9820,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8076,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=5996,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9784,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5468,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9792 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7532,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9660,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9576 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6104,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=5896,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=5588,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9324 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10096,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8892,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=10380,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:7192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=8952,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=10232 /prefetch:8
  2⤵
  PID:7364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=10052,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:8120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=10384,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10076,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8924 /prefetch:1
  2⤵
  PID:8136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=8872,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7604,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=10652 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=10848,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=10844,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9324 /prefetch:1
  2⤵
  PID:7392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=10860,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=9036 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=10952,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=11020,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=11000,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=11204,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=11128 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=9648,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=11168 /prefetch:1
  2⤵
  PID:7888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=10020,i,2936392293497837151,1526849681925901096,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:7236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3220

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\cxzczx\" -ad -an -ai#7zMap5224:74:7zEvent8656
1⤵
- Suspicious use of FindShellTrayWindow
PID:4824

C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe
"C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5536
- C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe
  "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1540
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:896
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2592
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\AppData\Roaming" --bootstrapperExe "C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:6560
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=6560.6880.9845788940046352960
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:6340
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ff89172b078,0x7ff89172b084,0x7ff89172b090
        5⤵
        
        PID:6388
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1872,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=1832 /prefetch:2
        5⤵
        
        PID:6648
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1992,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
        5⤵
        
        PID:6668
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2408,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:8
        5⤵
        
        PID:6792
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3620,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:1
        5⤵
        
        PID:5820
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=3952,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:8
        5⤵
        
        PID:7308
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4404,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8
        5⤵
        
        PID:6412
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=812,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8
        5⤵
        
        PID:8036
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4768,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8
        5⤵
        
        PID:7956
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4724,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
        5⤵
        
        PID:7764
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=4532,i,14870642825010040556,3930173240939002065,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:8
        5⤵
        
        PID:6296
- C:\Users\Admin\AppData\Roaming\vccxvcx.exe
  "C:\Users\Admin\AppData\Roaming\vccxvcx.exe"
  2⤵
  - Executes dropped EXE
  PID:6036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
ad986dbab5aa4b9327ee642aa40d1408

SHA1
5f6e3b55e8d36612fe728357cdd380c3f922f893

SHA256
c080b5422e32b61ee2cd0f94c4e0513419472a15a133f82aae141f329706f321

SHA512
941e248dc75888ce7d0f5a8173637303008da4c40069cbdf19132a9fe88653be1a6b4172dae771ac893ba4403b6c684a2e29f6adc3e36cdeca3a62a8b49c2bad

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d6ba7f9798e4512e4fa90b28c5c074e7

SHA1
12724a5b30174eb32a118766c83c6080588386b4

SHA256
c308c3552d077fd5face4ce2d90b7241074d0244fcd76d45b1fce54f5ee9ac15

SHA512
1f2633423f35be12df8ab1c23a69f4cf00b349c4fb56082d428146673c25def190dd9c6ea8d3d951a77559d5d7c804040ee0712855e80fdc42f405352f7b401d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
c42194798ea62e4f24f60b333ad4047d

SHA1
c7e3d0da311e6fa0e8ff25689c446f844af48a0a

SHA256
ff8068e05acea393d3c530724f31c29b13ffc8ea049b68aaa5c5fddff87181d7

SHA512
12b63c8aac71dac470dced387ccad3303dd6ad002d5d1c9c7126c9143c271dd2e89a9ebd7f18181d2903976c7345ebf33d019feb39f57a6a1ca7060eece6f736

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe5a065a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
e4d542d0a6fc62d5060aca95544daf98

SHA1
13dffc54acfcf0b60abaa4031aecc36b8c154f3b

SHA256
fb4d34217ecd285d872920f58a18550886fb45c38d9aa3bae9d981695466b8bc

SHA512
6cb57783096aa508e07a4fe00f0d587111927c76460fbdd9901f6a31d4a30ba9437574cf3ac97e31ed87f5d03d7a21275855ee2cf7cf93f03597fcd8ba358589

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe598fc3.TMP

Filesize
6KB

MD5
7b35f7820a3bc68fe7dbafa8d52feb31

SHA1
7d54a5715892f44d57c8a6b6a29e020db3dfedf1

SHA256
ad96dac70483b066371d4a7baa4a23281698aa87f62ac69f7ffb629bbacb6df9

SHA512
b133c918bf97ac1cc2923b6317265be8b388fc14429d8cd274b26b130e9c69b33ed5739aeb134c16a8554212d58ea2299d81e060137ead1d9d3e88d18208cd13

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
93905c81c2622fb447310ca975d06fbb

SHA1
7f190655e2c453d94a0dc2d9495bec6d8bb8d47a

SHA256
82bea67ffdb5af07c8bb143cf2c1990bc24f8d636611b9eb29c8120eb3aeb83e

SHA512
50c206dc7205bc5e3fd33505c169d22ace1092c768753735f39d4b048416ca2a72e836b963a46f827ec2b7a9c16f8fd33fe796d860e4b8a5c6d37e6b702ec06a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
4fc50d836babe06154f7d430997827a0

SHA1
fefda5ed9411362d771f9b2bf320d2739e72f9db

SHA256
a8c86870801a5763f7d95c19b28c236aadedf817bdd8bd9e8d7c614010469c97

SHA512
7d7e36bc4fe975335031f8c7ddd7131fccdcc730332fd6323921ee9eee5fb4716bff606782be00f158104323a45e1b72d19a16823bbcf33dd138188c6802572b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
5d28cc29011804064067025a39eca55e

SHA1
66c0354f57db592df8ce38d70a5e4918f542443b

SHA256
671982644cc423b61c507746209cd4c9823975d45576ea7101084b6082893c19

SHA512
d1fb799d258595b52612b7bc84a3f4b9637b9040ed13d869b120b9fe184d8ce7014aad150c474e7dee5ab4ba46fa5b00772beb55b7a38c61a18beccfbeb93d07

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
9d94649ba8ce5b6b9edb04c0ef756b22

SHA1
77963414958b18d2e7099ef3e9d887b8676c265a

SHA256
87f85e492fa232d9a4fac20d6f409e3be274cb9496c9c2a03b4b673661863a8b

SHA512
74f4c8ab65b52622cb0cc48a9baffa379cb5f71bb6638daacdd685e48b19e91b905bf88f42714049b2454fc04bcb0136e24373c2493c48c9bf7e67a7f898c413

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe58f2d7.TMP

Filesize
1KB

MD5
6d1ddc0256172e285b99130510bb639d

SHA1
df08809915227c10be114895ea637dd5d72fd5df

SHA256
174bb6dc699a631bca6759f3ee087a9340ce7bdf2d9aa6f9497373238922c5c5

SHA512
1ff7552669674a4c82938684644f87607a6aac21da2d3d618957dc9ca4356cbd4d0d95e8391cec15a3fe396cf7e1bd1fd75e0ae325299483ea5409133ef02d28

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ddcd7df66675cea1ffdd8a3e7089799b

SHA1
59e3ccfbace636373a10f58d048b12a76de6585f

SHA256
8ae768cd3f1cea948473d3f6fd43b30cda75e18d3ddd2c42ecd9815af57a119f

SHA512
ed0d623bd993c6a93f3f47d1af0aeae0243f55c4505f6f4724abac76818710aea3d5ca3c45519245fe5972752d3327c22f2ec27eb7209c60fdc9d196813b53d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
20KB

MD5
4e3d7597d9fe391ec85981482487e366

SHA1
af973d6c6839979865f5e07ea63bfc7e3d7cb9b7

SHA256
fcbed11971ea7eee8ea97b4d3e6b5a927e276c0e976359e6b5b44e255123a116

SHA512
0261100d00f91115ebc548e2145482c9cef57f3939dff61cfee6b25550c61c8dba2e50d43f1aece6203595b789437e62940157bcf9fa74e80fce6d782de02ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
28KB

MD5
d941188b9b59bef71f6e45581bf1e79a

SHA1
6e94b7ae29d6e57f671589dc705db04d54212521

SHA256
dc07053ec83b93bc1b877fea01a9117493077e7107bfde0441b53e523d34443e

SHA512
e74cfddad66b90aeaa2c0ba905ce05c30f7dc23eb18c69edc13cfe083f1d12db336acceff22715650a5959718bc723790b0dde4deda698d74850bc25c1426de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
54KB

MD5
4b7ecd257f0e110a4ad582d7d38f4d23

SHA1
2a5bb98230d640c8e18608d9b03771ee9f57a9d9

SHA256
95877c4adbf174b9122e8786e74e4c80a484c4da396fd74d65f5ac8ce626c7a7

SHA512
89423a889e17981c802e58fc81f389296063e3a15983c4e165c34675729ac857a54be0dbc5c9bdf0eb917c0103f6c0502eae8363ca0e9f3ecd898f34f412550b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
66KB

MD5
ca4f4e170ed0e43acbf5e5e51407f8d2

SHA1
b129f1725caf9f5e733e9f4897e4acf2da9884cc

SHA256
5e0cd9df546e1438280a2326f4508b2e20a290ccf18258cd7d5192213f19fda5

SHA512
58c8d4dd1cf792d9c64e529ad47c06d6e29762aa76e5624654f63bd7accd45efe54f78c9591dae9403ffeb77783ae7ead09a84798653ab79906905dfac46f2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
21KB

MD5
d673419ade77a99804771e1e80ab8d41

SHA1
01e529fa18c95e5b200dc3e277950947050af176

SHA256
a10924d3805153e240028c064fd13c1f010795ed65a9cad9d1cd6e77bde1b6a8

SHA512
51c45053be15b56ff1bdd30105badab9aa8200ee658b300c833adcd110fbc9de38052914aae141c3397acb9045a6e42c0695c088609d21ee4f186776b9a360c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0787215a7f155b85_0

Filesize
157KB

MD5
9a9d1af726d8955b5199926ed8f471e1

SHA1
20a34e4921a147bdde0202963539e5c89192887d

SHA256
15ead2a90b52a165e26aa60e0ee6af381d5d9268688552b22c67f9ce94ebbb5d

SHA512
957617928db216067f37478802d0fb20c584f6f2e852a1ed3b77b5204d3b70a6085a8d64ad519b738da0298b7480327aa4d33496c42b20b59ad640b66c9bc0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\31d839ee39179532_0

Filesize
13KB

MD5
64f3af0f3492cb433cf8a578a773271b

SHA1
1efbb84cdd36befaf82a7c80ddc4ae8213d7b5b0

SHA256
504830affd91ad0020cfe3b6975027982b1644e2d203855e0230c8a7fb0a307c

SHA512
8cf64d01b1144a46840b9c7bd9c45fbc314c37c69f18300bbc7a7400c7818d4317cc6b148c39f4417697f9d72eed735b6c2d1fa78636469332f5506ac3c7ef4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7dba171c3e1f9e86_0

Filesize
279B

MD5
cb2a9baf65626a48aff6cdf7ae4e504a

SHA1
83d68d98e20f77db22c87d934ee3ef7bdd498077

SHA256
2836e1abe85b77a08397c637ac8141e28519a6486d7c0f947d47ac73219e4033

SHA512
6f3325926c9e635147f93d6eb4a306cb00884a69da3fbe1b8d5d5772b2f4b5cd67b406c8960fd03c243720f9ef2f5aa4b42dbec4b9be32d64639f50fb6620ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83c6146ef290520c_0

Filesize
19KB

MD5
34fb9617f6fbadd6adcf299991fc0f50

SHA1
a87783326e9018b46fa9e8760a58771064046785

SHA256
b8d680168ceaff8ad92ea150d78a794a7b78eeb311bec75ee25ea0a23cc9b199

SHA512
a081ffdf9aae43067a1fce0a78edd182cd7d6d79bd6b141e2bbfd02bb4cd4c4ee488844946f61918d556c9ef867f5b3758f4be0f65e789ee6d55d467939e1d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\914848880c877f54_0

Filesize
277B

MD5
7e4a18a1c253baa218ba804aa2abc60a

SHA1
90cbaf631f8d65d75af731ee714aac6de4fe3204

SHA256
4eb6df62bfc36d1290eaae7014e2f79731b005d5cb7bcf66fd96e7f1ac777702

SHA512
567a3b0e1001efaa639a2abbff45bf7ede2a7d8855a94129d99c0e132f3fa9e383f39eee0573711609a2dd5ce3a2877a3f79c5c74e4f2838e83da985a745a2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b63238ba0d003c3e_0

Filesize
269B

MD5
9b141aff77a7a1ac204ed74c805223ec

SHA1
ded08c9bd89a7977f2e2ab0b9eb8b03c7ad0da90

SHA256
3c45cba0b4d1a810760ab5fc033d0863144f3f5d67cfe52c35bcbe0f29814983

SHA512
5bb03e04f95a564031789606ca4078c7a9c7559168ae207ebe7de3812c23a1461eb508c2514789b2d34ab9eb443711d95e3fa2f772d6de4598bfaf7f43579327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c1d6745767f54197_0

Filesize
325KB

MD5
2100756a18c1f919b25307bc73c55487

SHA1
deccba40cf860067cddcd2058cce9ec5c2bac5e4

SHA256
f0d346f8c8838fecee58ae82abb458b89cd2680616dc36c24660cfdf8d5003e5

SHA512
25b90723b4ba6ea782bc4a2e358ab0974bf94dc1a11f810ca3433ded26bbc64e93c3d21199d050972ebd5f1a1c18509551f012c8c4975e9512658a6990d848ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3694e2990adac68_0

Filesize
274B

MD5
ebccfd1a50b0f36c85831e6122e4d06f

SHA1
b5446e7507016ca9e7f74ebdc93de1c1263f73d0

SHA256
ece3bd3397c668412c8b972656d82013f21287b9c26186ceff55e61204de93c0

SHA512
8ab896252fd8eb7aaf06b012d05ffc152cb1c6b806d11b2fac3b40a02cdce415d74894822ba4738adadbde617c8c208981ecd9d5600464caf4f7384983bb1f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e34ce29a8e32e098_0

Filesize
52KB

MD5
d6028bddda3e577b84140cc91eb10faa

SHA1
dcc718e1790cf88be7458ece13d087528efea64f

SHA256
d3390fd486e72dde92a437bd06beb1aed9a81d9b66261d07e0507e6bf2f52e3e

SHA512
24e6fd62a7ae16676ffbc9701a1a6de1e5a5c4e2abb4cd9158c4fe87e3053dec3fbaf2590fe86f10ca2f4138c417a03b80cb7f161b0dc6439a9985c38b51ea3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f568af0c602e699b65c7eae3a04e86ae

SHA1
01fa746936bde3a9ce70c2ff3e24e716ead9239a

SHA256
1e01289506f3fa6e7905cdd3ec8d299dd34186cc75868b0aba36832de9a23b80

SHA512
4dd168973b9981f5daef36fc521611eee8cc930572842ad9ba375933643ce9987c6be323d818e183a181cbe4103433f950733706b8887dedb8a2f77e2ec6c71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
867e0e9ed238e0c72c63a7330a20c8b8

SHA1
e0d05658c903981d7e68cb88e72ef7e458dd1301

SHA256
8b6ba15282b8732af0951c81611bb77811ed942b2cdeea1d6c1aa4243d159b1f

SHA512
ec8fa434e3599453ff20f3c9f03d0731f670e0fe6835e114efb3ea5acbc9a96f9e49421c0b6ef6d694688dc7b2f1033fd6c3e4e50b1a45b440ffd105d2613225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
20097899b7ad6b9379842b2d8bf07cf2

SHA1
4636cc040800abf6d1c8ccedcf39cb9381a54e5b

SHA256
ca3aa2708b5d3a14d75fb8a3c2d43ece1e1f4952cd7c3c097775517092dfa1de

SHA512
eb0dcdca4abc9f54600dce992a3ef868d5f1e2c601efb1eff0c1d2e94f647cb9fc2c358ccaa2d592fb41a61e63c5812dc573030187215448ed9dfcb1d2ce1a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fc80e6c03091b43281948eb581e61a3c

SHA1
c9c0fe1815ab7fc6005371fc0d95ead6e0211228

SHA256
225ac8d928949ed5f8a105039a06e8747a956ad08ff68495f6bf206ed6a9207a

SHA512
38e358026ddad3e5aff7b57366d6ed1eda69cc3ed86d6ea6132d3a518d294c13e9ad958866c8a79ac1098aabf6b6fb59542f77ae3f4474fc35eabffa8b62c9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
59de14ce0ad6c9f97a87a2cdeaabccb3

SHA1
c77ad415c4cd527978dea66b09c40eae06fdf325

SHA256
649f33feb2ce3af1429eaa1f97e897d8d6857530353637ccd379151513cc2019

SHA512
f3d3c221f4e935ceb5adfa7b0f3d052edb422cfc1b20e0d4766100a2550dda5e37741ca5e8855858ee63354d3c4cb622a4d961e0f243dc27dab8c485a2c53df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9e634cf637c7dee6f4958d657890ae91

SHA1
3edb7e44179876445118d943e32b6944ea65bbc9

SHA256
195b5727cb33297ae320dbe78b556b215fc0075215767c93f36d69d6fb00bd31

SHA512
0c0ce5c2b2634e950a6bc5731ebd366a7bbbf1a14503b3062f3bcd6197ba8671703bbc502558a32fb67f1367e4ea2ec2830d6ce6e22f2f96c9543d8ab928b678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d719c3b89aa6e70f6c6a705dd8627538

SHA1
cc74e4d99ad18350b107d09a0bcef8052b3e306a

SHA256
cee980e51069fb918335d435c1a337dd2a672144b98f52abafe8bc4a98c6b83f

SHA512
63bf3fa20bd03500325933c9e44975af48f36ace54d582d6930daa41510a8a38f8375b36b502530e0c3b670e645d9f73cdd671cf89dcdb8cca5ac57cfabdbab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dcccf45b808f3cee717f47b87a40ca3e

SHA1
3d3c407ab294499deb716cda24ee9b4914efd44b

SHA256
c9c6031dfba0cc1cc143880832d8e672c7181a5cafe293f69face51efa7691e3

SHA512
86cbdaac25962cbb26c35702e655eabd8c8ade702924358ad20958b95c4db68fb9b3259222fd59c0373063f7796f57a8697ee45eb61d7db9bf3eaae3a6951ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a549f02192842f481958b942f2819b83

SHA1
66eb63d4b2c311a280fb662f7b86ccfa57893f10

SHA256
dadca1b07dc51f25ac7c5e7e94334ef709266f1bf51339a8e632ddc2a3cddca5

SHA512
6e619d40cdeaa0da1c00b0562c5858ef57b7c8e2cf851c6881d416e4ef1d6dfd19827d04520877362a3f477ac98dbd07165a97657220df3dde78946e5065cf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\23231189-f459-4323-ad4b-2d13c2eeec53.tmp

Filesize
4KB

MD5
da6deb0758582737d9150628feb8dc0c

SHA1
cb77962f84039748e2bacc0825bc375601cdec9f

SHA256
7d1a4934882b246a59b8c945b7c3743fe6d27ddaffe27251161d68a1e4e2deff

SHA512
671a952c342177e8c2bb51d74535bc5ab96abb8b0a12e71194c9cc8be7afd2aa41c14fd4c65dbf1e51447d5af68593aef75d77782c248c1d20cffed32ab7024b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
32b2f0560beb9c9620139eb0e8666b65

SHA1
1064e5adcb9f68cde2b483aad5fcddc3153241f7

SHA256
551056dc37086f1d4c23f5683805e233ab76cd45b5a33903c21dcf506f9c3d9a

SHA512
0a88cd7ae8c9f35c077adfebf9f74b9b5be9decd79b38f1e3c057b5716492f8adc24df964533f9cfd996e8c8258970a52ceeccbe446c62d7a8324ddeab4d94bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
c56cce48db24d98592d9398f8da278fc

SHA1
270be0b76453af9c7b0ad97e10d4b4b68e6457b6

SHA256
6901310a0beca83e53177d18cd9430cb4a289ec5cee9d2339aaaafd634879a43

SHA512
d00fcbf46965481d912fcd9f49c8550d8213270ac75306b483e32f81c6d6b1d47c48942e67d6c4f06a959bdd727ba260fc922fac1ee48ae78cba4cfb9155ba92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
41KB

MD5
3607e68486efe12fe489c0ceb947444f

SHA1
2a1e88dee4403f4538497989079b3264cada0ad5

SHA256
7005bd2a86e5a271b4962c08a5ff62f049be4dec1ec06375751c877b999ec9fe

SHA512
bad8958649b8160a99ad5845773ab3e76f5221b4f91a114e2eb5d39fba579fad25489303ebd946fd196088b6cca6dbf67861e2a0366d4527d8b0b2db718d6114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
ba59de4f7a306dc8fe3f6e3b3cecd45f

SHA1
a435a1555d99b941e775ec66583cbeb9a202a307

SHA256
6582c5f72487002dfd2a19e748efdf3e3f25b3e5a3f7826d8162992f972669f8

SHA512
a4256c3aa76e8807013dfbaf39d8c78bf1bb99859b671ba1fbd23f0cc77100dba31145df74eb390a0fbebd7a43094e264058ba4634ce1c62512da2cb3537eab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
74fe0d83de8dc84143511a9fa3a20ee1

SHA1
2ee090c06f1a6b7664fc80863344731d472611a5

SHA256
fad023be5922059417cdf652869c489a019fbe3bb6074f55e405f427e03350aa

SHA512
e36d8a9792157504e2fcfd30bc024e89ce526aba2413d0ff86a55bcf727585bc1ced933485a27edb7e94ac6b779286cf1d2153b06b820fe6f137b8a29fffe75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6e6759caca7d4368447d3dd262c1af3a

SHA1
1b4663eae65dfa9751136802b6a66bd08498940c

SHA256
dc436a136e1d960dec828c627fde0340d4ececfd582a450be2fa174a18c3ba7b

SHA512
e8adbca74ee08b002c9e8fca1cc9c1928c5d05094d617b1defdbd4d531055aecd7b2b9455fd907deec7c2fca86e9feaeb46027986011a21ec5f324e244962927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
681a3e7f5f7eef36e0489a03694aa3d1

SHA1
af56c089f8b67cf780abb835faaa1693f2019347

SHA256
28ca961fb19d48fe1c05fcb5356764ad68f34202977491b6e3839b3eb59419c2

SHA512
9d4c654d1300135c595ad2cd13230c36eecda659ab8df9c631b6952dd55c517608ad9e7ede264f2358d32ccd61578be8b4ced14f4e22611ce73a115f04f2b678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3006c7804e12b32cb9a48cb200dd50b2

SHA1
4ca8b689c2ee5d7e7161e1dfd5dfd79a8b7b87cb

SHA256
b30397e33c3bef60cc9aa09e09e05077a9c1ea73b60c87bd8891a404023f24c4

SHA512
359a27430eaa193aee25eabc25b9aaaf891f0657c88de0e345753fc1d56b1868474cfdea3716d7e66b123f9f989f643923e303cc52284625a7ab3b2479ce321d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0b53dfa8df4fe2694e3563b02fd97680

SHA1
46bcd6a8e7344054ed2216974d1a65af16914786

SHA256
fdf9675d81bce6801a8cc20016c242d3732763c4962a125de6d46cfd1716d24e

SHA512
bd8d984b08d4c7b6b5c94a89aaa11fc32e6a5bf678831eaa72973be4ef4f9b65258d7eb74d9d6ab7f8d42f96c56b39ba4d819c866cc4d31b499d79d24503ef12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
acd2b4d5a5e329de6e86686306fac591

SHA1
0a28dd884c2e7dc445bee7264bf0dfebc2d216d6

SHA256
9b4b4c61fff8de0d9d3af95481bfa345e4d6fd8c7fa57a21254aa697347b5eef

SHA512
c1ba8d4a709cf7eaadd894e84ac999f979be2db1eca31e54c16a2cf4740bee9e831ef5443b20667ce670a62d120a0e25a5c5da6f60ad46aab6a91b0c8a7a88e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9ca85c9f07d0945c1c8126d8afd5821d

SHA1
a543feda14a7e541b0b089fcb24fd6fabd856a28

SHA256
acd4dddc35b13ac8ca49cd0436bcb9417008dec9a2dda80b3308e287a1654b46

SHA512
3750757a76065c154107587c8ecdf28380ec07140c20c9a4dbc248a8c26e2391f72bba10718159b613fcc1a0148b31bc9c20179feb2b2853a204c48d71262995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
55592de6d6f7478c6437f66e8cfcccf0

SHA1
ba0eaba5c50bfb0c906397705602ce4d1825862e

SHA256
87e4a2c177f9387bbe8518a08bfe3a6f63d2d4a039540c78df12f5351ebeb2df

SHA512
cb28339b8c83a5a63e7e941fc54bccd48164612652eeffdfb6463583f712959de3c3687a0f588b750fae433c49d5a0914ad3b64b52a5f3cd02451176e57472db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
20d02932c379a444b46c42b44d065748

SHA1
d1b0da4089c1c0271f3a1a0a21f1f72f5e044582

SHA256
042c2b500f5a36a14cd7b04708dc9f744fea0236d9c94b25616294cfdc503cfb

SHA512
2dfdbea24e419d77c4e3d0115abd6061b6ec922bd72a4cc11f38bf4a764a7fa99b8fab3d0e78865710e1e608ee44bbc68f543ca51d84677e22364dfddf7feb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c49683ac77200b5db9a6b20ee16e2db6

SHA1
b200e0f44971f7e2036721c552ce15e122b7ef02

SHA256
a965dd23afce6436bceda2aef69065a8969fd9fcdcd4954738e2bba06a2b72d3

SHA512
4056c2641bc0c87a23f80c0002875a69c918f0314ef939d6a0fe662402361b8a3cd5bf630f86e9d84a409caab123ce5921ef7539ed23df8335d34d9f56bc6f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e55581f1867d966f7ffdd9e1ecf026c7

SHA1
1601bd803df32920466d082bc88dc1866d729648

SHA256
a4dc0e80268f4562aec0a55d2d0b214a682635ab6540fa4d9b2fd40530c056ab

SHA512
e454d69278c8039246f68acebcf66319436b09065ac05ff326c8270962dd4a775e570cb908a88b6851affa1459fc246e4668d627d79cd8cc97d222be983f4cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59be55280f03697ac82b191541ca67f5

SHA1
35f459f46dddfbd0b7028a9158d40ff5656313a2

SHA256
32883b095f0fd0ab54c0fdc4ef466cb39bc6cf18f73f64854e644963038a98b9

SHA512
7f765176430cf29742d74db7092b53301446c74a68a22e74d714b7ae16494900496c55a47b9b6bf103ae508187de36cb1063a8e6025fe4d278d0601e771c48b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e87731704a54792be5699c86cbc67062

SHA1
74f4bb400cabc43d3cd506fad280824eb707ec2e

SHA256
0daa6d168efe04742bacfaa8bc6ecbcd1c18e2206ae57700f5fc5acc06f276ce

SHA512
6f8c05762ecc38a495e85656e47c8a5f9df197bc6a844b31afde31115799b322ae22270cd661b54d96896023dc50369a5f96b1e5965a9423a2c1be609a67540f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afce97274b13328c22068dad084827d9

SHA1
6a5c1bb13a20dd24180a2c434f1a9ac62e546b83

SHA256
7fbbd0cb2af5e88cb5cf28f9291d010fb8a7049927d01a18e1a4210ea09bb5a6

SHA512
40a1bff0283b3d4e93c103f9348b460b93507fd3232320772687f136faa3d25e8fb90b08b80b3a8b1f85d473698aa96f860fa0666fbe62b74aecf8137f314c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00557fde11d48cafd81f1fdfb040e588

SHA1
f0ad959859aeb12b9953d101bfd89751a4032682

SHA256
99b2a6597398c4713302f27f24f94ef79686a1942d9afcc113c66021c1f1284f

SHA512
579818b569ec73636eca40bc1bebc3d2df700af46b7e4bf6d8f490c339b3a09becdd2abe5b4e051b9b7a58366f05b80aec4e1e115bc956cf894dd923fff9f18d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
498acfcfcc47e7cff81e6b71d6975b7a

SHA1
026708c1a9340090ed76aa0b5b825f57986acb05

SHA256
91aa318854c7f3abc892a8d427241a4113abbe92b7b4087950830434d23000b6

SHA512
41c0569aee8e17b64ff6ad394ab9b5a0c28419b756a30b1822ef2ff00a6d3a5d32cb685571f5389ab354e0517bd6d2e5cd75bfea4e4cea1b87c9a8c20bb02acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4bb0b96de0cd69f45a1a4d912d22912

SHA1
3d07da35b09e750713b219c87fb4f87521b55f75

SHA256
95721f8868d54a16a6e4799e1b6d5ab7844d4d218716eb852398df93a4a10e64

SHA512
4928e53b9ce4b3a5ebe73c8e3a845917892bcf1635dc7e14f07dbb9c95491fcf02b2a2ccb1a2e501e7110ee7befaddb1f171b4718d8b240dea5b9d260b4612dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acb73733e2262623e121dd6ebb403e1e

SHA1
dffe3f59c71828d7ea2c65916eefdce810cd7766

SHA256
d5b4e5b64f6bfeb75ade924488cba4ef5a1bfef6db43ba90d60094af624f4188

SHA512
0bb289d21308130ed4abecaf8b62021e3fcc1e52fd37742f78edc9424a2c08ceaffb9cbaf65a8935183b5035fc4643b7048d0409ee472b1cc719edf9ec1d9c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82027834dae90a79f041fbbb8d400892

SHA1
b7e7272232b7ddf774ee995f7125e1151c755e49

SHA256
fe4bfcdfa66f7988dbba651e2a251ab789a601295367f5aded3f6909348d9bea

SHA512
d8c2f407debe97490fce35457b974be38296adc4ba9aef799fced58be3f0c7aa655709d3d64ba9d00396cb1f450a1b61944621da219d6f7bd7108b9a4da0c45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c48fea70497884a6ae5b145ff56761fa

SHA1
fda94ce48795e4756fa6917acc2b7d438569736b

SHA256
36135a4f9d603dd576f2d43b14475c585cfc2f67a444546cd48fefec861bef6e

SHA512
b7ecf33bd6c98bc032f7cbc97bc9da66726a7371277410b4b70c024cbb9f29f5b634c7e31ad178a2c3534e943fd2e2e6dc36dec3d34685c3a23d3415f9c1d481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebd80cf610ad2b6c0525c867be4bb311

SHA1
6e28561aab7e40bb1eb7f706cc6b7a622cb2f8ed

SHA256
de763aa7d6a064832f6abc483c100601bc4b26f46dc91443832b91c2e2527616

SHA512
3b906b3548b5af228bc0afcb4db22441816e416f48055813169f12d6356a008bba563e33b34924c116d00f55cecc02241bc93995cfeb8722408f0d0f15db694f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf5705cbe74b0643cd16bd6e47dffc5b

SHA1
734e351a4d7a800835ddc0cab2efb11a3c74a738

SHA256
06b4515196b28ed59ec5ad7691cb2bae012f753a6bfbe96eab0c8776e0791868

SHA512
74a417aa680ec532e1fde0c5f79f6f9abcec7021d92d00d8ff201fb5aa5aeb360daa3f05e4efa26eba2c34ef4de6a03dd1e05f3d99653cb33dc549488653b63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
576c5ac9836e57b8d0b88cdb1a9e00b1

SHA1
84fd913509a9b21b1819aa36698c5430a0f4da4d

SHA256
396493b63210f31df7312464c3f960b50e8e4687450719abd9aeb7dab851e9cc

SHA512
1f5a5ab461cf4338b11629acbd8eeca54b67ec314d4e315665ebd706eed763e56c3ac6de2172df660d8f02706d49b8f967aa5d5b9df5b5d02b3de4558000c671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f84c778145c8381c3611737b69f59ff3

SHA1
3ac2afd01b6b0ea229f2dce6898b6f346de16781

SHA256
fcb91a88942843058bb4cbebaa19ec7db115c0c1897a23d7edf94b10b9c2c1b8

SHA512
207e5f672c17e0c22472379acdc6dfa1bb322fe33b5f41297a3c68dcc406273761387536d90814c099fc07c827d151d7c35376fda2fc5888a6889b11c239eb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c180d7992406ac6b913cc02d5944b39

SHA1
0f225e8c29f00f5666ea6502bc8f3a3440d42775

SHA256
8c423e9c1cf5f9520b9b74a0f594bb81e143b600d37e7ad78a6432872a272701

SHA512
c96aaeabcdd8d3e14bb6987b3885fe672b8cd27b85affd012433075337d842894bbbfa63c0e719e6e30b0c436b4f7fd0e2db930cc3a1a55917878426f0aee167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96d4ac663de5f0a54f9100f022cdf557

SHA1
b0c652af1fb4ecb4db784e966b44610a30cb0eb7

SHA256
3e34bd24678b06eacafa2f91e84906036c826ecdbf7b1217730fa80fe18f537d

SHA512
02438d3b63da1a810f65e8018efc676aa0a38838a71bfdd1cf36016b778fd08251a88ddbfc86e822c240fc8863e02d55fef0226a37fc0e39f6c58b14a355050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9febaf27d84229c9ed82fc4b8ea4220

SHA1
f95d70f8892d8996bcb0ca630d8536990910e51c

SHA256
d09ff52a214e9f750f7a66ba169b7c54dc0a4b40b0432c0db48402811208d401

SHA512
eb70430fb8a016d41e8b9c315cd8065545222d40a90fec38cef62914aaf69c2dc980b43f79994f9973c9879d1b8c45f7e382dba0b7849efc4b10362641f4ae18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
7b5c90a52002fb72bd8c6214927847cb

SHA1
29204e08e0359579c881cade38238682c2205801

SHA256
2e19105b396edaffb2504b1c85bbaf3c876a1cd44e2e1563e7d9d60e007cdc7b

SHA512
a3292cb5fd2e4085ca428ddfef7ccf0cb7c6c53e2546f50c6bc119a0b8021d18c5881ed4837abb80a66f4e0a31193c5124e68d618820c3d8f728e4be7aeb84c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
d6cc0f5366cf9811b3d1095d74327ac4

SHA1
723df21762c06273c96e74c3965ee0d8131040a1

SHA256
27bb353cdb468302ee038bc2644bac12408434de14b2382f112b030611a46df9

SHA512
28ffc3ab032fb461fe7d36a5428a5a74930fc0d6ff195d6d3bbc236792cff40e6e8614d79c15818374057b0a575981d31f9657627e4ecf7d8bb215a7cde162e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
35f6f7dce4b40edb4d8fde2efb97f2d2

SHA1
8521f4604bce0443a7565a16231e0549eb6712e9

SHA256
8d4d0d42997af6194af00873aeef846818f8900c09650a77ff8436c3df454780

SHA512
bdd5bfdb51afd116eb397e3b1b963f9bbc393b2a27a0c1d421b4b9ad1f7fd95bfcff45f6965a698d6cc7cc236be63b8e4573c47810c80d92131adea94cf3c55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
5a4c19cc5603901b35da80e360093076

SHA1
f451e2c49fc47e00cb726d101731fd02413c1f58

SHA256
bf09b0bd997f1e24e651ed5d0355e152ef1be13797cb35b04424f9e2ab6e88d5

SHA512
6625e611b34f7492d497419091c9183ae798d4fca49ec78a904943b9e37f03146f904455026333ff47e0fc294190a5934f914dc8bbf969e30ac36c699d7d6924

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qrtgzsdv.tny.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Bootstrapper_v2.2.exe

Filesize
2.9MB

MD5
f227cdfd423b3cc03bb69c49babf4da3

SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441

SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

Download Submit
C:\Users\Admin\AppData\Roaming\vccxvcx.exe

Filesize
83KB

MD5
28a9e8bd96230d5e37a9d983e0d11829

SHA1
51a4b9c83190f93d5fdf79c249198c769004996a

SHA256
2701902dbe3784c3d870471b48386c7feae9e6b8b8d3bb34651fcba4cce46804

SHA512
cde6d10d1827245e11a1433ed58d127a107305159994d1f9f6fc0410ce526cef9fc3224ce3c524078144ac1100e10c99c50fa0e71d38be5dbb05946749511892

Download Submit
C:\Users\Admin\Downloads\cxzczx.rar

Filesize
2.8MB

MD5
c9064ffe9b394f27b867a2c6ce9213de

SHA1
4030b4562788de92c404e4c1f92c638751b150e5

SHA256
2457d338df47c16997d52ce9ae29ac10b32abb9608d73144945118136635ef3a

SHA512
abdaeed0cf430858360a3a28bac327325ce8cec9b3f2e10b602f5d307a438e7804762f96c06bac75a4b10b5e4fdabe95cc38713a6a936506cfc13b1be7b36eb8

Download Submit
C:\Users\Admin\Downloads\cxzczx\Bootstraper.exe

Filesize
3.0MB

MD5
236791312535b31022f4fe8218518d37

SHA1
ec9f3b054d621949512d9137f9eeb0ef385915c9

SHA256
45f2ca2d8c9ab563b2067289a68d54cb2d23ed07a4bf2f910857b70955d20c59

SHA512
ed165e2dad95729c0790e779bfad4709a72587577133a607ecfe8870583bed73dd5c333ead7e0969c20160f8463c63636436f91653b2634764af71488b3aaaee

Download Submit
C:\Users\Admin\Downloads\cxzczx\CONFIG

Filesize
79B

MD5
0284fa0391784125ad3b12be8c92c6ae

SHA1
e4fe938288c6804d9c79947ad2e39939a595e9f3

SHA256
789075b8c810f2b63f86dd1f8b7be836178ac679a32f2cb2376e013bc78c68c0

SHA512
9dd8db4e0017ae906e7c4178a54ea16f03aaba4c17658ed96fc384d2cd51f44c6e514872ba5c7e5f43131eb4d25c063531291d70dfab4422260585742a37e235

Download Submit
memory/896-388-0x00000283A5CD0000-0x00000283A5CF2000-memory.dmp

Filesize
136KB

Download
memory/1540-376-0x00000199A85A0000-0x00000199A85C6000-memory.dmp

Filesize
152KB

Download
memory/1540-408-0x00000199E7720000-0x00000199E772A000-memory.dmp

Filesize
40KB

Download
memory/1540-359-0x0000019989630000-0x0000019989912000-memory.dmp

Filesize
2.9MB

Download
memory/1540-377-0x00000199A8550000-0x00000199A8558000-memory.dmp

Filesize
32KB

Download
memory/1540-360-0x0000019989D50000-0x0000019989D60000-memory.dmp

Filesize
64KB

Download
memory/1540-378-0x00000199A8CF0000-0x00000199A8D06000-memory.dmp

Filesize
88KB

Download
memory/1540-382-0x00000199A8D30000-0x00000199A8D4E000-memory.dmp

Filesize
120KB

Download
memory/1540-407-0x00000199E79C0000-0x00000199E7A72000-memory.dmp

Filesize
712KB

Download
memory/1540-370-0x000001998B780000-0x000001998B788000-memory.dmp

Filesize
32KB

Download
memory/1540-371-0x00000199A8560000-0x00000199A8598000-memory.dmp

Filesize
224KB

Download
memory/1540-372-0x00000199A8530000-0x00000199A853E000-memory.dmp

Filesize
56KB

Download
memory/1540-373-0x00000199A8BF0000-0x00000199A8CF0000-memory.dmp

Filesize
1024KB

Download
memory/1540-374-0x00000199A8540000-0x00000199A854A000-memory.dmp

Filesize
40KB

Download
memory/1540-379-0x00000199A85E0000-0x00000199A85EA000-memory.dmp

Filesize
40KB

Download
memory/1540-381-0x00000199A8D20000-0x00000199A8D28000-memory.dmp

Filesize
32KB

Download
memory/1540-411-0x00000199E7790000-0x00000199E77A2000-memory.dmp

Filesize
72KB

Download
memory/1540-380-0x00000199A85D0000-0x00000199A85DA000-memory.dmp

Filesize
40KB

Download
memory/5536-328-0x0000000000240000-0x000000000053C000-memory.dmp

Filesize
3.0MB

Download
memory/5820-631-0x00007FF8BFE70000-0x00007FF8BFE71000-memory.dmp

Filesize
4KB

Download
memory/6036-358-0x0000000000320000-0x000000000033C000-memory.dmp

Filesize
112KB

Download
memory/6560-522-0x000001DFC8050000-0x000001DFC8102000-memory.dmp

Filesize
712KB

Download
memory/6560-500-0x000001DFC84D0000-0x000001DFC8A0C000-memory.dmp

Filesize
5.2MB

Download
memory/6560-532-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/6560-531-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/6560-530-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/6560-529-0x0000000180000000-0x00000001810A0000-memory.dmp

Filesize
16.6MB

Download
memory/6560-525-0x000001DFC81A0000-0x000001DFC8230000-memory.dmp

Filesize
576KB

Download
memory/6560-523-0x000001DFAF540000-0x000001DFAF550000-memory.dmp

Filesize
64KB

Download
memory/6560-469-0x000001DFAD800000-0x000001DFAD8A0000-memory.dmp

Filesize
640KB

Download
memory/6560-519-0x000001DFC7F90000-0x000001DFC804A000-memory.dmp

Filesize
744KB

Download
memory/6648-571-0x00007FF8BFE70000-0x00007FF8BFE71000-memory.dmp

Filesize
4KB

Download
memory/6792-624-0x00007FF8BED30000-0x00007FF8BED31000-memory.dmp

Filesize
4KB

Download
memory/6792-625-0x00007FF8BFD00000-0x00007FF8BFD01000-memory.dmp

Filesize
4KB

Download
memory/7956-1250-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1246-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1244-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1239-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1249-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1240-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1238-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1245-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1247-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download
memory/7956-1248-0x0000027016120000-0x0000027016121000-memory.dmp

Filesize
4KB

Download