99b421b433eae70d9b28445cfcfee2185de5511a0c98355f817ba63e65b842c1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Atlantis.exe
Size

11.6MB
MD5

b4a63e7514db5d7a0cffc05b0b56967b
SHA1

40c2c9cf437a80474fc689ac98fc6e7b172c4508
SHA256

976816e7af7990a3acbfdc9258b4cb6e8c0134a832390ae5d3a95bcc0e3faa29
SHA512

02108ce095c996c8f8665b8d08e4c36d8761bcf68ed81e00cdfb87d5965f43e8bc4de979bbea57eadf9bc80c7e93527baaefc6c17ad8641d07a2eff9848ebf66
SSDEEP

98304:gGuyIXRfVUr/AuOfVE768+l4eW9k3R78HEEhc2+z82bbIcNlaZuj9nGZyLlsZ5:3uxXRfmDAuEVEKW9IRIk2bcW69nnL05

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Atlantis.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1691312585\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Filtering Rules	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_895563391\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1691312585\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1060927351\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Part-RU	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_895563391\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\ct_config.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-it.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1691312585\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Part-FR	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Part-IT	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\Part-ZH	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\crs.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-el.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1060927351\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\adblock_snippet.js	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-af.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-da.hyb	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876325618222047"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6004	msedgewebview2.exe
6004	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
5140	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3888	Atlantis.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 5140	3888	Atlantis.exe	86
PID 3888 wrote to memory of 5140	3888	Atlantis.exe	86
PID 5140 wrote to memory of 3052	5140	msedgewebview2.exe	88
PID 5140 wrote to memory of 3052	5140	msedgewebview2.exe	88
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 4720	5140	msedgewebview2.exe	90
PID 5140 wrote to memory of 540	5140	msedgewebview2.exe	91
PID 5140 wrote to memory of 540	5140	msedgewebview2.exe	91
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92
PID 5140 wrote to memory of 5164	5140	msedgewebview2.exe	92

C:\Users\Admin\AppData\Local\Temp\Atlantis.exe
"C:\Users\Admin\AppData\Local\Temp\Atlantis.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=3888.4484.16442175397462921256
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:5140
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff9b2a0b078,0x7ff9b2a0b084,0x7ff9b2a0b090
    3⤵
    PID:3052
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1724,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1352,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1684 /prefetch:3
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2348,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:8
    3⤵
    PID:5164
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3608,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4600,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:8
    3⤵
    PID:1440
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=308,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4596,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
    3⤵
    PID:2800
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4848,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6004
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4200,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
    3⤵
    PID:6028
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4860,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1264 /prefetch:8
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView" --webview-exe-name=Atlantis.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4188,i,16681458488546199901,5666174786060374823,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
    3⤵
    PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1060927351\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1060927351\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1235076474\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_1691312585\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_697083996\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_748536205\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5140_895563391\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
0b96e0220db733fad3b0b1aef6a0c54b

SHA1
6a81a4f464fa88f7439960c85a2a8223d998921f

SHA256
232d29b3dbb6752f0c04ea575c625f8ad4143e0298bc4893b2f36e651286dc3e

SHA512
beb5c55115cf5bcf3d8eced737514e2198d3dc6f4a852a456384594e7ebc7b18247eff2d9c72003a0854aca3902f0a5cdcd31b3fe5e738e4772a0eb63f11a106

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
66f3d395e2ca88f9ababf3031d57b8a8

SHA1
69ea9fff7c3bd77a6d90b5bb12d93b595a77f7dd

SHA256
d38d85cb10aeab0e89a98c51533a25e1e644aa32e2e0254b4006de42bd2b52fb

SHA512
a23322020ed439609aa833990a28dc6cb4fdb5023cc9a1137fa9d87f1d4e21f496932e017e01c328f39995763a7444a8e00593906b2e460d76fedda03bbb565f

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
08d693703e171b33ff9fdd12055e7a9c

SHA1
27bf3053dfb604d1eadf71691b7b55a40b872507

SHA256
d75c34166af79019c38ad7f8c27a00938f7df106fbe549cbcc0d097922878691

SHA512
5928f8f4404f56fd7b019099a530cf15deb36575c429af4000060fe9050b5eb1ca06afe284f12f0709b616e359bb5fc16af6577676dc638a9d9d1e3561e51a9d

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
42773494dd88ce0dd250673805264985

SHA1
b404bd79593c7639e695bfbdb39a64047edca6cf

SHA256
f79a87d5b8c576b706f2422a06cb526d0a4afa125e8d88b58522fe535a6d4455

SHA512
1bcf5499311bc650dcc67ee8cce94abf0b3df64a090bd50a602f473a3a6ba3b6dbfa7351aea2132ae75f7bc8fbc441d4e9d81e32e95657ba493bb5f87fb22c22

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Network\Network Persistent State

Filesize
680B

MD5
005eb709cba0a720ee3ae39cfd017028

SHA1
a8d87a382182cfb66f8b1f277c046b7ae3469d77

SHA256
e192e1ee7a5aa31b95244d2cc6b65ae6283dfd51f730715d8f76b6b1a06482e9

SHA512
089df737933ac80a115369be2264b76c63678ebd495b6bb4a310606d90dbbcd9a03affdafbe63c09f18502efab3f344e544b1d58a51ddb935a8abe5686af3257

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Network\Network Persistent State~RFe584f05.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Preferences

Filesize
6KB

MD5
a3d5a1a246ae098b21937051c70ef0c5

SHA1
46d3a3b0a3a81fa828d9c8144cdbc98a029fbf7d

SHA256
2d3ebf33f534f503de65a34fec9959d9ba6685508cd21b29a740c7378b2c4bea

SHA512
672e2ba65e2bb77e4f9cb99d9a76094593abec0880840928be6b76fb08ffe7c802f248759ada7345070e4b4807f425db297228b620fbab9127434a111fe1af4b

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Preferences~RFe57d707.TMP

Filesize
6KB

MD5
e12e7209f1ca5c3901c4949f4e3ef9d5

SHA1
cdc40c8dd8f350f33f9c4db872a70d61272b2e11

SHA256
679195d7b55fe519f3ad0c90fd123661cfd301611cab6a66314ddf9dfbda40f6

SHA512
a4c05e5f97f34f299118e24ec499d52fac07b73117fc54ec140607f5ab54f23db7154c20646a76dd8457e0904184280ae3741ecbd375debd93a73e37357f1648

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
2KB

MD5
f8b463c743d92900c55582ef380dd944

SHA1
f9167598df53b2c373069a9965d02e658dd22a39

SHA256
1bad617a98a6a736673f0d88f75372033cdb8828cd89e7ae79d41ab5d2abd18d

SHA512
61d9f8c59d2f48b1bcb90acb311c85ed32bffd2d36f79b56fbe9a4b62b9c4390c8c4e242d2d5149295dcaafe39821b61a6a2db00d2c1a31b58a0039375baa643

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
3KB

MD5
3e11915025b7e755592b4d6e942d4256

SHA1
b1a48e8a20eaf11f39f9b0ee1f435d66dc4ee77e

SHA256
cd5a7c7a7a870318e1faf2288655d3c23f9dc9bf7b6d283f7d077badacba1c92

SHA512
89532a6685fac05318afe92181e85d3b80cfba84c86c02c56ca4bea4f202047c3a3277655220e771044b5096cd37bc5b8aba21d350487c79508621242e9bdefa

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
16KB

MD5
c113c1815a7a616db582e7095c1fbc33

SHA1
dfa38696e4b5f61a47b7eb53f446048f3e97c4eb

SHA256
b9bb234bcf578aef272567c6db06ba567ddf86aded4c01e98d4c6acd78f5e05a

SHA512
c346e7a054758319f2fa73d325fb457504bd6ee44930d951517f57fa4ce7ac8a662b1a0fcde3fe4c41c2046beb6e0af6af87dfea6b82e7bfbbf60e9d384450a3

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State

Filesize
1KB

MD5
1ea18970dc8b0a4b3cf560922312bb9e

SHA1
2d9ddd690d840f4cad1d9a07c41b4445a65b44ec

SHA256
def7fc3b7c4c4cdc85aee459f88898787ad2178e26001cd6efcfb8d0259b1b6a

SHA512
4473bf3a4ee0253c27df1c77df0a630fa585efcbb3b1b9650d94c960bbd1d77d84f84fe99e315f78cb06f9a16e911800ed8faafaf6996e025d57cd4989174341

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Local State~RFe573885.TMP

Filesize
1KB

MD5
b8333ef9408edc940161c5da6a92a286

SHA1
a24f9733d3a597727757cab90132c31ab231b25b

SHA256
76658e4e8666b9c41904d635e3c47f0bd67f4efc292509628607c41c5be751f1

SHA512
fc4d063c8e2af9e208cea7d2ead27375dc4d336dbc8afbf2b7b05f1e29996b1a86b71e59d6c0c3d8883748bacd6a2f100417ad47b791f8dc7e00ac327d7f584e

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\com.lxzp.app\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
memory/4720-26-0x00007FF9CF4B0000-0x00007FF9CF4B1000-memory.dmp

Filesize
4KB

Download
memory/5164-49-0x00007FF9CFCA0000-0x00007FF9CFCA1000-memory.dmp

Filesize
4KB

Download
memory/5164-48-0x00007FF9D0B50000-0x00007FF9D0B51000-memory.dmp

Filesize
4KB

Download
memory/5168-123-0x00007FF9CF4B0000-0x00007FF9CF4B1000-memory.dmp

Filesize
4KB

Download
memory/5168-222-0x000001F263190000-0x000001F2631FB000-memory.dmp

Filesize
428KB

Download
memory/6004-440-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-447-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-446-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-448-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-449-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-450-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-444-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-445-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-438-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download
memory/6004-439-0x000001D0025D0000-0x000001D0025D1000-memory.dmp

Filesize
4KB

Download