Resubmissions

26-05-2024 03:32

240526-d3yp5aea86 10

22-05-2024 22:59

240522-2yrb9acc83 10

22-05-2024 22:58

240522-2x3c5acc58 1

22-05-2024 22:30

240522-2e7vwsbd99 5

Analysis

  • max time kernel
    553s
  • max time network
    536s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 22:59

General

  • Target

    https://ryosx.cc

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 9 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 37 IoCs
  • Loads dropped DLL 18 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 33 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates processes with tasklist 1 TTPs 14 IoCs
  • Enumerates system info in registry 2 TTPs 14 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 44 IoCs
  • Modifies registry class 64 IoCs
  • Runs ping.exe 1 TTPs 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ryosx.cc
        2⤵
          PID:4588
        • C:\Program Files\7-Zip\7zG.exe
          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\" -an -ai#7zMap7756:142:7zEvent19692
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:1904
        • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
          "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4724
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:3708
            • C:\Windows\SysWOW64\tasklist.exe
              tasklist
              4⤵
              • Enumerates processes with tasklist
              • Suspicious use of AdjustPrivilegeToken
              PID:3792
            • C:\Windows\SysWOW64\findstr.exe
              findstr /I "wrsa.exe opssvc.exe"
              4⤵
                PID:3308
              • C:\Windows\SysWOW64\tasklist.exe
                tasklist
                4⤵
                • Enumerates processes with tasklist
                • Suspicious use of AdjustPrivilegeToken
                PID:1652
              • C:\Windows\SysWOW64\findstr.exe
                findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                4⤵
                  PID:1620
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c md 320189
                  4⤵
                    PID:4360
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr /V "lovessatellitevendorspetroleum" Sit
                    4⤵
                      PID:3632
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                      4⤵
                        PID:3140
                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                        320189\Paperback.pif 320189\E
                        4⤵
                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        • Suspicious use of WriteProcessMemory
                        PID:2668
                      • C:\Windows\SysWOW64\PING.EXE
                        ping -n 5 127.0.0.1
                        4⤵
                        • Runs ping.exe
                        PID:2008
                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                    C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                    2⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4832
                  • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                    "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                    2⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Suspicious use of WriteProcessMemory
                    PID:3448
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                      3⤵
                      • Suspicious use of WriteProcessMemory
                      PID:228
                      • C:\Windows\SysWOW64\tasklist.exe
                        tasklist
                        4⤵
                        • Enumerates processes with tasklist
                        • Suspicious use of AdjustPrivilegeToken
                        PID:3560
                      • C:\Windows\SysWOW64\findstr.exe
                        findstr /I "wrsa.exe opssvc.exe"
                        4⤵
                          PID:4948
                        • C:\Windows\SysWOW64\tasklist.exe
                          tasklist
                          4⤵
                          • Enumerates processes with tasklist
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4712
                        • C:\Windows\SysWOW64\findstr.exe
                          findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                          4⤵
                            PID:1028
                          • C:\Windows\SysWOW64\cmd.exe
                            cmd /c md 320189
                            4⤵
                              PID:4632
                            • C:\Windows\SysWOW64\cmd.exe
                              cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                              4⤵
                                PID:2072
                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                320189\Paperback.pif 320189\E
                                4⤵
                                • Suspicious use of NtCreateUserProcessOtherParentProcess
                                • Executes dropped EXE
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of WriteProcessMemory
                                PID:1676
                              • C:\Windows\SysWOW64\PING.EXE
                                ping -n 5 127.0.0.1
                                4⤵
                                • Runs ping.exe
                                PID:3680
                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                            C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                            2⤵
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3100
                          • C:\Windows\system32\taskmgr.exe
                            "C:\Windows\system32\taskmgr.exe" /7
                            2⤵
                            • Checks SCSI registry key(s)
                            • Checks processor information in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:1512
                          • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                            "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                            2⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            PID:2100
                            • C:\Windows\SysWOW64\cmd.exe
                              "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                              3⤵
                                PID:4872
                                • C:\Windows\SysWOW64\tasklist.exe
                                  tasklist
                                  4⤵
                                  • Enumerates processes with tasklist
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:1880
                                • C:\Windows\SysWOW64\findstr.exe
                                  findstr /I "wrsa.exe opssvc.exe"
                                  4⤵
                                    PID:4940
                                  • C:\Windows\SysWOW64\tasklist.exe
                                    tasklist
                                    4⤵
                                    • Enumerates processes with tasklist
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2680
                                  • C:\Windows\SysWOW64\findstr.exe
                                    findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                    4⤵
                                      PID:1564
                                    • C:\Windows\SysWOW64\cmd.exe
                                      cmd /c md 320189
                                      4⤵
                                        PID:4564
                                      • C:\Windows\SysWOW64\findstr.exe
                                        findstr /V "lovessatellitevendorspetroleum" Sit
                                        4⤵
                                          PID:4052
                                        • C:\Windows\SysWOW64\cmd.exe
                                          cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                                          4⤵
                                            PID:4900
                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                            320189\Paperback.pif 320189\E
                                            4⤵
                                            • Suspicious use of NtCreateUserProcessOtherParentProcess
                                            • Executes dropped EXE
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SendNotifyMessage
                                            PID:5036
                                          • C:\Windows\SysWOW64\PING.EXE
                                            ping -n 5 127.0.0.1
                                            4⤵
                                            • Runs ping.exe
                                            PID:3136
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                        2⤵
                                        • Enumerates system info in registry
                                        • Modifies data under HKEY_USERS
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:4608
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff94c7fab58,0x7ff94c7fab68,0x7ff94c7fab78
                                          3⤵
                                            PID:4552
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:2
                                            3⤵
                                              PID:2912
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                              3⤵
                                                PID:1360
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                3⤵
                                                  PID:4652
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:1
                                                  3⤵
                                                    PID:1864
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:1
                                                    3⤵
                                                      PID:4504
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:1
                                                      3⤵
                                                        PID:4224
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                        3⤵
                                                          PID:2680
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                          3⤵
                                                            PID:4120
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4508 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:1
                                                            3⤵
                                                              PID:436
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                              3⤵
                                                                PID:1744
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3128 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                                3⤵
                                                                  PID:928
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1840,i,10015508017788340686,8819221823429251280,131072 /prefetch:8
                                                                  3⤵
                                                                    PID:1648
                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                                                                  C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2460
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                  2⤵
                                                                  • Enumerates system info in registry
                                                                  • Modifies data under HKEY_USERS
                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:1564
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff95b06ab58,0x7ff95b06ab68,0x7ff95b06ab78
                                                                    3⤵
                                                                      PID:3144
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:2
                                                                      3⤵
                                                                        PID:3956
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                        3⤵
                                                                          PID:3752
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                          3⤵
                                                                            PID:1500
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                            3⤵
                                                                              PID:4284
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                              3⤵
                                                                                PID:1036
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                3⤵
                                                                                  PID:3796
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                  3⤵
                                                                                    PID:4900
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                    3⤵
                                                                                      PID:2740
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4576 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                      3⤵
                                                                                        PID:2476
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3064 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                        3⤵
                                                                                          PID:1240
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                          3⤵
                                                                                            PID:2704
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                            3⤵
                                                                                              PID:4924
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4264 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                              3⤵
                                                                                                PID:4756
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3144 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                3⤵
                                                                                                  PID:536
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                  3⤵
                                                                                                    PID:4620
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                    3⤵
                                                                                                      PID:4436
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5376 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                                      3⤵
                                                                                                        PID:4508
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5300 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                                        3⤵
                                                                                                          PID:3640
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4596 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:1
                                                                                                          3⤵
                                                                                                            PID:1152
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                            3⤵
                                                                                                              PID:1176
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                              3⤵
                                                                                                                PID:4004
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                                3⤵
                                                                                                                  PID:4648
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                                  3⤵
                                                                                                                    PID:4192
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                                    3⤵
                                                                                                                      PID:2864
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:8
                                                                                                                      3⤵
                                                                                                                        PID:4520
                                                                                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Checks whether UAC is enabled
                                                                                                                        • Drops file in Program Files directory
                                                                                                                        • Enumerates system info in registry
                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                        • Modifies registry class
                                                                                                                        PID:1092
                                                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                                          MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Drops file in Program Files directory
                                                                                                                          PID:5012
                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUEEBD.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Temp\EUEEBD.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                                                            5⤵
                                                                                                                            • Sets file execution options in registry
                                                                                                                            • Checks computer location settings
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • Checks system information in the registry
                                                                                                                            PID:3300
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                              6⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Modifies registry class
                                                                                                                              PID:3116
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                              6⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Modifies registry class
                                                                                                                              PID:5096
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                7⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Registers COM server for autorun
                                                                                                                                • Modifies registry class
                                                                                                                                PID:4448
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                7⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Registers COM server for autorun
                                                                                                                                • Modifies registry class
                                                                                                                                PID:4424
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                7⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Registers COM server for autorun
                                                                                                                                • Modifies registry class
                                                                                                                                PID:2380
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2QkVBQUYtQjczNC00NEQzLTk4MUQtN0MyNzVEQzY4REJFfSIgdXNlcmlkPSJ7QTEzMzZDQ0QtQUM2Ny00NDQ5LTlDNTctQjAzMTUxQkJFN0ZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxMDY0RkUwNS1DQ0RCLTQ4NzItQTYyMC03RDkxM0JBNEYxMTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyNzczMTkwMTIiIGluc3RhbGxfdGltZV9tcz0iNTQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                              6⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Checks system information in the registry
                                                                                                                              PID:2936
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{356BEAAF-B734-44D3-981D-7C275DC68DBE}" /silent
                                                                                                                              6⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              PID:2348
                                                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\RobloxPlayerBeta.exe
                                                                                                                          "C:\Program Files (x86)\Roblox\Versions\version-d8aa63d3654646d0\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Loads dropped DLL
                                                                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                          • Suspicious use of UnmapMainImage
                                                                                                                          PID:5112
                                                                                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Enumerates system info in registry
                                                                                                                        PID:4900
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=2072,i,16163599956867819533,8953700606898331913,131072 /prefetch:2
                                                                                                                        3⤵
                                                                                                                          PID:4520
                                                                                                                      • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                                                                                                                        "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                                                                                                                        2⤵
                                                                                                                        • Checks computer location settings
                                                                                                                        • Executes dropped EXE
                                                                                                                        PID:2636
                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                          "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                                                                                                                          3⤵
                                                                                                                            PID:2524
                                                                                                                            • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                              tasklist
                                                                                                                              4⤵
                                                                                                                              • Enumerates processes with tasklist
                                                                                                                              PID:412
                                                                                                                            • C:\Windows\SysWOW64\findstr.exe
                                                                                                                              findstr /I "wrsa.exe opssvc.exe"
                                                                                                                              4⤵
                                                                                                                                PID:3540
                                                                                                                              • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                tasklist
                                                                                                                                4⤵
                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                PID:4516
                                                                                                                              • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                                                                                                                4⤵
                                                                                                                                  PID:1092
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  cmd /c md 320189
                                                                                                                                  4⤵
                                                                                                                                    PID:244
                                                                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                    findstr /V "lovessatellitevendorspetroleum" Sit
                                                                                                                                    4⤵
                                                                                                                                      PID:5044
                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                                                                                                                                      4⤵
                                                                                                                                        PID:4520
                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                                                                                                                        320189\Paperback.pif 320189\E
                                                                                                                                        4⤵
                                                                                                                                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        PID:3028
                                                                                                                                      • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                        ping -n 5 127.0.0.1
                                                                                                                                        4⤵
                                                                                                                                        • Runs ping.exe
                                                                                                                                        PID:3424
                                                                                                                                  • C:\Windows\system32\pcwrun.exe
                                                                                                                                    C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe" ContextMenu
                                                                                                                                    2⤵
                                                                                                                                      PID:2300
                                                                                                                                      • C:\Windows\System32\msdt.exe
                                                                                                                                        C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW91AA.xml /skip TRUE
                                                                                                                                        3⤵
                                                                                                                                          PID:3168
                                                                                                                                          • C:\Windows\system32\rundll32.exe
                                                                                                                                            "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                                                                                                                                            4⤵
                                                                                                                                            • Checks computer location settings
                                                                                                                                            PID:4052
                                                                                                                                            • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                                                                                                                                              "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                                                                                                                                              5⤵
                                                                                                                                              • Checks computer location settings
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              PID:2460
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                                                                                                                                                6⤵
                                                                                                                                                  PID:748
                                                                                                                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                    tasklist
                                                                                                                                                    7⤵
                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                    PID:632
                                                                                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                    findstr /I "wrsa.exe opssvc.exe"
                                                                                                                                                    7⤵
                                                                                                                                                      PID:1720
                                                                                                                                                    • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                      tasklist
                                                                                                                                                      7⤵
                                                                                                                                                      • Enumerates processes with tasklist
                                                                                                                                                      PID:4012
                                                                                                                                                    • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                      findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                                                                                                                                      7⤵
                                                                                                                                                        PID:180
                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        cmd /c md 320189
                                                                                                                                                        7⤵
                                                                                                                                                          PID:244
                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                                                                                                                                                          7⤵
                                                                                                                                                            PID:4420
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                                                                                                                                            320189\Paperback.pif 320189\E
                                                                                                                                                            7⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            PID:5084
                                                                                                                                                          • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                            ping -n 5 127.0.0.1
                                                                                                                                                            7⤵
                                                                                                                                                            • Runs ping.exe
                                                                                                                                                            PID:4336
                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                                                                                                                                                  C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe
                                                                                                                                                  2⤵
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  PID:4608
                                                                                                                                                • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                                                                                                                                                  "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                                                                                                                                                  2⤵
                                                                                                                                                  • Checks computer location settings
                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                  PID:3192
                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                                                                                                                                                    3⤵
                                                                                                                                                      PID:4940
                                                                                                                                                      • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                        tasklist
                                                                                                                                                        4⤵
                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                        PID:5100
                                                                                                                                                      • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                        findstr /I "wrsa.exe opssvc.exe"
                                                                                                                                                        4⤵
                                                                                                                                                          PID:4984
                                                                                                                                                        • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                          tasklist
                                                                                                                                                          4⤵
                                                                                                                                                          • Enumerates processes with tasklist
                                                                                                                                                          PID:1232
                                                                                                                                                        • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                          findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                                                                                                                                          4⤵
                                                                                                                                                            PID:1424
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            cmd /c md 320189
                                                                                                                                                            4⤵
                                                                                                                                                              PID:2668
                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                                                                                                                                                              4⤵
                                                                                                                                                                PID:1820
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                                                                                                                                                320189\Paperback.pif 320189\E
                                                                                                                                                                4⤵
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                PID:1676
                                                                                                                                                              • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                ping -n 5 127.0.0.1
                                                                                                                                                                4⤵
                                                                                                                                                                • Runs ping.exe
                                                                                                                                                                PID:1472
                                                                                                                                                          • C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe
                                                                                                                                                            "C:\Users\Admin\Downloads\S0laraBoostpaper V3.1 BypassByfron\S0lra\S0lara Boostpaper.exe"
                                                                                                                                                            2⤵
                                                                                                                                                            • Checks computer location settings
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            PID:744
                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              "C:\Windows\System32\cmd.exe" /k copy Ftp Ftp.cmd & Ftp.cmd & exit
                                                                                                                                                              3⤵
                                                                                                                                                                PID:4904
                                                                                                                                                                • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                  tasklist
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                  PID:1576
                                                                                                                                                                • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                  findstr /I "wrsa.exe opssvc.exe"
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:788
                                                                                                                                                                  • C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                    tasklist
                                                                                                                                                                    4⤵
                                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                                    PID:4136
                                                                                                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                    findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:956
                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      cmd /c md 320189
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:3060
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        cmd /c copy /b Exports + Wm + Balls + Hobby + Shared + Awarded + Stanford 320189\E
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:4984
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif
                                                                                                                                                                          320189\Paperback.pif 320189\E
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          PID:2008
                                                                                                                                                                        • C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                          ping -n 5 127.0.0.1
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Runs ping.exe
                                                                                                                                                                          PID:4292
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4140,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:1
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:2904
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3776,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:4452
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5248,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3980
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5276,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:8
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:1636
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5764,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:2144
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5260,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:1
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:4376
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6316,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:8
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:4356
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5660,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:1
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4352
                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6848,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:116
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6852,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:8
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:4004
                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5560,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:3984
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:4272
                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:604
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6808,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:1
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:4480
                                                                                                                                                                                              • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:2740
                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                  PID:2912
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=3580,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:2560
                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:2824
                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:3524
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                        • Checks system information in the registry
                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                                                        PID:1284
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2QkVBQUYtQjczNC00NEQzLTk4MUQtN0MyNzVEQzY4REJFfSIgdXNlcmlkPSJ7QTEzMzZDQ0QtQUM2Ny00NDQ5LTlDNTctQjAzMTUxQkJFN0ZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEU4NzQ0My1CNDE1LTQ5OTQtQjdDMS1FMTY5RDRENjVDQzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyODE5NjkyMjAiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                          • Checks system information in the registry
                                                                                                                                                                                                          PID:4192
                                                                                                                                                                                                        • C:\Windows\SysWOW64\wermgr.exe
                                                                                                                                                                                                          "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1284" "1148" "1028" "1152" "0" "0" "0" "0" "0" "0" "0" "0"
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                          PID:2740
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2QkVBQUYtQjczNC00NEQzLTk4MUQtN0MyNzVEQzY4REJFfSIgdXNlcmlkPSJ7QTEzMzZDQ0QtQUM2Ny00NDQ5LTlDNTctQjAzMTUxQkJFN0ZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MjBFQkE1MS0wRDY4LTQzQzktQTM0OC1FQkUzOTQyMEU4QkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjE0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTUxOTUzMDMiPjxldmVudCBldmVudHR5cGU9IjMyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI0IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjkwOTY4OTU1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                          • Checks system information in the registry
                                                                                                                                                                                                          PID:3180
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\MicrosoftEdge_X64_125.0.2535.51.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          PID:4124
                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\EDGEMITMP_5AE1B.tmp\setup.exe
                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\EDGEMITMP_5AE1B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\MicrosoftEdge_X64_125.0.2535.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                                                                            PID:1308
                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\EDGEMITMP_5AE1B.tmp\setup.exe
                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\EDGEMITMP_5AE1B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5213591C-F205-4177-892F-9B2E654EC04F}\EDGEMITMP_5AE1B.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.51 --initial-client-data=0x22c,0x230,0x234,0x118,0x238,0x7ff74c834b18,0x7ff74c834b24,0x7ff74c834b30
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                              PID:4040
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2QkVBQUYtQjczNC00NEQzLTk4MUQtN0MyNzVEQzY4REJFfSIgdXNlcmlkPSJ7QTEzMzZDQ0QtQUM2Ny00NDQ5LTlDNTctQjAzMTUxQkJFN0ZGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNTY4RDBBQS0wRjYyLTQxNDUtQTFENS1GMTI2NUFGOEQwMTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI1LjAuMjUzNS41MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI5NTk4OTEwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyOTYxMTkyOTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MDYwNzE5MDE0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YmUwNTlkNi1hOGFiLTQ1ZDQtYTEwNS01MTE1MDQ1Y2E4ZDA_UDE9MTcxNzAyMzkzMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CV3NDNDlLT2IyWTk1ZkhNU0YlMmI1SWFSRjdybnJYR1o4TUZmSjh1d2NhMlU0Y0VqSVI3WVMxOFBPZkp5OHd2MU1kNE1NV2FKUjBLWmMlMmJ4dlRDZGNYdWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM2NDIyODgiIHRvdGFsPSIxNzM2NDIyODgiIGRvd25sb2FkX3RpbWVfbXM9IjcwMTA0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTA2MDg0ODk4MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkwNzQ5Mzg5NzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTMzOTkwOTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyNTciIGRvd25sb2FkX3RpbWVfbXM9Ijc2NDU2IiBkb3dubG9hZGVkPSIxNzM2NDIyODgiIHRvdGFsPSIxNzM2NDIyODgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzODMxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                          • Checks system information in the registry
                                                                                                                                                                                                          PID:3656
                                                                                                                                                                                                      • C:\Windows\System32\sdiagnhost.exe
                                                                                                                                                                                                        C:\Windows\System32\sdiagnhost.exe -Embedding
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                        PID:3788
                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                          "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rklluil0\rklluil0.cmdline"
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:1948
                                                                                                                                                                                                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9803.tmp" "c:\Users\Admin\AppData\Local\Temp\rklluil0\CSCE352F17A8ABE4685A5116535E91E45B8.TMP"
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:5104
                                                                                                                                                                                                            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                              "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ibbttlrm\ibbttlrm.cmdline"
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:1800
                                                                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9841.tmp" "c:\Users\Admin\AppData\Local\Temp\ibbttlrm\CSC5DCCA8E561DF449AB7E64744A8C36D70.TMP"
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:3444
                                                                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ex44hxoc\ex44hxoc.cmdline"
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:2220
                                                                                                                                                                                                                    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9C78.tmp" "c:\Users\Admin\AppData\Local\Temp\ex44hxoc\CSC3E26D027364B4AD19C9458B9E24D49.TMP"
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:4272

                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.51\Installer\setup.exe

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    6.9MB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0e2485bb7949cd48315238d8b4e0b26e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    afa46533ba37cef46189ed676db4bf586e187fb4

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    1a3d50530e998787561309b08a797f10fe97833e5a6c1f5b35a26b9068d8c3e8

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    e40fcfb989e370606469cb4ca4519ce1b98704d38dbfa044bf1ad4b49dbcaf39e05e76822e7dc34cb1bb8f52e8d556c3cbf3adb4646869aba0181c6212806b96

                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    201KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                                                                                                  • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5.3MB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0469bb703f1233c733ba4e8cb45afda2

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    00314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67

                                                                                                                                                                                                                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    164KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    1f2d54fae43a1c56826887b5ac8d619a

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    74ff1f61d2eef32285ead4dd28e1616ca602f28e

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    a02230a8b4b12916050e1794cc9bd6a8e210c417d5ff4d74d0cbcaf65d1006ba

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    331af51b93b8a861f2909180bcafd41b4a264d37dba2310f1142b35b48238c95794904ea885bac40ca7aaa4909ab83853d9bc2b79006c0cc4dd0e7f4d90f2c09

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052223.000\PCW.debugreport.xml

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    82054528e0a9ef522e5dd0820161fcd1

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    9985db105456ceef2d554fe2985ff8f99b3cdda7

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    c7d2c7ab6ee6c04b5bab7c27d182bc6a0ed2d7cb9dbdc60a34a1c29038458115

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    1870c13ff26b6a76878390360cc3f36a16906188724743e2989193295dcf3f7c6935ba920ca9d52bfaa5cfe4ec9e1d3af00e1d91e39bfda23d04fd8f3666a9ac

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024052223.000\results.xsl

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    47KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    310e1da2344ba6ca96666fb639840ea9

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e8694edf9ee68782aa1de05470b884cc1a0e1ded

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\895f8bc6-503a-4731-8859-a05e47ec4c84.tmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    260KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    fdad782779594b88f75d0c8b98ee5461

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    1520799d62038ec29893793ed54dd70f698feeea

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    54709dfb8dce276535dc3155456490a4725b61f984aec053790f41fa52843830

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    bd1d7ad52d3b8ee79f4ce01194da7217922a581364244551a8b51ad21413e1156bce965750871af23035062de96d6848ff4d1f050c23e31b7bd4b45aee33e502

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    40B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    e646991f9b7863013f4543e5deea2d49

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    7d3ab1c249b15c5bc5761baef819fa96b043539a

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    26KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    71c6e4dcb559033bffb685bfcac9213a

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    25f961c9654c8b6ebdb65fc84b3e218fba9fe9fe

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    77dcc1c86b052027db7eeeec2d6bad3d899360ca512a5c8ff38db272e9cee5c9

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    f7065427eab4f90046446685101518f036d4472bafa41da4d0c80f30e3accb19d90f29c0483ff7b95a8282d1ef68b60457818e4c1457d307208b56d536e9ac68

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c1

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    51KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    588ee33c26fe83cb97ca65e3c66b2e87

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    842429b803132c3e7827af42fe4dc7a66e736b37

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    3KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    abec6f87ee8d599dff2ea6e8d1505cff

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    b05a6448f1b1a41518b2b41d4902cd6179d26e55

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    db409768ad949ea1126870ed234fdd02d26a5582fb7a66c534c0acf32fe64b8a

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    a0532122962c2fbac5f05537da522fd2e9b33bb5236e22d71fd5fc9194e1f496026d5ea6cdfb22898a1b1ea1509fd36f6021e96ea82571ef221677c614171b2c

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    6KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    bd55aeaa4b9ebf9affcb5a2d3058ed00

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4defdf0cdb88449abfedc265af910096a2918b71

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    ae8e5f364d791580ec7735e1379515adacca6d06fa8501c1f2cb16f1db0140f6

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    205a66f62511d5564da722a2ed1d9e24beae05c45f7e64b7823ae9a4f712dac3f45cef17f5430cfe768bd561d10e261d88b7cd3b4f336269088ce1283df53ce0

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5c0b81.TMP

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    520350058e438dfbe523517e2bde0161

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    41d615704f8802454315fcb4975a54a908525bdb

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    7a6f62bbdc905b7c955976ff6d1ded01def98f02042783b24c5d621a15247f27

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    b1b295663c3070b72b60868dfa177d532ebe041ddac2c1cae4d29437f3eaa7fc1d424e922befb9426f5ea1b8a09ed993c62d9e76295ad3a32ff4c7423510aee9

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    16B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    387B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    7497286df0e55410a42abe3982bf0f4f

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    9237f3d548a0e3d92a618378ef47e6f203997ba0

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    ebaa0e835bccc390c349ac3c4a9fc8c805e02e562917f0202184c46658a6b5c6

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    0a6801afd989a7ca75756fa9d615ffec3b777605263bb52b84609e76d6b39ad206bf80d39f6bc7ffbf94d493f6eccbb96a21b7e3c3a07ac518da0cb335c0a1bd

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    387B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    dd32a157227fec4106623853074d1e58

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    7b9ea7c7db8d2d1f34ba9fc48b3e501e5278bb84

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    1ff91d1ee02cc80398966706adb3a89dea3c6b1785b07b69d64434525a3a1fe2

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    a8e481c310954e31983b56b918ff2899fe02704f705d44e6c2ffeacbdff03e337c83b89ea80424a50591c0e2b5ef8fee4697e70fcd83691d6508ed839ea14b53

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5c72b7.TMP

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    347B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d4e83e190a17ddca01574590448d160a

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    a3a092c5e6485180b17cdc921c547b99cf3505d9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    f0f973aca7be885362feb6a1c140e44398a00f7e628737641fba8a8b370446ca

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6612c0c28e2ebedbfee288464390710dd510c7d9a8c4b9e4b7c2f6dd23b7cd512c872ea1b7b20bd54f4811509f71f5aeadc24ffcb112840dfe97f567740155ac

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    23B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    10KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    1c9c7156a31c136a98016231dcfffc20

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4284fd8e5790f5707e3bc8b9b64d629996bc8773

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    30ac83018643dc5e6f111373a96acf5b1fcdb4a1bbc06c8944d564fbd77c74b8

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    5ad28828b1151e69122c2712f9f17e687cad01a24de6b2be4fc16242bd9049d72d86ff75f9e8cda1fe180d42c2e8abe7e6ce372caa2a16a67f16736de1169251

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    9KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    03f1e868f8d48429f16dc449d67b0c26

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    23e63f219ca3f52ad968863b6a3268115eb9232a

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    6a88a3ce3b73eaa3ee488b36033aed6a66740d78b2195ad7bbf63e6b43b6c0e0

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    c243da553cce31a2e0e277748ca418d01b885e3bceb4859e43fd8710862ebdf76896df34dc2b5c0230e00d873631d766ab10f02c6e6fc4a32819b76b205cec48

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    10KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0583ac2f7d49470d3c70cd069f9fed1e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    c00a147c6234eda90467d2f3a0d02f0abe8909cc

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    95b4cab7559aa9175c15d22ea12819c5a238ad31dbf862ff3e24b9b4cdbd1716

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    3db207c4a216be6a2347102f2ab8211ccd5db40d6a63a45219c6126ee1427ce16f00177dcd888f07dcfb7e672ddd7a5a8f311fb15cecfb7ec1a6dc5d06fe0794

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d751713988987e9331980363e24189ce

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    f245a7a3adcae6538e6f9b758b41409c

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    48c6d027851bddc567fe38e8e275680f51e580fa

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    8a8e77a28f42536d5d930693eda8a5c3090657bb5160f8b4e75395c6d7041260

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    b9345f4b5c29c0b257e85448250da1b28fdb138620fd8ff689ceb9d291ef0fd07ad6d715de2c209177030fccec631c9cfec621f46685f2c914176c76903e3b03

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    7bc25648716a1b0b73d31d86905c8b23

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    5dac53202d0b7238133d791db27b17561c91c126

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    3cb98b636035345e277f7f99ee93037afd3896983811349bca40356c46c417bb

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    2504dd11a5f361759854d815b7f5830525deb1550f908454c4246cb888cb55e6193bcd59f047ab7e78cf9f9460d437cb93008091fbd653724cc5ff177fa091fe

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    20a0ae1d4289ad2a1e8659b390c88c95

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    1fc29e0e0bbddc152b6d7d58b35705feff88232b

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    b901c81ac68fdd6276729b40bdc41457e76f6e7b1fe57c3e8eff14dc7419a903

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    f63db63fdce3169c0d6979a10178001e8f88cba29607e01058a0de9ef2eef04580f9f69e290fa2e96cc90f8f42c463c3b9afa36483125b4c53d039b3f0473ab0

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    78ececf00cf29ca2023bda9d2e3a4f2d

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    32c35eff3c431ab0f4375267897d83d6257279a3

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    c89bb56fef6eeb56193ddfd90eb363d231a97377c9a31b8f8a02dcff86c038ed

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    38fb7304f09f9c38c607ab846344bae8bb0817b387997bad694c7a71e5718378ff586801a7f8a4f06dc252aa933055c0d75362a7e9190f197ef06ee615894735

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    760ae8ab3b771fe56c424616efb75edd

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    16b93bb01f308def2307e9b466f11e6416e8494d

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    ef54e22fbe9a589d95d33826d7690e3e37eb6a13b44c699bd148fda165069753

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    fdfcc8673ca56e206ac2056fd4d5b019a9431e2a59d0a22c0b2f5634772d36809f7a205c75bdabd8463d288900a8c46204fb878469e4852bf18c16bdf4b6159e

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    70f4c1fd23150b8a1b9be55cb4a6ffaf

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    05557c84a56ea2d5083088cc9dc0d075fcf0991d

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    d52607b4d74fce074100c0ddfb0a1f72f90dd34acdbd96d81257971352b02464

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    22a4ed27f967fa70a30752855f655ead186eee456b57f9066c3281f5e9dee9d9eccedbda2005109e54be6d15ef9a0131aabe9173aca04be081823d574b5b4ef3

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    3d52c28e6674618c5195f0fe27d62ec6

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    b4e1114e91bd5bd2d3c2bc781d15572d4585825a

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    0fa5e91dffde0d43c05b5b457d9a022b76a9db10269c96cc22cdf2e24a59db9c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    93f3ef8a0bd33003e65721fa685e16acddab792ce45c4784bc3fcaf06bd3a2f737dc5fbf12661b31a760deff4947d4291baaf71c8da8bf5c8ba18fc6161a4ffd

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d8bcd2914a44d9e261f6217f79bb701f

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    8d2fccb7c7914f00f75847b1c9ecbba3235dcff1

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    521b61f65d3718fc329da02265917532dfc8ec4bb6248360a346dca3e8d5c1d0

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    817790f609d4e34027ecbc88aeedfa6c267c999b9010d53f076aa07800477e74dab84165365380851d67b84be75f566be81d633d7c87f49b94db5876d31e0e20

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    4b41aa5870a67da00d635fe1b997bb45

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    b79613a7d38fe219a28966bf45a64280c216a634

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    524ef08b4328f217ea745539b5d7f0660305623d5b830acc29893efe3c792ead

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    228a5d6256024cb871f038af5de786fbfdce06c3a4149be5498800ba3ad9fecf12b677c2841cc9b2c13979f924fab1e040230e612c03b58892d474307b0b7e93

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0b78b591887b145968cff23c62b70287

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    2fa803b192e015df8a716817250abf0519c89835

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    5467394ed69f1094cec101522753541a75108ede52684ffab2da2664d87842c6

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    944f62b07fd2a43fae2983189d4676199fc52b8319fa8072d1004852c8c653e824bd37452124fadb092542781a81894b141e4daff7148d3f986487c38767499f

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d27f6d6c17fb3c307f88117a30399dc2

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    033d2a6f932c684a10526ec079f85adab821acc9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    947030b86b03d9c827692c810c71221c898d8ff52d5fde3b5b30274c1af9cbe2

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    0f3b56cb34fbb34426043c4375d0202d6f1e4a53aa01748b0bee0ac8958dbe80d81baa846a04715e02b8afbf58989aeae5433699cf0ba27f97a277b716b38724

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    c5f64e907c62e6a406378e98acd665f7

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    7852586ef58f2e1f4426b4612b6de4a9e46fff72

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    c335fc2d615e294845797123b31cb096d3cd5843fcc7361716c91b74a2f69001

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    f82bedbe450ae6ff13444d121847144f6ede51e169e9ea104d62d690535086f1bfd5f3598a3e9feecedf926dc6fe7273eb971bfadff9e174de7cdbaca69e09fe

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    3KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    64b4bcf7573ba76b676fd3490366dd82

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    bd550f8103cd1b0f8b5590ce45fa0bf22dd250a9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    01fa867dec187de519bb5ba8cf7754c19c19d8827b3b5737da238fa30399a455

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    c7b6e46abbcb2569551b3ada256ab64dc23febc1b61641a69b4a3beff4c71871d27edd4edfeb1641a3c10c2eaa3d14dff6311145731db41e551c74921207983e

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    bcc50ece91fd6fe8489348601f3ec3f7

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    8c4ceaff3f7b20401d15eae0fab9d0a8296669d2

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    88a026c8ebf4ed3d9b8ca1e4b20ddf734d1a7e87b9b93cf7d3579c9b3e553769

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6e483157aa0f67630bdf0e56788553764edc56f4c3be99babc9a239d271a5a61142731cf7d0d737cc9ccf4b1667654f863f502ec2efb3d95f273c3cdb45f7790

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    04aa16d9314f19077ad033e42939ee1e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    bd14a54056695b07affbdc4300d4c8deea02f2f0

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    a7de80a4c5b3956ee5838706958251ba9b8018aa79b9db2625bdf1ecd91b30ef

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6548ae4629ad1f20cb0878d0f3310ae3018ce5d8608696df6cdafcf97041439b08d54af06371a4bbf1045d5153893ad0b27ddeac2e5ddb99c2cbde3b20b9265c

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    e1e7b87da1105af1d7b002ff19602d0f

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e6b2681043fc354ea6563a9fa1bdc14a5746be27

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    bb0a2dfaf24b43eecd7a82bafe0dce458b67d417038c5e2f68408ef831933583

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    7dac58f4fb452c168f70d864cfde0a0ea39ef0310595a8bd7293da2d6753fc6769a686d89b3803b80970980c0c861cb12eb77da2c0c1b9bbbca703ccfdd6af7a

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    910dbdcd8c562ebaad52b8992979dfe3

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e7b6c34113d07099dc6f28b8e06640e0431f038d

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    81e4af81f848fa62189fe740c5e9b8a5fc8b442da7ded92f514c7fac4779a27f

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    ce0abc482bd6eb50559cc2d6e29af17fbad25315567c70bc6f1715aed7f143a953d19dab55e85fbc579fe079dc6314c6c459de6095e31853a5a309ea1f2ac044

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    18cb28e3a85435fedcc546abeb34e5e9

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    8657ef63a8294888d74183c4da59e558d965a3cd

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    0f974b6983a664440cc181fe554cb8163225ca890d54158743156d49d47746cc

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    b0201832f5feec208bd33217e379f3447a30a217a8c1a28286cdf2c60d85627ac508d2a314e8630eda0c6c0b1699bc7a005fc85c292ed51631fc9a334b8e6957

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    718b8364eb7cc7f8a045687acd703077

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    32ccb4d83c1a87850aad6e51b99c481c5356a8c3

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    90b2b6f7370a79542330735a6b8721843572f774a3e4a223f6f7f02cd0ec1cf1

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    dcab63111da0b6a56028e8aa953f0fe0291ee44c1eff36921047b81f9cd4bbc82b4cbab31673274230ed0b789f54e9f851f4e3698b55d11e8e318222ac186247

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    024449ebefa1a2babf22a46169656009

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    ceb765e97da47a086448890eee20c89d1470c6a9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    a46ba7ecd6101755d31a8d110799c22fc42da4175dff741721f47658800ca99c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    9cee44bb9bb175b208cf02e236c725dbbf7c373fdc2a27e4fc5718487ec845a31d90d4360d284d691ffe2077371bb593b5c7fd73cc0c3cdc8324def91cedb3a1

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    e6fb42bf0da55ee5be9a8767b08b2799

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    67aacb2e4f560cf547e9c6b71e0a3cca153d2fae

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    13faa50652ee3167aaf10d33bd80373f48befc19762578f60f5584dc0b496416

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    db142c787175990be8f4ad2426f6f6ffbd290d2920142bfce0b1ecc003460e9c8bfee9cc2a38e3daa6255fd1b2b85ff3a6b27728e2452e137cb2b18e9d2c0a8a

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    756edb76eb973d5cd3d02d6c639311b2

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    a776b1dbc2897220013576730fb76b46e9d44bc0

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    502f89d31eb2d24efdf2fe77c09fed278f72a19d419a0981124c500bf9758dcc

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    fb97c1fb6a8ffb2310432206803c62859fa4bf900092a8e4f837a5bda8e2001cb0683c8d454c96d5deb215fd4ac428e2b40dcc7dfc8ec6e38c62c109a0c853dc

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    ab76e5c5f28dec4aaee659292c90bbfd

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4cecd30e41524c1445fd1bbf939bfebccad20bea

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    462ee9ef75062375e3ad783f81930564713a5a8f3abf57dd03dbc55e75ca3bb9

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    2cb80349be033b525f268fbe5d276e41bcb24a0289008fbe3ce133f2221ff2a4f5d7df1bc7f46924419674c71d5d2256702fcbce17a005a2581c9f0b2de130a7

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    996b29c9bd1ea3d0a6fff5c42bf84d88

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    de1b5260f1ec6a72b2addac4de37ec719211dbe8

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    23217e9e1ac48505c81ee13cda264bee4862f375412f24290cee7e0f9845e6b8

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    76cb210c2a6b282ce090b01864409ea581ed0ec4894159cd080ab7c911e34bb9b0b27875750a88c1f1c3f2ca6c69517c2a441da84f76465d9206cd6dca03caa8

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    8bb0229fbc289819bccdb273a3afb660

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    cb3ec511a060532eb21d36a29f1544319d3950de

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    9f88a52559221a27defe8539df16576238ab5c4bc5f78089ed3ab9d574f70632

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    d309caac340fb1c42f517f7abe57b9361f5907d41826bb4897f57c64d5bce7912c4fac503e53ed594c99beac4eb998e512183943b3f0fe590fbafd96586e2844

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    8bcc1124cc76fc65c2f9c6a56cf789b1

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    c3908c89142cc01491f19bfdf4e540cf5083e61a

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    f68f309c84d3139d70b5a3f3091626598b665e18e520453f8cb864e455290ed8

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    ac6a56cc8346e55591258d131c89fa38ea0c1b8b4c4e5341b9c9eb0933a7a112a962fb549742ef616612744eb9f9b323f0eda1edf9362f9946fcd247ffaa6d5f

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    9e8e30ffdbd27a01e6f15ac8516dadb5

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    0c0e5f4515ed66825e5e7dd0a2b08fe6f02a0c6d

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    8ec180c3dcd121c24d623a1f2b931da27331f6bacd84657652635e6357733d1b

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6e1b862aa2a7cb5913cac183d8efcddd719a3df366c1321f8f5acede6bf8cfd605ec9cde392503c51edbb9fd2a17e746a84bdef13e544b7dc9e45fe7350da059

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    24677c4fe3d98d3118b40f90306145d4

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    ec2e0e4d3d3e4ef6430ec9bdb06e37d853ddbfcb

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    799836d03b971a97037ba39ce85c4a71e1db4f4b5897e6c564b5f0f98d0d37a9

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8399fd9afe7da3c3c6f41497e4e5e624ffffc133c580abf404424ef34a5c80536c2eaf2ae0e2e1c79e7830b47ada5c8d2584bb5bbd63b6cbbca4df2a3474fb84

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    16KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    6ff3d30a44c15a54cfc28b3361ce4a89

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    91dc4395a1b8931bb933686bbcac90aa968dddbd

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    6929fbf167ffe28b0dc43ba75060db2c109ab67243ce6b8b792af40c41a89422

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    4c80eb9c930eb290e7e6b01f90a0df0dbf98b820f436d873c799b4c8b7553a70d5783f9c5c5d55c44e1534bf5d5ec554002f4c395fae145e884e06b3d9b5f7e5

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    134KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    5a836e3d558b413d5052820f7244bb8c

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    2d99cd4953b3c3f76586b84f7e4b940a548de555

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    6da388e4befbf8151f90cb4fd56956030f5f7efaad922841f045422f21d56278

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    1e9b7425b26299d7f658e4147d774d7880fa883adf90215aa50bff78a67659b15335f3f9a888f3fa68a40ad9a228dc68609204999956a6ce927bfa1c60f308be

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    104KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    7811f1e3e30785d8382f1c332fc5296e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    5cd33f542e707a14bc50dbe5ac771f6bc8490794

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    eb54ef0126671c1dae42232faba7cc4d3be919065d71c0d91cf18783bf1f47ec

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8ce705fa6fbe3a86afd9f90fa43a39887c3dca6192f0f2035a9b8ee8eb0012cd66f20dbcad74ad184b74850c29af2c60994a0aff569cd6fa949bd5a7c87e4bc4

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    91KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    f1e8bcdbc9b88c7ee7b0691d7fdcfe59

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    71e3569f7d0817b742f0dc08d2f4c69e771ef6b7

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    65014da0f75d9590c679635526d4d2d4b6e354c83d494432cfec0af8df1f4357

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8054a2e3069bae7e7bbc49ca17fa929b780ef144bd12f0c7baa4bcc12f69c6c37219f44692d24b1a2b9bcf4134426dfb2bd83911b805fd387c22188935daff72

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c5377.TMP

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    89KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    82a46de5a0951be4b65497302cabb634

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    bdcf82d4a65bb3fedb4acfc76f7057917de3c338

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    7d7c43255fdf191198b9fd51ee351b8b18e98e28433a394bea04df41057b06bf

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    862149fca1134275f67250e71724276a36af78704d089759a503e127376e617073f0b3fe8c0192fec207749865d07344fdb6a0e521bff0cbb7bdaa99540f85dd

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    60ad21e008a8447fc1130a9c9c155148

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    5dfa21d14dc33de3cc93a463688fe1d640b01730

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    bb65e24fd8681e7af464e115fba42ff7713e933683cbd654a124c0e564530bb9

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    42a2753f717a4984967907fa69200e8a464068a6d4a226803cf9503ffb7fee540ffc611b4c905cc84f3623639a6aa93003b390f9c38e601b59f171a9e90bd9b6

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\E

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    547KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    a07090d5536d6b68a5bc3e75fff9a39e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    bd760ce01e9706fa87887f2c3c5901e81938c5c7

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    dbc3319572f168f2176553e4f9291e716f429d74d3661d3380066b3852d7d80c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    ad2b772228b861dc7fa148d8e75a0f6657a87a0609258130bd0e383181f3c0c15edb9bf5904d52a84a7c7f164960bb1b587326598d466a1bc1f92fccb9c9e113

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    53B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    649117fcfabe05263c63ccb56211b8f6

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    53beaefca171ec76a8a76acf8a6603f2a9998305

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    31284ec08da6a7c1e1f2ec7f46ea71eaea583ff76445c1fc5448a900243c4ebf

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    9394d780adcec3a96e7f9df7de3632beae42dda51235d7465e9b9aafa0f5bbf7702ab1236b8ca9b53e45cca1f44d725f7c63ad521355616ea21b72ee9cef5984

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\Paperback.pif

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    915KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    b06e67f9767e5023892d9698703ad098

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    acc07666f4c1d4461d3e1c263cf6a194a8dd1544

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\320189\RegAsm.exe

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    63KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0d5df43af2916f47d00c1573797c1a13

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    230ab5559e806574d26b4c20847c368ed55483b0

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Adventure

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    43KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    9c8565cc855b673b1c11e65d6cee5f14

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    996287ec020c9eedbb7ee034ca05d3983a209cb9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    808cfac711efa0f7d2539f73ad5b5c345446826e0bf82bedc963d977e9e7063f

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    cee10f173fb860206f51e2a32d389166a898b2feca0c9525e02b37f8e2567eff2bdf6d59ac2e3ca8faa98daaefcc9b0e4e945653a2f24347bde376ca903e2fac

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Aluminium

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    47KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    408990bddad38af7802d874fa4da7047

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e457e365f4d02f41d3d75349ed7e462b30e9b9a9

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    94f9920c5c6af66f71add2a5fc3d426be413324421bb675927a8062281ba62b7

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    4c5995571c99f89d5fb71be35b0aba55109aaa5d585f5a0a7a46666ac612784f166e82d05d31791e8610a94f20c3dfbed03e7ad42f0f58ad5ec3395775e83b8b

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Awarded

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    26KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    f66df9350eb62c394551a6bdd06cca5f

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    a295696f4d3bf7e28ede17d7747ede52b5c85e3b

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    33e3af4770f6ee0d2334fc2091d564ee2f50e1a7931c757c19c15b7eeafcd762

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    34f4119f62efca0da1448ab8c091d5c3693618d5f5baa1f79a56bb46f71832e838e30f6d1e0ae97a0a595ad5e46926502c0cfe498dfd5999336502056efdc697

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Balls

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    169KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    c06ebc0eea68bcab267bfeabde75cd41

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    3af40fe9dc8db434ad81ef3406c49cdf23d0b9f4

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    bd8b204aff198d37ba7651479f9cfba9422e42098a2d562b2ae478f9bfc81ebc

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    741f436c5356615a0c7485d83b6b164a6d918b83e6e9739b0ee7e1bd2b21e76cde13a4fe54d56bbb294b8f16db12bab2bd66b56a0429d31af5f446cf23fef446

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Clubs

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    49KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    8f84bc252992e4fa3b06bb05eec67c52

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4f65911c222852324a98e97628bc41f83fde7745

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    2b8a3d4b1bcff480b890fd95a36bf33fdfb63059ccd549adc4ef5179d6d353c9

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    36e1a89940a82de86116ee1fed19346c4dfb8db981251c3acae4ac3b0316f0c6b6e86828f01dcc3e9d08c51baad4cbc83aee98ee96aa99770cd9a69c25cc6a8b

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Concentration

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    14KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    85b6db997894a7d7c070e7acfd0326a4

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    3b637285b2f7f91ff765ebb6df0e6048ab8e21a1

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    bf3b5c8e9c9320fd4b128e6a5705622c0c131c34f3a31ae1a354c7dbf31fb96c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    be60f2cd2b72c9b840aa9bf04d0ee98e54ce8353338c0d5da4ddf9ffeab35c86513367ae9003d04e5e3368b1e98ee9189e7572f7caff71935f69fd955dd43cf4

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Entitled

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    53KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    ff6b23fc636864301e3caaa659c3102d

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    de672686b47b9cfd4d5d0a1a57fe1cdc36a4fe2f

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    04a8f656ca840d0acfb56834daeab37ce72d16b25665dd68905ed4f6bec422ca

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    57765fceb856504d445d3ba07616f3b792b0e492ac8b3594a1e2ba25ed00a4c1268025d8ac5f38fe8300bb6460c08b6f8575c67f823e6e630c38e7629e08e4e6

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Expert

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    32KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    40a21dddd713ecdf3306d83a18213a53

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    6c501b423664058245b19934099bc03be2b00952

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    c834a6d3c588cf565307cdb23d03bf1368ab156ad8db8a04745dea32c61c5f55

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    99616fc719a283fab96f5cdd04f87a4720aff5c3644b5dd97e556d72d3fc4125bda7519dfcd433fa3e8a3644be7bb93c180422e2ccb4320047c59b0ace3eddb5

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exports

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    115KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    a2615814de9ce0bcfbd6fbbe038e5e6a

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e8203d41c30bed830020012ecf450b90419e0eb1

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    5a85484002f916c1e0170e839b7b0ca32850576db184ce49e9ac3f637393d415

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    dfbf084ed8726f9a377ef12214c2a60b077787df325d5265dda6231a9d8105cc624c8546f05ada7c390abf4eed1be7b475a4850039ec4026584dc8a523258752

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Fresh

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    24KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    929fa2089a55870ce01ada2d52e63db5

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    82638a15eb5b7d04c1ab0a160dfe1b21aba87429

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    ebf8baf61e933b4169b0150bd467ac88be1a8827ec17b3711e7f75d13b30c34e

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    ad7bf0959879852a5fec061ee4bfd05fa207460c4269f9eff3844d8d60f22eeeaa2592a5518a3cf5d5b50e34c5a82023d73f05c2020f0cc92881fd1ee3860d81

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ftp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    20KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    397ab3b2031492e256d221c1961e3a01

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    2c3e9f08365600a2819f2ee6d952071eba45c838

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    8e0955244347b5a84ae6d09c709a6abe9deb1aa847abf7988826e9512895253c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    ae54d6f3ce07ba1ebfb40bc465804e14f9e08cc04d60716ec62376cffe9b6eee751295c2c8d90bbff4061142d072b135f4069c756f11f99dcd688c2b91037764

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ghana

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    55KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    f9e720cc8b3308aa8b0dff4aa96491f1

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    d8ba45a08def76d7549ac86c30caf5f115e1a27e

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    37d903880f4af82b537f6469126a969e244c286011a992b4109b9c08b3cd5fa1

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    898160ae5cf404932fc33463fa3696089e14d49147aa5351bb310d76a3c5335a065d07e3e7a9131c9e16d99f9c89d727edab4bb2fc39fdf6239eddbee96656d1

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Given

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    59KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    9d4703e19a97dfa9178d4264d92d4515

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    2a751185bc895ef2af9c02768df93b62bca44e49

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    34ff2bfe827762b21e09694ab0fe9a9fcb599ad8bdaf34fa7484cb0517a97c7d

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    b61944485b3043844ffa70b43757983b7c3191421a07eab74baad94a7964579f0c1aedac3a269aa1b529c8678397898ae0a2bd05478dfba6c1bad228aca223cb

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hobby

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    75KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    20ef1d301be9e22304570001305102ee

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    bb4c617b4d99b454ea2691c56604f333d43bb4c2

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    6b49c8bc7977534acfbadc516ecf1e303461dec329addcb7134748bf23dddec2

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    9cc0166f2f96f22f7327ae0802da81ad1627f41cba3edb984b853629cab461aff8ad5228045afa911e213c523f9db818a013d6d7aa287c7d8d5e27c8370d9139

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Holds

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    36KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    a554ca234387ef88491511c65a9e5fae

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    18c20e58d5ded6a109c818711123d13a0e9071a2

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    1d832bd0360a2398726384362e58a6f1fc170c4d33f6df837d04639219defefa

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    10cead71a50bbe73ca55e2d571f5904b53df8d88b24b605b973140567a50785dea971a74a5591fe23336183502dac84f7f9b8f828cb97363603b4b11fb55a743

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Jimmy

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    27KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    79f47bcf459782c895862bafb5985ce5

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    0c711e3bc359ed4fd1baf51290bc89ac3cf82a96

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    390a3f6fb97a16ddf13d05f4a35a06d151ac53c06ec932e7ad15b3a38303b504

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    42e50d396b90e712fa5416c8b25befbd73bdac580bd9732e86f7de4e4a4db87bf77c03c3304debe9d62af4de3d394260966dabc0bad60f5591e36b8f6e7414cd

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Learned

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    59KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    2a87824b6839b9c1e74053383e8c589f

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    eabf26bbfa5bcac53dc2d0e9a3ea01d12bb10c1f

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    52d824faebd98180be0b41307dc90fca13f519531a3b425ef90af7e11293182e

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    d0a3d1c79c82b8f4aaaea8d80d176df72671088d930229e38c0f0ba455130e22cf24e262a418cd60be569e9acafcbd3a9eafb0da5e11f1a5bfdf04a9788bd182

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Marble

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    9KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    ef06ee1188bc07b1564d57c6c30f01a8

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    0c366b220a788e51ce922707a59210f3129c0c32

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    04e9867bc75846c9af9e3157a78a09a994d332a877f6fffb4edb379006ff1e63

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    dec4730166b0a5a584bff18747f84ff8e8eb33731358e7cc1d7aa539ecfef1ba4d6b6690673dd267dacc8eb43516d7443f785d43a1639dba3a235831206dbf2c

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Mel

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    62KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    4220adf178308e0ed78717499b9a2496

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    34bf3553751d91de402a22656c93075f43147ce4

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    55a1e1f9a1c61f1e5e96be62207361f5b5986d0cee14a470d18cc5364f3d3733

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    785bd573813af3ba8e2a5c80d302eeb43eb2d9e4b2c43ebe443d823951576308c4cf87591ad86457b1f255b63b5a1a67f2139728f549c1ab118e72fe1d391780

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Miscellaneous

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    40KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    babf7ec18005b270895bd6570ad9c296

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    ced46bf7cf2ef2f691ca65eb15eb56c5fdb9c800

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    638d0601bb3c6e209b052d9643e5301c1e4b7c660c33da662655cb1022899fb5

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    62b8cadbb38f9259e61a3523158ba2cda6c58ac9a25a9136bef1deb6b3a4b3bb8f9012db812ba713582683f669cf271bc557ee26e43f86fc4030fc656b3b5e09

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Organic

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    67KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    ccc80b4733cdc5525890811f6f947c61

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    48abd4cabc7e596c90e03e2c4f29fa7bbf4a3799

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    080a42a16a17fd03ec5ab98b1eab6c82b46afdc57e2f726e27d81c3aa602c437

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    23bffa197c5c0c736dfcec397f5af5f475c8bf3873bc36c3c817fd290134a1956ad05b1fbcc49d835b9f168a49dd584574a92383bfd148c25f6c8e38ce49a3c5

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Patrick

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    7KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    de2a5aa29259b38578aac3e4aa778fe5

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    fab585c35270ee9e4eeeeacc44a415ded878fa01

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    f907d5cab006a0b9f9e293995e146ad8411fdc334b8b00ae49178fb7fae84173

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    847c02b2676b629c1e71bee2a2cff9ab4488c88cb63251d18ffe68f61ff87c0813c23ec2f6b5e16264f89e0d471634449f6e2db6524d8068d7ea1d452adf321e

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pics

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    29KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0dd882aa8bf9f0234d78fe674673372c

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    e3c9b584a5665c3f33c11f41fa947154a97ec988

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    464f63af78ecfa7078942816cbb67f078d166f1d09c78a8fc8605eca7413b7cc

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    2f971ff49560a1c27c2d143c9fb5aeb3e472a5f8a4394994fad19e9bced618bc917186f85470f5a87fe58d66075197314156842d4cfb8dab31e72cfe69dd4025

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Realized

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    63KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    0f4803213016184cc9662b02b46d1042

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    df97647918cbb59adf7d4988ee3ac66aec4bd5b4

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    1621ee5ffc525f54c176fa50f3af4c10f611fccc3adc1ba2beae308e690b486e

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    655624b9302fa519ad9d626e693641194fcd7b4635c04b05df550311f8789f6d630c4fdf07d102019610a89de1e5a20c247cc748c012ecf2e19500a8b256af19

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Seo

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    67KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    3266826f5c17795eba89ce11da48ee82

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    46521685a9eb28996efaa14d753e5b814dd75754

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    d985082071231b1afd871cfeb318a201d016541e0598fe4048805554e18621be

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    77e5a933e5c54262b2be95ab6377d3e0f5a241168e8fb903172ee2c5eca81872ea85525bb276dee41eaf8b506af828db95f84222ad976259c9ca7faad77b5758

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Server

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    47KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    c4c006b7deaab1e31d1421445d8b49e3

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    3c206ad20b74f9cb4f9edc59486e36096576dbbc

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    51f2f66d29b019b4919c1678ae494af565935f57f8ed30d948c472a99d6e14c4

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    6b735cf8f33c913490c149dca398ab0c04622cfb719559d9495cdb84586a6428327abe0a93bfdf9917118f5d7884c471974800a6d9ea6a09e5cfeb219cefff24

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shared

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    66KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    87ac6d40ea981b77863126d17bd70585

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    de7d02f22ef23a80ee8063cb84adc3cf00294011

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    0b379c6cc9fce908ad746803adac04caa83d8fe55676a1cb8f8d0d9c18a9b492

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    099a3500ca07d6f47b30b36d56247918114700f8b345fda46de650a6bef6f6731ec60c0e73f2e906bf653b5628014e8713139f9571bff33196c60eae51fff487

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sit

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    85B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    b21e7b4104d10f9b66e23f21233e9809

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    c657b11e0ebcd67a001307a8317f39d2a7aef0c4

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    cdff1c6ce4ffa0551d6d3d26904b7c47998dd423ed478e8690f4b3b0754d4186

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    f6f776de9943500d4c87c1efa1fc37247a8bad38fc8f25ae89a02b3015bbf7dedaafe4c0c17917e1672ad432fd0a19a102dceae1c2a4b21a2607f1dab919be70

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sleeping

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    7a4ce0c561d328f486f731eb75f38f67

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4db17866d13a560c0d4b3bf0ad48225208b7dccd

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    5c0469088db87c2775a851c6889b5ce1344b3175a8c98c2eb66bfb02a2543eb8

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    1e14efa6d22ebcff9f1566b115719a57d67ff4476209797d19b4514bfae0c3fa5fd3b0e4c319e677dae3b3beb9f865f7ed6a0898832556c420f398b1b63910fd

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Stanford

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    30KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    4dc405d6b7d21d19c3880f994dd24269

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    4343cb615c6615cd0cdbbb19663f8b7b0ed64a47

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    db9a262280405546eabfaa2e0564006ec430302353742fe7cfa2a0fd9a46999d

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    8721fce59a18e95a2eec3c9d1cea6583cdd9b0deb933c1deba3580908dd8beeb1872e4e6330db10c6d48ac5987feed2f8c1da26ca7ec8945e487f0ddd42c9dd0

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Venues

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Venues

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    21KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    ecb7450336c4278dc1f0e1a3c1b04ad7

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    045f115c6c63f6d6f32f0b8f0cf773c28a7d4fc8

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    27182c882ac947493c1ed1736fc5d3dc5ad4edc5fa21e883946bb781fdb387a3

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    94a7dad133cfbae86c711800ccfe190a829b819dc4cab563072fc2b54b99880a2fa236128fcba9373ca1fe53f0c1fee8442a0a6c20cb1841399b19a1fa67f4e1

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wm

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    66KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    5bce95dee7cad385f82eaada5551bb99

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    86958fa4bf3786891428fe5ef8c72ae4efaa0937

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    dfda4fe7e801d43324b02cdc9608a35111fc9178229ef7c11c0b16ae6a0aa311

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    2bd6964d2ea42eafa80d1e5edb50b5fc991245b35cd48147d8c17247d358ce73b9d43e9f7b22877eb3741700149e63fe9828a0efc223336f27d56a746c06f4c6

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\de55b55ef62fb1b17eb3c103f4fc0cef

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5.7MB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    de55b55ef62fb1b17eb3c103f4fc0cef

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    37dd8656942325f787227b65fc829508d48723a8

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    62f90bf759c32cd1d916627a4456b547a90641e7e94e3cbb2be6ff2033275f0b

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    7c312975a4825ddaaea32ffd48a80a5216a2a385c4556811a16accceee743122c396a41fd5a5b442689603ddbd4a3d0806c29f4e1b251fa824b9fb69abcf81b6

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_323scyb2.g21.ps1

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    60B

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\nsgAB0F.tmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1.5MB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    a4abac6f3af681f17b1b0c65ae1fa35b

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    40d14caee91ce7976a9fb8f844fb758b8875f4ff

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    a5e7c79dfb044c11c2725bc0c82ebc62da8d122925c811c83dfa79e7b61584d3

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    607a76cfe7fef00e2fe9408ada36feac0e8ee80140a30e106dac2fdf3184e9ccba9268f5b8a01622d40d22e3134490ff33b8e1fac3090d627cff384a5973e1e5

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\tmp96C0.tmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    20KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    42c395b8db48b6ce3d34c301d1eba9d5

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    b7cfa3de344814bec105391663c0df4a74310996

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    5644546ecefc6786c7be5b1a89e935e640963ccd34b130f21baab9370cb9055d

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    7b9214db96e9bec8745b4161a41c4c0520cdda9950f0cd3f12c7744227a25d639d07c0dd68b552cf1e032181c2e4f8297747f27bad6c7447b0f415a86bd82845

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpE5A9.tmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    46KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    a0d818a7f172a4c61214e7cbd8fabb4e

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    1718ea4ba5fca4f8e12c1450bd7b8b9a58391801

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    218b3b8fa85426523339b6d10f27a2a1f38f98c5623f8b71a5121ef27684369c

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    dded92cc729566eb9aee7a16730c4051faa5fc7f90d3d2e1c4821c04e3ae21bc6284f0e948efdc6c62b926474f5b85b8f532b7d4ae6235f52f2959fd192838ca

                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpE5FA.tmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    100KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    94f74065ee604f1695247996a6d407b4

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    78785ce01d605650a51498d05bc18a17c8450637

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    624db1764f6a7d97e2b66198b752a94e14e3a653a815d43505cbca78427f6c1a

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    efffccc6a4041d1a563cb65fe4786e694969d86149aa6b59ac81a420fef63b9b6806033dc73ee12b76dbd7cb44864774abe8e036b857b36228f9da12e584bdc2

                                                                                                                                                                                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5.4MB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    1f1ae0eb12231c472e7ab91a6df69b75

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    3c0b44b3b18df2b9be602b551828b27604ef51fe

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    4f62cee70845d868afed5b5ad66d7fdc582e6f9b6b69e6d5e9c52a1e24105b60

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    470162197814bcefa52a24e1e88264827e4a6aaa0a110a41f35cd9c392bdcf6bd7deb25bf5c9ccbb994ba01b8a7851d7f5025ed5b9ad9f4ba94eabcf7f103abd

                                                                                                                                                                                                                  • C:\Windows\Temp\SDIAG_25313071-2bec-45ca-a151-98541dbc2d71\DiagPackage.dll

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    65KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    79134a74dd0f019af67d9498192f5652

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    90235b521e92e600d189d75f7f733c4bda02c027

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3

                                                                                                                                                                                                                  • C:\Windows\Temp\SDIAG_25313071-2bec-45ca-a151-98541dbc2d71\en-US\DiagPackage.dll.mui

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    10KB

                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                    d7309f9b759ccb83b676420b4bde0182

                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                    641ad24a420e2774a75168aaf1e990fca240e348

                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                    51d06affd4db0e4b37d35d0e85b8209d5fab741904e8d03df1a27a0be102324f

                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                    7284f2d48e1747bbc97a1dab91fb57ff659ed9a05b3fa78a7def733e809c15834c15912102f03a81019261431e9ed3c110fd96539c9628c55653e7ac21d8478d

                                                                                                                                                                                                                  • memory/1512-1024-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1019-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1021-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1022-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1023-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1012-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1014-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1018-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1020-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/1512-1013-0x0000024966730000-0x0000024966731000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                  • memory/2460-1757-0x00000000007B0000-0x000000000082E000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    504KB

                                                                                                                                                                                                                  • memory/3100-1029-0x0000000008420000-0x000000000846C000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    304KB

                                                                                                                                                                                                                  • memory/3100-1025-0x0000000000F00000-0x0000000000F7E000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    504KB

                                                                                                                                                                                                                  • memory/3300-3296-0x0000000073CC0000-0x0000000073ED0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2.1MB

                                                                                                                                                                                                                  • memory/3300-3295-0x0000000000CA0000-0x0000000000CD5000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    212KB

                                                                                                                                                                                                                  • memory/3300-3461-0x0000000000CA0000-0x0000000000CD5000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    212KB

                                                                                                                                                                                                                  • memory/3300-3319-0x0000000073CC0000-0x0000000073ED0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    2.1MB

                                                                                                                                                                                                                  • memory/3788-4231-0x0000023D25480000-0x0000023D25488000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    32KB

                                                                                                                                                                                                                  • memory/3788-4205-0x0000023D25430000-0x0000023D25452000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    136KB

                                                                                                                                                                                                                  • memory/3788-4240-0x0000023D256F0000-0x0000023D256F8000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    32KB

                                                                                                                                                                                                                  • memory/3788-4213-0x0000023D25470000-0x0000023D25478000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    32KB

                                                                                                                                                                                                                  • memory/4608-4715-0x0000000000B70000-0x0000000000BEE000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    504KB

                                                                                                                                                                                                                  • memory/4608-4728-0x0000000008530000-0x000000000857C000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    304KB

                                                                                                                                                                                                                  • memory/4832-991-0x00000000080F0000-0x0000000008102000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    72KB

                                                                                                                                                                                                                  • memory/4832-1008-0x0000000009E90000-0x000000000A3BC000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5.2MB

                                                                                                                                                                                                                  • memory/4832-983-0x0000000000570000-0x00000000005EE000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    504KB

                                                                                                                                                                                                                  • memory/4832-986-0x00000000054A0000-0x0000000005A44000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    5.6MB

                                                                                                                                                                                                                  • memory/4832-987-0x0000000004F90000-0x0000000005022000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    584KB

                                                                                                                                                                                                                  • memory/4832-988-0x0000000004F70000-0x0000000004F7A000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    40KB

                                                                                                                                                                                                                  • memory/4832-989-0x0000000008670000-0x0000000008C88000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    6.1MB

                                                                                                                                                                                                                  • memory/4832-990-0x00000000081B0000-0x00000000082BA000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1.0MB

                                                                                                                                                                                                                  • memory/4832-992-0x0000000008150000-0x000000000818C000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    240KB

                                                                                                                                                                                                                  • memory/4832-993-0x00000000082C0000-0x000000000830C000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    304KB

                                                                                                                                                                                                                  • memory/4832-1004-0x0000000008440000-0x00000000084A6000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    408KB

                                                                                                                                                                                                                  • memory/4832-1005-0x00000000062D0000-0x0000000006346000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    472KB

                                                                                                                                                                                                                  • memory/4832-1006-0x00000000062A0000-0x00000000062BE000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    120KB

                                                                                                                                                                                                                  • memory/4832-1007-0x0000000009790000-0x0000000009952000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    1.8MB

                                                                                                                                                                                                                  • memory/5112-3477-0x00007FF969520000-0x00007FF969530000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3489-0x00007FF967CF0000-0x00007FF967D20000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3487-0x00007FF967B80000-0x00007FF967B90000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3486-0x00007FF967A70000-0x00007FF967A80000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3468-0x00007FF96A040000-0x00007FF96A050000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3469-0x00007FF96A040000-0x00007FF96A050000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3470-0x00007FF96A090000-0x00007FF96A0C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3471-0x00007FF96A090000-0x00007FF96A0C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3472-0x00007FF96A090000-0x00007FF96A0C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3474-0x00007FF96A090000-0x00007FF96A0C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3475-0x00007FF96A120000-0x00007FF96A125000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    20KB

                                                                                                                                                                                                                  • memory/5112-3473-0x00007FF96A090000-0x00007FF96A0C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3466-0x00007FF969F30000-0x00007FF969F40000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3488-0x00007FF967B80000-0x00007FF967B90000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3490-0x00007FF967CF0000-0x00007FF967D20000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3491-0x00007FF967CF0000-0x00007FF967D20000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    192KB

                                                                                                                                                                                                                  • memory/5112-3485-0x00007FF967A70000-0x00007FF967A80000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3467-0x00007FF969F30000-0x00007FF969F40000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3478-0x00007FF9695B0000-0x00007FF9695C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3479-0x00007FF9695B0000-0x00007FF9695C0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3480-0x00007FF9695D0000-0x00007FF9695E0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3481-0x00007FF9695D0000-0x00007FF9695E0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3482-0x00007FF9695D0000-0x00007FF9695E0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3483-0x00007FF9695D0000-0x00007FF9695E0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3484-0x00007FF9695D0000-0x00007FF9695E0000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                  • memory/5112-3476-0x00007FF969520000-0x00007FF969530000-memory.dmp

                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                    64KB