4687a61c0389114888ef59bd62891d2eab137302546ec7f13d256c2eaec271e4

Analysis

max time kernel
88s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04-06-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Updater Solara.exe
Size

250.0MB
MD5

09bee20176566024f343f0b3b2e9146f
SHA1

dd9e86b493311fe0d84850209d3409c3df9ca046
SHA256

5130e6e79efb6e76c4c9df9f4f59662f8430ed683438be534ea4ef0e74080f1d
SHA512

439ff2d2b664b22c1dd5912fde840c512ed34acb675b276dd6b215e0de0504fe0e5e7298c8d7759dbc5234bf5d398d71fee93a14963869cc8b831caa10ae7ae3
SSDEEP

24576:jfLWXHzLxYh0RkFUxMCdVvPH4IwIPlhDIUZV/RodGll3Bw8KXcnyXhA:LWHU0RkwMQV3H0IPleUZJakxVF

Score

10^/10

discovery spyware stealer

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

Processes:

Projectors.pif

description pid process target process

PID 5008 created 3312 5008 Projectors.pif Explorer.EXE
PID 5008 created 3312 5008 Projectors.pif Explorer.EXE
Executes dropped EXE 3 IoCs

Processes:

Projectors.pifRegAsm.exeRegAsm.exe

pid process

5008 Projectors.pif
2336 RegAsm.exe
2928 RegAsm.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

1228 tasklist.exe
3468 tasklist.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

1364 PING.EXE

description	pid	process	target process
PID 5008 created 3312	5008	Projectors.pif	Explorer.EXE
PID 5008 created 3312	5008	Projectors.pif	Explorer.EXE

pid	process
1228	tasklist.exe
3468	tasklist.exe

pid	process
1364	PING.EXE

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

Projectors.pifRegAsm.exe

pid	process
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
5008	Projectors.pif
2928	RegAsm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

tasklist.exetasklist.exeRegAsm.exe

description	pid	process
Token: SeDebugPrivilege	1228	tasklist.exe
Token: SeDebugPrivilege	3468	tasklist.exe
Token: SeDebugPrivilege	2928	RegAsm.exe
Token: SeBackupPrivilege	2928	RegAsm.exe
Token: SeSecurityPrivilege	2928	RegAsm.exe
Token: SeSecurityPrivilege	2928	RegAsm.exe
Token: SeSecurityPrivilege	2928	RegAsm.exe
Token: SeSecurityPrivilege	2928	RegAsm.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Projectors.pif

pid process

5008 Projectors.pif
5008 Projectors.pif
5008 Projectors.pif
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

Projectors.pif

pid process

5008 Projectors.pif
5008 Projectors.pif
5008 Projectors.pif
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

3052 MiniSearchHost.exe

pid	process
3052	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

Updater Solara.execmd.exeProjectors.pif

description	pid	process	target process
PID 1384 wrote to memory of 4912	1384	Updater Solara.exe	cmd.exe
PID 1384 wrote to memory of 4912	1384	Updater Solara.exe	cmd.exe
PID 1384 wrote to memory of 4912	1384	Updater Solara.exe	cmd.exe
PID 4912 wrote to memory of 1228	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 1228	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 1228	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 380	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 380	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 380	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 3468	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 3468	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 3468	4912	cmd.exe	tasklist.exe
PID 4912 wrote to memory of 3236	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 3236	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 3236	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 4340	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 4340	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 4340	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 2976	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 2976	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 2976	4912	cmd.exe	findstr.exe
PID 4912 wrote to memory of 2184	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 2184	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 2184	4912	cmd.exe	cmd.exe
PID 4912 wrote to memory of 5008	4912	cmd.exe	Projectors.pif
PID 4912 wrote to memory of 5008	4912	cmd.exe	Projectors.pif
PID 4912 wrote to memory of 5008	4912	cmd.exe	Projectors.pif
PID 4912 wrote to memory of 1364	4912	cmd.exe	PING.EXE
PID 4912 wrote to memory of 1364	4912	cmd.exe	PING.EXE
PID 4912 wrote to memory of 1364	4912	cmd.exe	PING.EXE
PID 5008 wrote to memory of 2336	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2336	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2336	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2928	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2928	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2928	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2928	5008	Projectors.pif	RegAsm.exe
PID 5008 wrote to memory of 2928	5008	Projectors.pif	RegAsm.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Updater Solara.exe
"C:\Users\Admin\AppData\Local\Temp\Updater Solara.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1384

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Processed Processed.cmd & Processed.cmd & exit
3⤵
- Suspicious use of WriteProcessMemory
PID:4912

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1228

C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
4⤵
PID:380

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3468

C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
4⤵
PID:3236

C:\Windows\SysWOW64\cmd.exe
cmd /c md 824750
4⤵
PID:4340

C:\Windows\SysWOW64\findstr.exe
findstr /V "DtsHeySfVary" Occupations
4⤵
PID:2976

C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Answer + Nano + Chart + Looks + Tvs + Shepherd 824750\D
4⤵
PID:2184

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\Projectors.pif
824750\Projectors.pif 824750\D
4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008

C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
4⤵
- Runs ping.exe
PID:1364

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\RegAsm.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\RegAsm.exe
2⤵
- Executes dropped EXE
PID:2336

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\RegAsm.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\RegAsm.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3052

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Remote System Discovery

T1018

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\D
Filesize
685KB

MD5
4993794f4cd0fc94ce69a00297f7add7

SHA1
4e866dcfd63c1488e7292d4a3b6d188fda3d5529

SHA256
2abfd80d1b004481d2e2e84e46decba4c5cd1338ab2c947b699b4d01ebd59e44

SHA512
8f0415f174bdb5f5a6ce7d79c7d56399b5ce0bfffac1f939e3a441de83c394a0c5da1176bf7173e9c5a093cfe327bbffff5b2ce12051b7eb3e522b669f1edf63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\Projectors.pif
Filesize
915KB

MD5
b06e67f9767e5023892d9698703ad098

SHA1
acc07666f4c1d4461d3e1c263cf6a194a8dd1544

SHA256
8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb

SHA512
7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\824750\RegAsm.exe
Filesize
63KB

MD5
42ab6e035df99a43dbb879c86b620b91

SHA1
c6e116569d17d8142dbb217b1f8bfa95bc148c38

SHA256
53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b

SHA512
2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Answer
Filesize
148KB

MD5
20f0d503e67c45a24db68f3e8b8b8267

SHA1
0c4eb929ef3e2e2b4acb75a7a89a2a0a97b8f720

SHA256
e903b7f1f9d84a5c4d5e3482a5592e4c4452c8b1e55dd9c2d20657f10055d77d

SHA512
561aca1b3e7d1059cc14e268b7d9c922aa8fdcde73a41d158675d874cad9c1b1742a4364586344f293540f3aafe405539bdf25cb1b2e08d666fe472c097a27ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Argentina
Filesize
45KB

MD5
8b7e1f41c69e2da01616afeda3870202

SHA1
5c9ee1cd14105521074cde58eba698fab707cf6b

SHA256
b3c2f4996d6764f0b5a322a1828c12708302547a0947def7f3dbebb37e08db69

SHA512
98533056b001f15dacb6aeead802b54f8e283f00461087b11b108756e122b16ea1f25164257b17b4633d04e96de58756d3ba6f581dc336fd39699ab735788652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Auckland
Filesize
61KB

MD5
843866cc2828b4562e2998d9589de2ac

SHA1
a4b98ca764ffa4cf3e6f282831e2fdbdcb978324

SHA256
00870aa0d730719cc0b9ea643a258949c4212ca20a115f5511fb5d19884e176d

SHA512
d11d735c6556fbfd9a41b7a48cad0e74c313f8cda1c674767bd41a8fe9fbdd89914033b480c209abe3fb049638ad4dd0c2fba1580fdff602fa266e17f71fe02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Breeds
Filesize
15KB

MD5
7bc3f7fc9abb36d1560b397899b6ee82

SHA1
4ce2454db39ac91af216c029b7bed583ba1c7674

SHA256
ca7984c7ae7ef1454a9f31c660ddd042527c636fb85e15e46570ae1da840d85e

SHA512
6c6334f6c442b900dd7ddd81fc645991cdbc66bcf8b1ccc5c631bfe50fa611484ebcfaf166cba559adcdbd26e56dd664b9e2d3d75a3ce671c079abfab2818be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Capitol
Filesize
35KB

MD5
129f4afb160a3999eca657834e918646

SHA1
9b5d89599402587b37deb71949eddd72fccd99fb

SHA256
70a889a437bffc0734432616e70ddff18a60a69aea61223d792154b102c05e95

SHA512
fab60f9728709177be84f0faee1b11403b330b519f2284fe3ec91280c822956a80a6c8f37f7ff0c0e21266add3fd56ff19a270719ff5665e25264ea2b268bf75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Chart
Filesize
108KB

MD5
d596cd203525612704048b81b16102a6

SHA1
1d07561627f0baa4f6c1e847bf3900e3008c8bae

SHA256
3cd937eaee68801bd6948cb1849a7b76165aca5e5eb8f2acea081140954e109e

SHA512
cb706c9660181e35d7a6ad26c8faa741f082c52e19b2dee759b30b7570e89aff4f7c32c6cc498b4c50688e3a03b9b02258ecb5a296a67e4061c1e927d7455adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Civilization
Filesize
56KB

MD5
c082263caa1a5073f434eec4e9bdbb09

SHA1
ba890165ba591fc7b6546d79e3a5202bbc2bbdd8

SHA256
65adb1df6f84bed35a5b8d65aa6f63954b7155500ce2e75cf33a9c14ac8a565f

SHA512
fce6325608fae18bbac85bcbd071f77813af3f490e10ae1aeb7e3990800e6e98eb3c2cefc6b4a0bfefbbc5a4c78f71366f8445dcf5c15d91b6864d3b0ea05730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cp
Filesize
69KB

MD5
cf8a99f227a4ad51761e9c5ee75683c2

SHA1
96709d6d72a71eb00ca8310190b166f8bad7624e

SHA256
d287fea6d1af7b7513edab9caa0ad9040d3dff237a0c2267fba9cb9de7ef0785

SHA512
f8695ab2dd55436e4c2efae868972f64c2948800106254767bd88fd6d263553c6e9516061a19875e308d879a151ab25f7c9f38618017c2d680c7751a76be8ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Delhi
Filesize
34KB

MD5
a60ec921242d6c315f3d069a8922249c

SHA1
316d1c0676b4403f531cb26b24f03e3079940cad

SHA256
c140004ee80da5ee17a78d27af738dda44b820ea53308894776b7475cdbacc71

SHA512
9c52dafb1bccb73801212fe713d44ac0f8e0cb34e25c91d2b0230b0d90aefa75e937fe767bc84ae1f5a9e1b41d79ff66675100a47444e3fc848dd0b2ecfca3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Fresh
Filesize
68KB

MD5
e1cbb377cbf6e826e0424d3440dc2623

SHA1
9534aa25cbf16cb6ff3b76f0830cc7f73ed80e85

SHA256
5315e4f958f97726aded41c4fe3b3eb480725c6299fb5f8ba919a061ed4dfa1c

SHA512
91c1395b67d1058930e5f87e9c973b83fc772468cee3ddb24d2088fe92b11eab91e0010c9a8b1d5326e3ddc6d1d3f23783057d844adf911d84a0fa94c2f0e0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Glad
Filesize
58KB

MD5
7be7af660e3c55b2c1d4cdac78919ea0

SHA1
ff63b85a879149d766021d6ee363c7ec8812941c

SHA256
2ad3b9cb2b7c9a3a37b61ff4936679fc92b4872812deb1db08a5895699bfd5d8

SHA512
3889919cfcdea435385febdaf5d21bc49a287036b2a7dec3146c689af90930c247b584231d93e13c720c93b7504e4bb12ba87ad9cbaafdd64b8c30111c2c7659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Heard
Filesize
32KB

MD5
36f62496b1d82c70a800e56fd5887473

SHA1
400e51ec9db05f6ffc87756eb2137f1509d6c1c5

SHA256
1c09fe9f08c79f36fc82b57718d36699e547ed858b8060b4f748a57bc4a447df

SHA512
be78b1578cf4e61168a9449fcb8c91e3a86b8e57382a06351cb344b716c7b603a1753f08f4797422f2ade658ff73f30ecc100e5dde55cb8b64a0558b323a1cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Imposed
Filesize
67KB

MD5
0feec2967886365418bd993bbdaced14

SHA1
9fc49c2e6a0bcc69590974423e9063f7781bf70c

SHA256
c4f2e29e8fe8be53a158d253ad29f64ce4c40e5fd7de25b93d65fa951098e471

SHA512
8fa2f682b1bc5660ea5635b1aa2db76f85056f3e0de398826a1328c021e8cd40ef33d5f2b9e23b2177afa41d022249954444d63837cab089636f8ff8aa64d596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Incest
Filesize
42KB

MD5
0bc5b65dadb0ae2bf0afff15e6bdfd0f

SHA1
7af4d36dd276971be868048a902884760b9c292d

SHA256
fb3e613c9448c653c5722cc686a7e89586ba366fccd49b6a027154f30d15b6a3

SHA512
cee905d0100a64ad50042e30c231ca86a492780484ca7e6200cb3af4a0fe0d36e0696638863efddc8e7af21f1cabfc11807e308af8db98ad45050a8094b2cd80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Interactive
Filesize
5KB

MD5
642e0140ef81c2817c50ff42265826c4

SHA1
f490968ace0ad0ec5cab0bed537d87f15ade0ca9

SHA256
aaff0b3fe6f092da4a30b93f4bbd8bb238d1450034eb44c5197bb0433221f914

SHA512
38d9fad7565e0aa7a0b0c75dacd9d33eee7284b5d8d67e0e69e1388e240fc00fe519cf0685e35781af17a0f439a7ee89bc8f8cb14b986e5a3e61ec0d707ddbb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Looks
Filesize
173KB

MD5
21fe1e592b1e315fa7b95f7088bec9c7

SHA1
d264052ab7e14f9d32fc2d087a49d4571ff2a146

SHA256
e5546dd7e20288f6580d741e285a924661c705ba81ab5e1cfaf55312427e90e3

SHA512
bc25c36dd7bb73d37675177c8faffdeba900e35e03b45d6f891e4c7e294f0e2c3a315224628872d18f8e8957b30c621ed8978ca782eccbdc5d20725905de6bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nano
Filesize
87KB

MD5
1ce857420aa6d913ba764ca419615243

SHA1
160bf36c8e80bb9e249b6d006c2130dbf1795e33

SHA256
8c3171bcf14486bcb8d39c4f202e0d9a18228f39e0fd676b81d0a45c63eed49b

SHA512
07b3c7b2a38ac6768ef6d461bb04ae6367b0f541d865a016cca369c2b3e51839656d1ac5afc39b8d810be6df550c503669cc06d101859a72710aab0e5365d41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Occupations
Filesize
153B

MD5
479253ba4070eaee835be045928fc761

SHA1
ad951070d0b842df77c9147641d631f343b734e9

SHA256
7005cd4157ae4ac83b98b76fa4662e49f571de5692a91f08c7f14df22cb7e907

SHA512
e2d3217df4e75d8d0fd6e76867ef919dc90645599a081af52d646f5a4f2aa52cfb8ab2e9c26559446982fa0ba7473449837eadd13af66095b671de29159d2ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Processed
Filesize
24KB

MD5
ac4123e2574ea1c9f8b206f7556cb1f1

SHA1
b3055d1503f5a347a5a047974cba8edea81c9ab2

SHA256
3f0d6bea7ea24ec5a8921d179a4d4bb99ffd122fae76e7e5272421f6338fd119

SHA512
bf2a12f2d91efef865306ef0304099efe1339814f4abe6300b4c87e4cd2cc17ccb71db51c23f2cc0585910da553aad8093c86c7c6612fa95f8d512efb35635a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Readers
Filesize
14KB

MD5
fe54b2621c1e5eed14a122266aeab431

SHA1
c2ee8db7b5d8a071f50486a0eaa654fb3a828e22

SHA256
1876bd803ff62477a080fdd0adcf73a241d0aec2b4c01095aaaaaa2815239a19

SHA512
3d25895c7c4d05cf8773a21cbe646d1702decfcc7d6d5aaf063c72ea77d02384d0fa95d255151505e626a4f9a4e7ec9ca41186a0eaa28c04a98cd805e58d32cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shepherd
Filesize
92KB

MD5
5c8538fabb021858cac9dd16651949f1

SHA1
013ab139f950dcf459ba6781d0c6e7abc28b9c7e

SHA256
16f6adee05fb1846e90df1d1ed755fdc97e75130ecc57a394c7e044c9f739e19

SHA512
bf64720247ecbab025317561f86083b7fb9541b9570d2fb84866e17e2ee061f0e11afba9f000ed88cc075998dcdc925ac0be8a56035e2869bdd7fcec1227a2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sterling
Filesize
26KB

MD5
10e7d76b6c868fb3c6e8ad5d00b0255b

SHA1
97150dc341c72c7c23105644d545b944bbcfe9dd

SHA256
110ac6257260d92f8e56cabda3bf64fce8338e2669229bedd247cf0cd8f9bd5c

SHA512
5e64e3b00f004b931d5d1ba45de0fa82981d76083a77223726368606b9c84b8f8d8ed0386c1ca7312cfa89d76f3d9e129d86e483fd6e3ae195d89bb6e039105e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Streets
Filesize
30KB

MD5
3f027410b870321b2096d02e20f4c6c1

SHA1
4fb76f3466a3ab61577de591891aeaa8988d030f

SHA256
c0ff3610c77c55d42c52b1535faee4479ce9bcb491ac6e3b568abfe4038e2819

SHA512
a73a10bf5b41dee3780c09b0f34db304878de7bb79d1099ba40bb7f2d5be8f0f6374fee7814eb0f83643d8551fc6a3774f0c8684f5892e4919d4a7a0f445c276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Struct
Filesize
55KB

MD5
93cc1d8738da04b2252a36a42a589aa4

SHA1
852e3f93c648922f19c2f2d127ad221372cf57a9

SHA256
f6269273656bd90ee2f26dfc483ad3b61873466ac338c5ed644083a298a5f8ed

SHA512
518358f4fcd200f5a2d2e0b89abb6fdf550f668b8fceea2ffc34b2c0e2eebe2eafd7aeb1ff22b93fc5611d7cddd812077ccac265359fedf53040cba79b39f0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Swiss
Filesize
47KB

MD5
e61de05c92368ecfbea6ed24f3d772ee

SHA1
51ca64e539252b5731bc19a070e61e0346b8110c

SHA256
493aa5fa9471ea43b54796e9fbb0d27bac9e6665bc9ce3a28592ea6a63c8b02a

SHA512
aadea2361b499f452ec666551ee7538189e194a72266e48b5e6352e77f267aea1fdf48941c83402168d2cfada20dbfc10d7aa77b7d364d1481a354d8f123a812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Theories
Filesize
61KB

MD5
26360a4bd8cf378dc2ef02158a649555

SHA1
4f0ed5a17f40926bb149d31a565cf5a8e605cf84

SHA256
3b6fec4e115f65ce765bdf61ac0043ac876721901043ca9fd778e94f31cfeae5

SHA512
8710a38c3906d38e25869b177c3556e7ac8d831ef615de3bec91e9281052cded61f4143e11c70ceff4d8c338e49a8e29b40d9bb4f2f508676e8ce54c55be5d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\To
Filesize
49KB

MD5
a9bc40bd11d2ccb07eacdaba7b8720b5

SHA1
15e641f6d5c637568b9950fb1795e2e0216c65a5

SHA256
79faf40a1bc6748628ea174aa2ceca9df9c314f130bebe84f8eca88ac745e965

SHA512
5efcef5aa1decc4649bc729b6f35ebe40d4b49fb3ea65a3961004aebe97731ce4765e24b44434f752883cdc01eff66285aec2d3bc8237704aef59f066fc85008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tvs
Filesize
77KB

MD5
20bb0666824e8d6a6c2fb5fa4ba051c3

SHA1
4be08903b701a98285aad84d872ddfb317f2a634

SHA256
81f5ae10f9dd20a706a14971f06b7ba919a19854b3713d603bff0634f9e472ff

SHA512
4066172e8c87998f70ce3fc11941ece2e883e05d2b111b4056dbbf06325e7c6376f27190d3a20479a5a648cf17f8f258958243cae3975c41a4a1edd88ff82beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Whether
Filesize
46KB

MD5
5a728d58d6093a2d54ac17847ec7045e

SHA1
8574506c7b7710a31e6b2339c16626fafc3f2369

SHA256
f29f5d685c84b2605989b5200a4643641fa6bdeca293417379103f8b97d7239b

SHA512
9694a66a0d02430ea15956faae0a4c7f032604f14f3b060f734e2a5df91b6942d95fbf3880e907c0d33b7abfecd23e78ae832383ad98d1594e7161871e7deb47

Download Submit
memory/2928-599-0x0000000005A00000-0x0000000005A0A000-memory.dmp

Filesize
40KB

Download
memory/2928-603-0x0000000008B40000-0x0000000008B7C000-memory.dmp

Filesize
240KB

Download
memory/2928-598-0x0000000005A60000-0x0000000005AF2000-memory.dmp

Filesize
584KB

Download
memory/2928-594-0x00000000013B0000-0x0000000001430000-memory.dmp

Filesize
512KB

Download
memory/2928-600-0x0000000009060000-0x0000000009678000-memory.dmp

Filesize
6.1MB

Download
memory/2928-601-0x0000000008BA0000-0x0000000008CAA000-memory.dmp

Filesize
1.0MB

Download
memory/2928-602-0x0000000008AE0000-0x0000000008AF2000-memory.dmp

Filesize
72KB

Download
memory/2928-597-0x0000000005F70000-0x0000000006516000-memory.dmp

Filesize
5.6MB

Download
memory/2928-604-0x0000000008CB0000-0x0000000008CFC000-memory.dmp

Filesize
304KB

Download
memory/2928-605-0x0000000008E30000-0x0000000008E96000-memory.dmp

Filesize
408KB

Download
memory/2928-606-0x0000000009780000-0x00000000097F6000-memory.dmp

Filesize
472KB

Download
memory/2928-607-0x0000000009000000-0x000000000901E000-memory.dmp

Filesize
120KB

Download
memory/2928-608-0x000000000A000000-0x000000000A1C2000-memory.dmp

Filesize
1.8MB

Download
memory/2928-609-0x000000000A900000-0x000000000AE2C000-memory.dmp

Filesize
5.2MB

Download