asyncrat | hxxps://workupload[.]com/start/DgLJGUGgGTj

Analysis

max time kernel
768s
max time network
601s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23/07/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://workupload.com/start/DgLJGUGgGTj

Score

10^/10

asyncrat rat

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000100000002aaec-841.dat	family_asyncrat

Executes dropped EXE 3 IoCs

pid	Process
4036	Server.exe
3788	Client.exe
1072	Client.exe

Loads dropped DLL 17 IoCs

pid	Process
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe
4036	Server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = ffffffff	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 56003100000000003758107b100052656c6561736500400009000400efbef7583056f75833562e000000d6a90200000002000000000000000000000000000000cab51401520065006c006500610073006500000016000000	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "6"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 00000000ffffffff	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\NodeSlot = "5"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Server.exe
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	Server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Server.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Release.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
976	msedge.exe
976	msedge.exe
2768	msedge.exe
2768	msedge.exe
3696	msedge.exe
3696	msedge.exe
1268	identity_helper.exe
1268	identity_helper.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
1096	msedge.exe
1096	msedge.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1656	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	2908	7zFM.exe
Token: 35	2908	7zFM.exe
Token: SeSecurityPrivilege	2908	7zFM.exe
Token: SeDebugPrivilege	4036	Server.exe
Token: SeDebugPrivilege	1656	taskmgr.exe
Token: SeSystemProfilePrivilege	1656	taskmgr.exe
Token: SeCreateGlobalPrivilege	1656	taskmgr.exe
Token: 33	1656	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1656	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe
1656	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4036	Server.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2964	2768	msedge.exe	81
PID 2768 wrote to memory of 2964	2768	msedge.exe	81
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 1104	2768	msedge.exe	82
PID 2768 wrote to memory of 976	2768	msedge.exe	83
PID 2768 wrote to memory of 976	2768	msedge.exe	83
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84
PID 2768 wrote to memory of 2720	2768	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://workupload.com/start/DgLJGUGgGTj
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff25fd3cb8,0x7fff25fd3cc8,0x7fff25fd3cd8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,11881541198168669859,11679645865198603829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004B8
1⤵
PID:4652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3148

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Release.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2908

C:\Users\Admin\Desktop\Release\Server.exe
"C:\Users\Admin\Desktop\Release\Server.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4036

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
PID:3788

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
PID:1072

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GMap.NET\DllCache\SQLite_v98_NET4_x86\System.Data.SQLite.DLL

Filesize
1.3MB

MD5
14393eb908e072fa3164597414bb0a75

SHA1
5e04e084ec44a0b29196d0c21213201240f11ba0

SHA256
59b9d95ae42e35525fc63f93168fe304409463ee070a3cf21a427a2833564b80

SHA512
f5fc3d9e98cca1fbbbe026707086a71f801016348d2355541d630879ad51a850f49eb4a5f7a94e12a844d7a7108d69fa6d762ee19f4805d6aafef16259b4330b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0f062e1807aca2379b4e5a1e7ffbda8

SHA1
076c2f58dfb70eefb6800df6398b7bf34771c82d

SHA256
f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

SHA512
24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f3725d32588dca62fb31e116345b5eb

SHA1
0229732ae5923f45de70e234bae88023521a9611

SHA256
b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

SHA512
31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
37KB

MD5
27eec7e8f48ac0d64e62ec535a19ed37

SHA1
0454ae16951154ff4d64dc2dd20f780b6da87ee8

SHA256
9107d29b79f5c0e9d7ac88f893e0afb7c672d536b2e41de469172c8b7366e3d0

SHA512
f93033661c1974d9225b7e05543d7efe62574567abf7bdbb982b36e5b0be658937a7128de10376f9e39c20a2d40688862fa0e76aa53b0b8c87b99ee536fbb175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
21KB

MD5
6facc79f6cd8bf7faabef4e10c0378e3

SHA1
d6f21d215eb457509b8dee6c13b1ec4e25fd3b6c

SHA256
94519548151f8ef04815e1f02bb807f9430b31a2259ac1a6f8e27f05c13ac0ed

SHA512
79ab3c5e93f14bc6c16a6140f43f45c5daefa1047531bef1ebe4be2d385f098ee4a711f9a7c7e6077c05be4e760157c10feaa34bf8cf06c263b2435b5f2da37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
af73a83498e939379445066f4be6686b

SHA1
bd5fb87bbb126fd672ec96b3a17e85ef92f8bcdc

SHA256
680fce4f4484948006f144bbabcbbc43b898e82ffe80b1f36b2a381f48507585

SHA512
e923a671dd7b9f2a3ee90b93eda9ec5dad3e4084053cb6c0a2002f02a4fdb0706f9d5c1859a8c2495ba08c6d6f641ca77dcab41987d1da08f8c0395a9e5cdd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
52KB

MD5
dfc2a308bd5066ade42444daf0810a26

SHA1
0cf79beff46544b6eb14000948b849918a56c5be

SHA256
bf534ece446645cc5d70e30403d098c1c17a979f88ff907b61ab2ee26a4872fa

SHA512
56bdddd1236aa925cccb3d63e7523f4b7bb85bebd419368c1d662cca4bcc72fd1da7eb9c0ac470cc1372c7e29211af114ecf1baafbebe183581412d25eedb039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
32KB

MD5
bcb18d9ba1e94d7aad10915e9a12d796

SHA1
1bd29b9a05ce20d17e2debb44894fc4f281c02c9

SHA256
eb6c70b25671e23b676abfd4186231c4fa2b3813be40827206e3185e16f483d9

SHA512
6d7fe2a069806473bf022f830808f200776cea971130ae29e16490451ebd0db5c64f880447af09c885a1d409ea8b9c52e1907f9023e22555fd9131965a9401e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
142KB

MD5
c4d900f7845478d13b3db1f0efe3e3ff

SHA1
a65f8c176087159708e6b874496bdc2260fac329

SHA256
c1199ac5298c1c96da94bfe194bab4fcf9fb9bc01b30b83970d53a4045590c6a

SHA512
a2b42aa208a0045d7b5e3a1b58e4da468d178c5c48afe9bc1cd80ad70e352979eadd54e0aa9546b45ac4cb1f4a5d4ab8c20b0b6293f8374adf5bd1448afb72f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
30KB

MD5
eb3266a1ad3e2d9b5446e9a2eb874838

SHA1
9012e4c887bae66031875315ac2ae89e8f075caa

SHA256
483b3e98ec35b986a3133155bed5629fe4f9162fed06933ad6259438ebfd0e19

SHA512
430c2684360ea94e76ad06b4788adb4c78c23fb78bfe6751bbdb16d675dfa26f459603005466ed5af80fa65596b8885b5bf3ba86ce88a4113247e03c468ce0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
146KB

MD5
44fa6cb271a998d305bae64eccea3dc5

SHA1
ce9be4736519731957af9aed23733faeec40f2e7

SHA256
fb1c90f3ac72cc4cee01b12161e76e5570491f155e6637446b760fc6d6a4eca9

SHA512
853eb41fbea7ace4203b2ee4d73fc7628dc0dad8839d9c23fe8cd96de494ee6e3f71c1f5cfe6fa62bad01b9689c74c6bd3a55ca6c54f883407b79f59d02468a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2ee4879611ca91310827e7554d00690c

SHA1
ad4300135982f0e984266b3087df9c8be74e0ae7

SHA256
86115cfc7ff428d473a4977eb3e7ccee38aa7bfbcc98de4c5c491bc8946d4c5c

SHA512
5cb32c0548c2c04055d425be037b6bed1221cd81991f44ebd2d8ee9ae0455d99cd51e0ed37524af2e66c4e3d4486cea3ac19b18b93ee9bd5d601b12d1b15cacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d732f70b8d88add2ad4be1d0095ea07

SHA1
bbcd9254a80340eea7d4a64d1b837592fba379e2

SHA256
7a2d020453d5e47a07d01df7cd01c29eae7c1c670304f295b851ddca17c4cfce

SHA512
35ea81edbb5d1470cc4f9c0c9a648f9b0b615f47fdc64c68c9fecf4e226b0949095836d859a880990ce0f4dcff342843f041fd8de8e5e1aab0b1c8d0de04a5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b0b6be053a52159970f77af1590dc5eb

SHA1
af2d76ce8ce607bda1e43bdcdb00b2461db3e922

SHA256
23b4d4b3bdc3905c12008c665ecfe27092a699183fd052d47ae7385fee1e6d89

SHA512
309f7b3c904741b0a3430134897f0dcf3e8a82d47575405789e7c0ef1f86072a7389b9c2e02292d69a26a25f40284e087b72e9d22b25cb04394d48a1a197eb7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6744680ca42fa3494eaab654ab6165e0

SHA1
4a5e3591444d556519bc99dcb2b1305b67c9c421

SHA256
3a80bc9f43fa1841a7fca5ec92a0caa354ca85cd590432e3e9d74b8fbbeee180

SHA512
bd8bfe38ead08a90f688b28e469e4531ab476100f4b59a6af5d5dd2b06e38d53073b63403e319d082c4b02f1b32863330761dec8227133823e93ce60ce2ac7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
598618f7e5b895040749c323405468da

SHA1
f11c07c6eb7da6f6bccd064e677b33e92211c918

SHA256
af63335c6b3e920202848cc8fbb0ef936b550b71ba924c6cec019a22ba4796c9

SHA512
dfb9f2d336fb9464ebeb763aa9d7ade62d8f7bf29fc2b3e995e368b42d4ddbe253abe91bccd2864f679f2086726d5da928c7efa5a4c4e7408c4d4e7d73b680c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76af86ecb39bc3f0e9e818ea9902be1c

SHA1
6c03dfd5f6d4867aa48ccc7260fbc385bb557376

SHA256
a5ae51e1024eb38f2a293c3d2a76b5eed38dd3531316b41c4fd4774a5a081f2c

SHA512
c948bf7473c79d0ff4dccef9ddcff3819adbdea7c2b96d3ea7be0c698b75eb777b80782302977015a1e0868e1804ed38a939e6bf5aaf1478367acd4595e3aa50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e29d8e2a1cc43588b4b464064081565

SHA1
0dc505b1e9c1fe2a988d5ae3f9d0969f0ad8d0ab

SHA256
af94c2aee2eae4d73402c76f31de8293822b8e33abb05e551966eaa60c662c0c

SHA512
13b781511fbafac9cab9eb71e5e9a1a429870854f74232695c6f572840026c16725dc8dee66902a0d6ea4d62d7f065c21d5ac5289bdd617837d2f8ed6f3f0cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a6f76acc58af05915b534b1377db51b

SHA1
60a7bbd01134f0dc999ad5f3b53b5e5e831eea79

SHA256
85cdf7f1cad71d426d452c7288230d4270578385b29c4d039e33e1115dd4b789

SHA512
80e6734e93cff285c1a85d05509eeae638bbca02c4b369f5658c59781b2a01269ba03d82e3faa2ea73f3414616fbae3fcdbad3b280e78ac71eaa6e677cdef05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8784019a8bf75927b530e9e61e94b684

SHA1
cb2dbdf0d355befe40440985c5f08a9219974b57

SHA256
eae27a25e3d6178809dd74ac97523104e92c2eb57c7cadbd5ba5eaa867fd0bda

SHA512
2bb6cb408b14674cfc62779fb030ed7143d9af323b8d943d5f44d7c1988545feb8d6c10bb9d61274a5f2d5c3fd04d3923db61880b8e64d7b6a539442984427e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
cbc0be9914243c48ffdbdc8a733779f2

SHA1
00773b694c58039f74832fc0d9a6ee4359ecb837

SHA256
e0ec5b8c68a2d453a3a66965b980c18e983cc945573ad53e3b7f0eba15eef275

SHA512
69795bbcb9ed788c1a039615b66a812986e207b288be6fc97b14e5cc6da4c8922f86fff553ea4da150d19ce002fea204b68553334a3322ad551b8a0cc16388f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ec0.TMP

Filesize
371B

MD5
6002e76e859c89b3a02c32ea2b4b3f9d

SHA1
795db3c9a76415f904d08558c2cfd31ce3ae207f

SHA256
f308dee706b8b4056d9b34e115edc4cb1af3747701e4735cc27faccff05da3b2

SHA512
d0b2d96b02a1317047b704a0868c932f274775ad2f8fe23f6351105580e0cfa0b1328f70eded347f7ac6983c83f433f3aedaf838c86620cfc18ff573a9c8cb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbafee86485a313b0a0c41934b14136a

SHA1
9ac4808ac99898c194cb1bc8b084c6ce5418f4d1

SHA256
168a70961cc054ee76c2b356c090fdfd695d635ef2dbf5f86e131fecfa56bd08

SHA512
2a6f447e0d1a68d14be01263e522583d54cc7879a36ed6d0ac7e26326a9bf822be017307fce7c92b8f5bfb5f3c150905f0f23a0ae6460b708db6498954400133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8460a99a781b9c17915cb81c02622f6

SHA1
0000150d878bc3697a1fd9907d0beffc0d4c3f93

SHA256
cc0e44b28a763445da02c8c11d7d2e81d5767f2b53fb7e4ccb2a880779c64a5a

SHA512
3c2688aca6ab809332eb7dca75e376066d6942668b79fb29f154302a8be110df7bec0dd9e46619a706e2ef684fb1caeae74fb9cc1277993512bc726e5f39ebb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8feeff77f1f557422768a4ca7e8b0b49

SHA1
46372e8876989c2132566d98be07907f46d9bbd7

SHA256
493c994ccdcdab332c5d9ad8b40af6fee0105fb945527282474ef93aeb50e53d

SHA512
5a1a7be8e701734ea29607e355a8b9e6cd47803cba687b5c83cb13f006a620b9a564d5170a4eb1effd9de7cc9674c7b7a223859ee59267364819380d33fb35cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7849a9db519f41b70829b0db96edf19

SHA1
c73e83fc3bc83be526ece8b97887b85f6323d097

SHA256
a2ba4a78ed4cfe456f3f52aa046707f0a60968a862e830e4e3756d675dcdc356

SHA512
893abe146028812b7cc60a1efd77b29f571793f1644346f59c2c5a336f7ca22276a0a7cab5eecfc049379e9180814a8b1fb84567ec202ec268a8b2e9a4273632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28eecea0511f7649cf66fa0a65b29603

SHA1
7f0c7bc0a3eb4674b2427d89aab204c7a33b4762

SHA256
3b0bf2d94181caaf2b4e1bbb45e0c07c3d451fc04832e32533c39c02977beb8e

SHA512
27d683a287ac9137a07af00d79c66f3a10722685d700de6d2a2be864ffa8b7920cfc12922024021d871a591968a0bc0e6057bc4eef70bbc299e91e8adf1a1d3f

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_r3nmysqdzfnw3fl2evty3qtf5hsihv1t\1.0.0.0\srmg4edy.newcfg

Filesize
688B

MD5
1b3ada0fdd06f798be1c03cb51b07db6

SHA1
da4de6b4d4e3660947059a20e966d01c40d8c2ee

SHA256
15f11b3764eca4b990052e1fdfbbb33025baa1455a35e80e5dfef63349ecdf92

SHA512
a3d0721cb04eebb677ae80b9738e65aa7c98e9797b08201c548bf1628028a4f3afdb92333703a20ed21cc2fd632733c26524b8d81d9502a7555c9571f3b933d6

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_r3nmysqdzfnw3fl2evty3qtf5hsihv1t\1.0.0.0\u1h2wp5d.newcfg

Filesize
687B

MD5
b18785caae8834f89e34cde89b93cafc

SHA1
cee194149b484295ddba88111a251986bdc0c7af

SHA256
105971bbe15f24f50dad97d466b55222e52dfdb4a71b1b3a6452cfba28a10811

SHA512
fb108e2997a0ea7bce21113118997f358d73a43a40e2b4b9962738cd88dc6d9dfc17e17e63c8ba8c5a5504e5775fbe9e8084ee8e6086cf0eab709335ed8b282c

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_r3nmysqdzfnw3fl2evty3qtf5hsihv1t\1.0.0.0\user.config

Filesize
311B

MD5
a35bc67d130a4fb76c2c2831cbdddd55

SHA1
66502423bba03870522e50608212b6ee27ebf4c5

SHA256
e94a97e512fbc8ed9f5691d921fdeddbff4cc16b024c5335adf66bff3a7a8192

SHA512
4401b234d7914afa860e356be1667cc5f44402255f7cc6cc3d8df80883167f6b55463e62156df57be697ee501897fac61a71f97911c6fdb6630272341ac8a07e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_r3nmysqdzfnw3fl2evty3qtf5hsihv1t\1.0.0.0\user.config

Filesize
434B

MD5
cfcf8e91857f364e002065c52ff8f91c

SHA1
8407ecb3c33a1f3fcf18a723e6884acf7e5a0f4a

SHA256
572dda8c7f211dc6a4efc7aecb4a54cb4e0ced1e4c9a4b9f96bb329c983c64e6

SHA512
364fecac3a051441b4fefcebb2cc9e38632f99dd04593cd5d9b148986afb09b195e88cdbfa2e778b8934564b76d04fe053f919f0a60769b023f2f753ede06d1e

Download Submit
C:\Users\Admin\AppData\Local\Server\Server.exe_Url_r3nmysqdzfnw3fl2evty3qtf5hsihv1t\1.0.0.0\user.config

Filesize
560B

MD5
463d2a6611fbb9f0657b8c8c9783f6e0

SHA1
9fbda301bda3be3c9c2362b08cf4046857e2612d

SHA256
31d89529523e9b788ceec89cb43f1d2d26b44829e720324facf0906251135046

SHA512
c2b30090064b389eed8f79429765dc881c74c83352c7bb6e81585b81e9df6010cc89150766e94bf5091279a54b50301a529af70ec2626e2da2a842040424b169

Download Submit
C:\Users\Admin\Desktop\Client.exe

Filesize
601KB

MD5
0b4fab860698029d06c44c1dbc0fc6ee

SHA1
386e9f09ac8482a3272c2f00be688af6d7dabd56

SHA256
9512b365a2f9cdd729abec4d76585f103f0c114419b53c2e0736774abfe98868

SHA512
66fd936d93bc0ef3bc41c164c268f5114e6c985997130c9f9844cef8c2cc05b55da581a9d7211a57d47df21ce8f8565931fd1b933ab8c57bd494c0860b254ce9

Download Submit
C:\Users\Admin\Desktop\Release\ConfigBulid.json

Filesize
1KB

MD5
b989e2d62df5d81e6a2299f97d93d770

SHA1
6751ed86d964602fb7d40ccdcd3030e276153d50

SHA256
a9206951ac956142382f26fb0150f167c86d321b1a6e24fffdfe65b4245dba12

SHA512
5cb2758b55e19824d6b81a6b8ab421df315da740e644153267c6d384dcf77ec5e0347aea9acf07fd3fb6702f81191878e3d4bb65c268afe4dca27825d7f9a085

Download Submit
C:\Users\Admin\Desktop\Release\GMap.NET.Core.dll

Filesize
2.9MB

MD5
819352ea9e832d24fc4cebb2757a462b

SHA1
aba7e1b29bdcd0c5a307087b55c2ec0c7ca81f11

SHA256
58c755fcfc65cddea561023d736e8991f0ad69da5e1378dea59e98c5db901b86

SHA512
6a5b0e1553616ea29ec72c12072ae05bdd709468a173e8adbdfe391b072c001ecacb3dd879845f8d599c6152eca2530cdaa2c069b1f94294f778158eaaebe45a

Download Submit
C:\Users\Admin\Desktop\Release\GMap.NET.WindowsForms.dll

Filesize
147KB

MD5
32a8742009ffdfd68b46fe8fd4794386

SHA1
de18190d77ae094b03d357abfa4a465058cd54e3

SHA256
741e1a8f05863856a25d101bd35bf97cba0b637f0c04ecb432c1d85a78ef1365

SHA512
22418d5e887a6022abe8a7cbb0b6917a7478d468d211eecd03a95b8fb6452fc59db5178573e25d5d449968ead26bb0b2bfbfada7043c9a7a1796baca5235a82b

Download Submit
C:\Users\Admin\Desktop\Release\Maps.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Desktop\Release\MetroFramework.Fonts.dll

Filesize
656KB

MD5
65ef4b23060128743cef937a43b82aa3

SHA1
cc72536b84384ec8479b9734b947dce885ef5d31

SHA256
c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

SHA512
d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

Download Submit
C:\Users\Admin\Desktop\Release\MetroFramework.dll

Filesize
345KB

MD5
34ea7f7d66563f724318e322ff08f4db

SHA1
d0aa8038a92eb43def2fffbbf4114b02636117c5

SHA256
c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

SHA512
dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

Download Submit
C:\Users\Admin\Desktop\Release\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\Release\Server.exe

Filesize
1.0MB

MD5
97fdf675692906714405d7e9bd6a9c61

SHA1
f388a87852ca61122f2563b9919625d33c7efe78

SHA256
dd3c72966f70692309714ec42461021fef21c26ad33b1b43e3232186b632a44b

SHA512
06f371bbec435746a876bb8127979c46fb1a21949c7f2b1f0e7edd4895382c5018113d52cf86485fa8d269f5c4b597c2739519db11b78bb7574638272ebf925c

Download Submit
C:\Users\Admin\Desktop\Release\Server.exe.config

Filesize
7KB

MD5
2083876ec03ad06e5c16490fcb4ab8b6

SHA1
b8f50f08abd53225c046912471dfd271a98cf15a

SHA256
28026de2c65972cb8fac1ff2865c33e24d1086f7242b2fe951cef172909ad128

SHA512
b16f1fbe8e10b66079d83a46818423fb2e2e8619cbdc1427ce0cd27f06092af52bcc003755e939320cf84f8cc5a26c92e43041013fe3ef60c7d73d8624ee6096

Download Submit
C:\Users\Admin\Desktop\Release\Stub\Client.exe

Filesize
46KB

MD5
1d38a7499142bad0522edfeb876116ac

SHA1
06376d5be754a1f04a688928af1db622f56b36f9

SHA256
176e444e759bc6d6030e1a1fa4ff99f69ffdb2602fb2c2b18e8ed7bc14f2079b

SHA512
c1a5ae6d0fdae81b8a52aebfa2695b00c4c8f56b3876f7a69e13d040801cdd824fecbb690f0f34772875f86326477ca8a3fca3e533253a786c0cd03986068eb2

Download Submit
C:\Users\Admin\Desktop\Release\Stub\UserMode.obf.dll

Filesize
136KB

MD5
16e5a492c9c6ae34c59683be9c51fa31

SHA1
97031b41f5c56f371c28ae0d62a2df7d585adaba

SHA256
35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66

SHA512
20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6

Download Submit
C:\Users\Admin\Desktop\Release\Themes.json

Filesize
33B

MD5
fdf6d963491b41d9ba798f60fe27ef8c

SHA1
4908bfc78d191f60ab583fe093bc579fd5ff06a3

SHA256
bfe1437218dd94ccd078a8683f59b65e28d8d63defa7f419b2cef81bc031a7bf

SHA512
96e5981739a3328387aaf80b6b6a071dc7a2135d5bdaa99b638527b9cd82eb514d21d27a26445a01082a4ba8811ac130a671690e51cf780fd66acdd3a12a3c25

Download Submit
C:\Users\Admin\Desktop\Release\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Admin\Desktop\Release\dnlib.dll

Filesize
1.1MB

MD5
508ccde8bc7003696f32af7054ca3d97

SHA1
1f6a0303c5ae5dc95853ec92fd8b979683c3f356

SHA256
4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a

SHA512
92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

Download Submit
C:\Users\Admin\Downloads\Release.rar

Filesize
33.6MB

MD5
8f8b7b49cb9e5d8ca07edee103c4afd1

SHA1
4327f538b6d8ac05ab2f7ab8637a6734830db3da

SHA256
1ce8df74c00786b111839785779d8d1f00fa9aada5ca27b16c650533a6ab88b5

SHA512
e11336c94a2a21be8cddb4daa48d410719b365846198e09940a6bb06db2bf5a363c60e78566af69c15a953c908f6f4eb975a5f9183109fb28131d5aa8be12203

Download Submit
C:\Users\Admin\Downloads\Release.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1656-988-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-990-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-991-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-981-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-980-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-979-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-989-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-987-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-986-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/1656-985-0x000002689EB90000-0x000002689EB91000-memory.dmp

Filesize
4KB

Download
memory/3788-976-0x0000000000250000-0x00000000002EC000-memory.dmp

Filesize
624KB

Download
memory/4036-911-0x000000000A4C0000-0x000000000A4FC000-memory.dmp

Filesize
240KB

Download
memory/4036-868-0x0000000009B60000-0x0000000009EB7000-memory.dmp

Filesize
3.3MB

Download
memory/4036-969-0x000000000CDB0000-0x000000000CED2000-memory.dmp

Filesize
1.1MB

Download
memory/4036-845-0x00000000058C0000-0x0000000005E66000-memory.dmp

Filesize
5.6MB

Download
memory/4036-849-0x0000000005370000-0x00000000053CC000-memory.dmp

Filesize
368KB

Download
memory/4036-850-0x00000000057F0000-0x0000000005882000-memory.dmp

Filesize
584KB

Download
memory/4036-925-0x000000000D280000-0x000000000D332000-memory.dmp

Filesize
712KB

Download
memory/4036-854-0x00000000061F0000-0x0000000006442000-memory.dmp

Filesize
2.3MB

Download
memory/4036-912-0x0000000009AD0000-0x0000000009AF1000-memory.dmp

Filesize
132KB

Download
memory/4036-844-0x0000000000920000-0x0000000000A30000-memory.dmp

Filesize
1.1MB

Download
memory/4036-855-0x00000000057B0000-0x00000000057BA000-memory.dmp

Filesize
40KB

Download
memory/4036-859-0x0000000008420000-0x00000000084CA000-memory.dmp

Filesize
680KB

Download
memory/4036-863-0x00000000092E0000-0x000000000930C000-memory.dmp

Filesize
176KB

Download
memory/4036-886-0x0000000009560000-0x00000000095AC000-memory.dmp

Filesize
304KB

Download
memory/4036-874-0x00000000098F0000-0x0000000009A3B000-memory.dmp

Filesize
1.3MB

Download
memory/4036-867-0x0000000009600000-0x00000000098E2000-memory.dmp

Filesize
2.9MB

Download
memory/4036-869-0x0000000009350000-0x0000000009372000-memory.dmp

Filesize
136KB

Download