bd405fe09db2c865f023abca1f512f6ab2fc2776a7e408ff344b1490289688ce

Resubmissions

18-08-2024 23:28

240818-3gegsstgpp 7

18-08-2024 23:25

240818-3epjzs1bkg 7

18-08-2024 23:14

240818-277qlatckp 7

Analysis

max time kernel
374s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSCE.1.5.7.Installer.Win64.exe
Size

23.2MB
MD5

3b9c145d2020380d4e52bcc4ad3b4c0f
SHA1

97fdb878cd6b9337714a317e6828152c37e50687
SHA256

bd405fe09db2c865f023abca1f512f6ab2fc2776a7e408ff344b1490289688ce
SHA512

28bc6ad65d660450406c678900a8babacb6e8ef5b28030d97a19a4c343c44211c800b56df4ae588c16803d7d38d0a50717bd4aebc609bd98da49eb3660e76c60
SSDEEP

393216:JQQ7JWPoRqRNgn6lxd8eAzAiFxQb/BKWjWIcymqpFISahr0MSVfTicMG:JT1WPoRqY6lxd8eAzAiF6jUwWxyjpTay

Score

7^/10

discovery motw phishing

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
4840	MSCE.1.5.7.Installer.Win64.tmp
1948	Moonscraper Chart Editor.exe
4144	UnityCrashHandler64.exe
4872	UnityCrashHandler64.exe
2552	Moonscraper Chart Editor.exe
4352	UnityCrashHandler64.exe
3732	UnityCrashHandler64.exe
7348	Moonscraper Chart Editor.exe
7360	UnityCrashHandler64.exe
5888	UnityCrashHandler64.exe

Loads dropped DLL 12 IoCs

pid	Process
1948	Moonscraper Chart Editor.exe
1948	Moonscraper Chart Editor.exe
1948	Moonscraper Chart Editor.exe
1948	Moonscraper Chart Editor.exe
2552	Moonscraper Chart Editor.exe
2552	Moonscraper Chart Editor.exe
2552	Moonscraper Chart Editor.exe
2552	Moonscraper Chart Editor.exe
7348	Moonscraper Chart Editor.exe
7348	Moonscraper Chart Editor.exe
7348	Moonscraper Chart Editor.exe
7348	Moonscraper Chart Editor.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
299	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-6L21D.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-GSDIE.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.Net.Http.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-V4N65.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-OB318.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-AN4IP.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TilemapModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-KML7F.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TextRenderingModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\StreamingAssets\opusenc.exe	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-028K2.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-48FH4.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Plugins\is-BKIIM.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\Accessibility.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.Web.ApplicationServices.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\StreamingAssets\is-OSCSP.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-9J0SJ.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-2G6B6.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-C9A38.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-42S56.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UIElementsModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\etc\mono\4.5\is-TPLNS.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\EmbedRuntime\is-LF2MG.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-JEAFE.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-4GV5D.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.Advertisements.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UIModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-NDVKM.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-07UQ2.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-PDBBV.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ClusterRendererModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-1S31A.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.EnterpriseServices.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-B5A7K.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-GKJMU.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-6KE56.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ARModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\etc\mono\4.5\Browsers\is-2VDK1.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-CP9QL.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-PSDAU.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-OI03T.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AIModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Resources\is-F4ARF.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.Core.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\System.Numerics.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-K9MC7.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-PL5I1.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-KTJJJ.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\Unity.TextMeshPro.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.VideoModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ImageConversionModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-V8133.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Custom Resources\settings.ini	Moonscraper Chart Editor.exe
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ClothModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.HotReloadModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.GameCenterModule.dll	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.Networking.dll	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-EKQT5.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-FNSEH.tmp	MSCE.1.5.7.Installer.Win64.tmp
File created	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\is-NJN6R.tmp	MSCE.1.5.7.Installer.Win64.tmp
File opened for modification	C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\Ookii.Dialogs.dll	MSCE.1.5.7.Installer.Win64.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSCE.1.5.7.Installer.Win64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSCE.1.5.7.Installer.Win64.tmp

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chart	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chart\OpenWithProgids	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\shell\open	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Moonscraper Chart Editor.exe	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.chart\OpenWithProgids	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\ChartFile.chart	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\shell	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\shell\open	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chart\OpenWithProgids\ChartFile.chart	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\ChartFile.chart\shell\open\command	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.msce\OpenWithProgids	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.msce\OpenWithProgids\MoonscraperChartFile.msce	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\shell\open\command\ = "\"C:\\Program Files (x86)\\Moonscraper Chart Editor\\Moonscraper Chart Editor.exe\" \"%1\""	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.msce\OpenWithProgids	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\MoonscraperChartFile.msce	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\DefaultIcon\ = "C:\\Program Files (x86)\\Moonscraper Chart Editor\\Moonscraper Chart Editor.exe,0"	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\ = "Chart File"	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\ChartFile.chart\DefaultIcon	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\DefaultIcon\ = "C:\\Program Files (x86)\\Moonscraper Chart Editor\\Moonscraper Chart Editor.exe,0"	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\MoonscraperChartFile.msce\shell\open\command	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Moonscraper Chart Editor.exe\SupportedTypes	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Moonscraper Chart Editor.exe\SupportedTypes\.myp	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.msce	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\shell\open\command\ = "\"C:\\Program Files (x86)\\Moonscraper Chart Editor\\Moonscraper Chart Editor.exe\" \"%1\""	MSCE.1.5.7.Installer.Win64.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\ = "Moonscraper Chart File"	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\MoonscraperChartFile.msce\DefaultIcon	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\shell	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MoonscraperChartFile.msce\shell\open\command	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChartFile.chart\shell\open\command	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\Moonscraper Chart Editor.exe\SupportedTypes	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	MSCE.1.5.7.Installer.Win64.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{B5F0A4E5-8C07-47D7-8087-8D7CEB461D31}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1628	msedge.exe
1628	msedge.exe
4400	msedge.exe
4400	msedge.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
4532	msedge.exe
4532	msedge.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
2904	identity_helper.exe
2904	identity_helper.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1356	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	4656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4656	AUDIODG.EXE
Token: SeDebugPrivilege	1356	taskmgr.exe
Token: SeSystemProfilePrivilege	1356	taskmgr.exe
Token: SeCreateGlobalPrivilege	1356	taskmgr.exe
Token: 33	1356	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1356	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
4840	MSCE.1.5.7.Installer.Win64.tmp
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
1356	taskmgr.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1948	Moonscraper Chart Editor.exe
2552	Moonscraper Chart Editor.exe
7348	Moonscraper Chart Editor.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 4840	60	MSCE.1.5.7.Installer.Win64.exe	87
PID 60 wrote to memory of 4840	60	MSCE.1.5.7.Installer.Win64.exe	87
PID 60 wrote to memory of 4840	60	MSCE.1.5.7.Installer.Win64.exe	87
PID 4840 wrote to memory of 1948	4840	MSCE.1.5.7.Installer.Win64.tmp	100
PID 4840 wrote to memory of 1948	4840	MSCE.1.5.7.Installer.Win64.tmp	100
PID 1948 wrote to memory of 4144	1948	Moonscraper Chart Editor.exe	101
PID 1948 wrote to memory of 4144	1948	Moonscraper Chart Editor.exe	101
PID 4144 wrote to memory of 4872	4144	UnityCrashHandler64.exe	107
PID 4144 wrote to memory of 4872	4144	UnityCrashHandler64.exe	107
PID 2552 wrote to memory of 4352	2552	Moonscraper Chart Editor.exe	126
PID 2552 wrote to memory of 4352	2552	Moonscraper Chart Editor.exe	126
PID 4352 wrote to memory of 3732	4352	UnityCrashHandler64.exe	129
PID 4352 wrote to memory of 3732	4352	UnityCrashHandler64.exe	129
PID 4400 wrote to memory of 3404	4400	msedge.exe	136
PID 4400 wrote to memory of 3404	4400	msedge.exe	136
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 4300	4400	msedge.exe	137
PID 4400 wrote to memory of 1628	4400	msedge.exe	138
PID 4400 wrote to memory of 1628	4400	msedge.exe	138
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139
PID 4400 wrote to memory of 8	4400	msedge.exe	139

C:\Users\Admin\AppData\Local\Temp\MSCE.1.5.7.Installer.Win64.exe
"C:\Users\Admin\AppData\Local\Temp\MSCE.1.5.7.Installer.Win64.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:60
- C:\Users\Admin\AppData\Local\Temp\is-ILD7V.tmp\MSCE.1.5.7.Installer.Win64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-ILD7V.tmp\MSCE.1.5.7.Installer.Win64.tmp" /SL5="$A0056,23410164,852480,C:\Users\Admin\AppData\Local\Temp\MSCE.1.5.7.Installer.Win64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe
    "C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
      "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" --attach 1948 2210630602752
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4144
    - - C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
        
        "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" "1948" "2210630602752"
        5⤵
        Executes dropped EXE
        
        PID:4872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4656

C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe
"C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
  "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" --attach 2552 2909805547520
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4352
- - C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
    "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" "2552" "2909805547520"
    3⤵
    - Executes dropped EXE
    PID:3732

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=y5ppvo.exe y5ppvo.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff821b46f8,0x7fff821b4708,0x7fff821b4718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10160 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9608 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11012 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:7412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9884 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10192 /prefetch:2
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13830840161654196234,793139366379016521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:7676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\y5ppvo.exe
"C:\Windows\System32\y5ppvo.exe"
1⤵
PID:5148

C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe
"C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:7348
- C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
  "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" --attach 7348 3240956268544
  2⤵
  - Executes dropped EXE
  PID:7360
- - C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe
    "C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe" "7348" "3240956268544"
    3⤵
    - Executes dropped EXE
    PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Moonscraper Chart Editor\Custom Resources\settings.ini

Filesize
98B

MD5
74df616f69ca651d1f01f0dcc9b2b689

SHA1
c6f6a53d169d685895cf4587a13428d93ce02bac

SHA256
b362080c611211bb23e96e65dec500d06f744b37375fd4655412c32459e74fb9

SHA512
13e6aa62b5d409198edfb8090794c15afd75a9bc07081456436a90ceb60c98e9e8b76e0bc608188bb3e87e69fe206705cf5109d84f2d4010b70efda0c5b459b4

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

Filesize
4.7MB

MD5
d3884519e34d1a1eb1ac95ca63bc471a

SHA1
29c6ef8d930c45dc07712753f07fc6c823027fb9

SHA256
ec73cb5c4ab75e91efd224256f1b56c0ed0cd5e112d552befd807bc303a78da4

SHA512
08d4c1d7980bec4bf8b64b5581fc137d810f151a1f6c2b1012b2c597fa6ae9989dfa967a21485d1f28ef02af35684469e0a72c9574c8c4f3f6a986e9f2e22052

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\etc\mono\4.5\Browsers\is-2VDK1.tmp

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\MonoBleedingEdge\etc\mono\4.5\is-TPLNS.tmp

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor.exe

Filesize
635KB

MD5
6eba14b1a7f1c151db2e3b4559e69885

SHA1
92d094b3fe9a2186eb86ef5b7d55cc0e3423bd97

SHA256
7f74c9553af4e9b65339316258283043dfafe58b4b1ceb8840f76c415675b242

SHA512
feda3aa4e9934e74d288a9f336deb7afdff94fd1694192ea748bc87af38ccb486356a278d081973890841530e1bfe37bfce8209d7e99c8caf022587bb2c8e2bb

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AIModule.dll

Filesize
41KB

MD5
bd4673f05f3c953a25022c0b1cf414b8

SHA1
3f7530453feecb09f2a290d57c0b5ae18965dfb2

SHA256
b1da9d28c0cfd888b82d4ebeae413d2dc896894be0127aad425e5a013a850ec1

SHA512
a83d68bb3778b663add7c6972bf5c00a2064cdcb094604d0c0472288ef02396eb9d4f01754c11c2918cafcb538ff58884dd75a02d61accd1acc3b05393f4a3e3

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ARModule.dll

Filesize
12KB

MD5
6b78ff1a02fcde27eb26d91084db225c

SHA1
d814a52287dc0b5fc0cac2c304424e9707979050

SHA256
26658dde476c8a01c4084be41cbada3e368cb0dccc0b3fabf7be28b1e82a03fe

SHA512
c2b90ab43905986e99df32beb03471dce785da8c40f0ee3803a67b778ccdcf2b593d5279dfba758d41a6ebde34d9f6d7dccaf73260696d825efd4573f0be9746

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AccessibilityModule.dll

Filesize
11KB

MD5
f00b4d28eb3c6e6e05ee78d65e1dbc38

SHA1
53e76244fe2c4d0be980c8050104853a65721e4f

SHA256
1bae92820cc1fa9064e40741e7c2fa77695f7bb17591b859022571a667bc19a4

SHA512
b9ef92cbaeade886e2d4b861c236319128a9b19d07f9479b4b1fbc4d0ed2d9efa77538d37f9003d53c97defb126417a4432694a6824a86fb70bd07910f90d27e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AnimationModule.dll

Filesize
134KB

MD5
f7e08d0d41a7c8788ef4bbabf529aab4

SHA1
bdf28cd86e80fb4a64d0ada4bbdc608c45442074

SHA256
3d0c210c64d1edc17a61bb5bef42bd54061213c07dafb2743dfb58e3d6985e85

SHA512
07bc7a46287bed09e1d7c9dae7c2e16818344f735a99f893dd9ba618600b4991e95e6573d8c6ea184f276b00feab577814b71bcda70077f3a0cf0665d6c0fcff

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AssetBundleModule.dll

Filesize
20KB

MD5
5c7b06f11c7c2110e24ac1743537161a

SHA1
708fa044f948e8f3dee2e657fcd77e1c042865d9

SHA256
0d19ad51169821736c411e5dfba7a1f17de92897561de596a650d5a631e7daca

SHA512
dc63988d03477cd7fb78e1394950ca0c1efec90436327120935b6371942cbdded95a669fb695118cfee80e34d34e3a7fc23abea964f0cf0484792cc1e185c0e7

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.AudioModule.dll

Filesize
57KB

MD5
ba75558a156f78fbad78c931f2fd4b58

SHA1
e0764dc0be0909ea4e3914017d03bee85c49c469

SHA256
43f60142f131dfeda0a6bc4c867cf3099fee22107a7eed81d111047c5df71395

SHA512
9f830abefbcf6cc71fa774eae59ccbaaedc1ec985a574398d9b6e49eee5645e49691cd75e75f76fbf5f2dd54b07a8af733634334f2041ec98c0f5c7a534f8d00

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.BaselibModule.dll

Filesize
8KB

MD5
8037e346f6345dc634e4a2978396422a

SHA1
298089253c694e7a9fbf0c3d3e3d03e913fe9608

SHA256
78bd4c91a06bc7e5b5794389f4ec0e0803f548f9df582594a19e63980dec652d

SHA512
887279510706f85367fd4784540820ce5975245035502429c1f7bec4e6642b85166f8905212986baecc3589c26042372cf916a77b2cd703fb6f7d4934fec9465

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ClothModule.dll

Filesize
14KB

MD5
8b23423958a851d386fb1700e0a23ee5

SHA1
c2ca23f36ac8e0127490cb549c6e7526418ef9fb

SHA256
c8f6a15874dfd3f47288d0b270f18930fd8f473c381cfccd19967afd3b036c95

SHA512
05e42dc95b1dce8f4c494a23504909ea1ee9f0c655e3ab88acb57dbf88aa3ad2a41c58418673ed210817b8f7569bee6b5cc69a9da6b112c5c65d1a7c1b581721

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ClusterInputModule.dll

Filesize
9KB

MD5
1157635e8c821acc0980634ebfe99bf6

SHA1
b782dc2f2635c4ab230c42804090a3c5c43ca95a

SHA256
8bbee5536ce442e0435bbe082ec9c592ebaf204d24feaeb2b8e18d8fb097a141

SHA512
67658f95abbb0e32e0af600e19571194f631aa54c17da9102e55c5b6105a47f051e66afeea0f4f60f17ad642cc3a1fb7ab1168b234d1cdaaf85ac7c90b456d3e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ClusterRendererModule.dll

Filesize
8KB

MD5
d5538e7e4d0699931bc59df73bc5bc12

SHA1
95127d8c057c81af6201595104dd05180ffbaebf

SHA256
06abbdba3a0b7ba0891b9b63ce48f9734da7c714f0ffea9d0e7714ab26bda7f2

SHA512
4e32e351dc1177b5dc30009d6fd9ec5bbe1ccaf4a4c40c2c0a728246ee16755f95088f627788b86ce914bf5871388b820e310e1f50fbecbb8b975697d89329d9

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.CoreModule.dll

Filesize
828KB

MD5
cab906ff5f4bd4c84fd99eae80a32f04

SHA1
8c59531d0661bbab6e4e6303c03fad59cbcde054

SHA256
5719442462d182a18e61267c27cca4d2781ed8e59bdcb87b5c44cc4eed78821c

SHA512
15ceecb0c6e69195a4f1356e464c21b4d74273c88f64a105203aa0b7274143c7a91e48eb5525d190abea0bb397ea03368240955105effda99685f4e6c0f0b228

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.CrashReportingModule.dll

Filesize
9KB

MD5
35724caaec5a6b5c81a4c06db5e05be2

SHA1
460597033c7dfca940a823190f9821620b70444c

SHA256
4c57e2025795a5c31470ff994512f414f53cded833b984e024e4553b85704702

SHA512
c6cdd867613386e40c93e2f91197be7bde8a337df6d317e302f595ea899f465dac2733f6f7d3510c53cf6fd9b07f32e12933581fbec6e163674db24e246a3869

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.DirectorModule.dll

Filesize
12KB

MD5
8e0221abc1e1e665d99cc9173f562a50

SHA1
01f80e6f74f196e48be01feb8ab4c25978609a5f

SHA256
8fab0d579ac62e9c81eb31d85bb92c9dd5ebfccdfd683021057f9cc7116f3e79

SHA512
cd6043f38f9d13ab58d0a64c42c78969e694644fe6839da2c82264824cb6cbcab9ff7f104fbcc08bb3680af57d79479161a4a3fd8963da8e342fba0982742b92

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.FileSystemHttpModule.dll

Filesize
8KB

MD5
b2dd5fcea0f99e3ebd3e529cd5c110e2

SHA1
51dea888e8735f09a9dbc63a3c18b3eb6298c694

SHA256
a4b0e809c6083e585543e6dcd744551adb273564a7c362c27e411a37c7f84b53

SHA512
bc3f2c233645e2fd7a83397c35eab6fd37979aaa7dc3418c815a4db7a3362dc1817c62e9410f8ba72ad4d1397170ff3481879fc7133f74cb4bb2c6e3d5006db5

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.GameCenterModule.dll

Filesize
25KB

MD5
20d56d9e1915312879bb336f7bc139d9

SHA1
056da73ef87f72d0f5a896c7af582b3c7592e7f9

SHA256
febc09b16ffc8c60abbb328c290cb7f6c3a391872b4b6b9efc71470531f21ecd

SHA512
6941e33dd706267c32940ca08d0fcc0e8f2b5f1cc50cfc8da89f4313d6b79473393f5fc1743c6d53f4fe4a6314f07e81cbe40db0be4f491d439144ab7282d2f0

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.GridModule.dll

Filesize
13KB

MD5
de79c926754687b06d0dda3be949d211

SHA1
7cbd19e07cfbe1bcb411ec64ce26688da4d079eb

SHA256
9a7d9420c235cda6f58b08a251bc7a08c4ca3c6eb6acf1222800070efba23f69

SHA512
7ff767f05235e88eae057d5366d455656b54a3267ad046926b9b904e442bd81bf46e0548f97c964f5f94c37cbd36d26ae62ac065716c5eb10cc5bc5e2e4e1dd8

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.HotReloadModule.dll

Filesize
8KB

MD5
cc219d0e709fc442fe1ae441ea7642e3

SHA1
babb91d584c6b3e31d5952b430ee517f3b20bebf

SHA256
a84ce43c2b8d9b049fbf43ae5b44a913e5db0b3c2cc2ecfee22b28fc133a8f96

SHA512
5eff1dfdf0e6ba7d4f813c378ee46dd6bb4ed2cac6a0e06d76b3f04d2a94dc78cf0def74c9c8b16b02d394b01df79cb097c5a85f2429a7bbbb178b3ac2b9849c

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.IMGUIModule.dll

Filesize
143KB

MD5
1c9470b836f090df6258c9df2e48e827

SHA1
360fafaacc5ff6cdd93018f02a9a5a6212eaf3ef

SHA256
095f5b06cd67ae616afaaa6a1a768e5cf840df7140bc279e26b21438b5ed877f

SHA512
310ee701e90af6b839d480be135d7d6cece944080edcb7ed35cdcd204466127dab270c2bd7bc8bb747d1691b14d16e5ed1fba24e55d3ebf2dd5108a974bec5e0

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ImageConversionModule.dll

Filesize
9KB

MD5
fae5abcfac04ef22a3731aebc5fa299b

SHA1
302566fd8cb4c84712b7920e7a260ad3018b222b

SHA256
37b6b15d45a576483cbd6b8741d6406f4e4e86b2867c4340b53b09dc1c00bff6

SHA512
ed34071d53c7f44a22ca213c91d229a7e311fb9614dc438cdac15e745d0d0cf638a1a6a1fb0e602d03d0a9ba9844b48ea02ca9bb330d82120591a9ceb084e211

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.InputModule.dll

Filesize
11KB

MD5
fe1037f476878272d866f12882a50150

SHA1
d3112c3d545bd8c490fbe6a4c12e9a9edc1f948e

SHA256
0475e206794166a336be6764b97cafbe09e252df97b96ee44f7e1108333a5a40

SHA512
8c0d26f579eb463087df5b7d1b6251b9af14525b2a507598859fb7a17f102448f6d24a8bb4cd57c96a1aeb2e6b42e4b5fa1aaa1c5957ae2de5044a6769f2ac55

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.JSONSerializeModule.dll

Filesize
10KB

MD5
4d445686a2e69d5f79cbcd100b058e69

SHA1
b1bfc617a9038b6f7e7ce503f026e34d26b87a9b

SHA256
f1d5379d029c3d474e63eb2d69aa685135c619fef3735e4cfe2f00cc48e9851b

SHA512
3a159ae54a75be5cd4c2aeeb9b5f1ac2930998814864e6dc4d814e2ada6b9361cf556d1ac864975cda63324cf2a6a9418906b1ea33642427dab76a71ac567ecc

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.LocalizationModule.dll

Filesize
9KB

MD5
b5813da35fc00856f4f926e32c8d799c

SHA1
07d85a357843b045ffc70408717255910b480d69

SHA256
be6e9935ae3436c191f735c77e35170ed5f6249a2fa0870f43a9e46e0adf4928

SHA512
1ef229f70462fd0d7b4be44ed2ee08727ae5a11be940807f8e8579d3d0bc2ccdd87d477445b443bef18268f523ba743156965d8090fc4c9c280dd59d9d06aa2e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ParticleSystemModule.dll

Filesize
125KB

MD5
66d6195fe2e4d77af88e93c3d58fbf62

SHA1
181255c2bc5c3e64cae5feaa5053f83f195d4a9d

SHA256
fefa536c24f527421f36c143465b96277e84cbbe15ea51aa09c33d1b3a576259

SHA512
f8d4094e2a85974910d830bee68d857216718a12c993d06763e0df47a878cf4e4a2fa16bb5c183cd9d9cd3b81d6650032e96a9515e444de186e076d4143a711d

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.PerformanceReportingModule.dll

Filesize
8KB

MD5
255d5bc915f622d00fc36c7362d9e073

SHA1
c42b6f50d0521f0da4bf0b733b3d7e648e4b050b

SHA256
5eaaf01d0a6653016c3c2926a8b7911a716029097db393e61d5cccec880ada3e

SHA512
6f7ad202111c049372f15d836200ac71a06074c312f7e4153519fa82e5edc1a19c4089736c1d9608fde6f7e84adefa1f2588346663bf5f1281e66b06d88dc7d1

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.Physics2DModule.dll

Filesize
91KB

MD5
6c8a2df9293d1f8811db4d8c5df69021

SHA1
7fdc60d8aa4f78c5070143aa5b1bcfbf626c4b8d

SHA256
c661c60a94dd9e2c56920d480822b5e324badda81e939c817deae26c04df0b20

SHA512
3ad9fd84b266d1a929fc8090c8c5e027106de18838c7fd25b570cc2dfb3cb5b5ac10371b3a04462ffaef2941e893359f80db0a1c386f3cc8bffd2f85a1e8f585

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.PhysicsModule.dll

Filesize
83KB

MD5
c55112bd91902e941504d45f1fdcd8e3

SHA1
0593d17e4bd5c3f2eae9337afaad97144c25eed3

SHA256
98d99566cc16f3da3314fff3675fc966453640621499c10c1c4faeff6d6bafe4

SHA512
a791e06c77aa645465a44b48e7c594ed461e18c563d0ec6a6a81bb2a03817968d23907ab99fed96dde7b26c7466cee9cb0f1c62e60327c506f9ca1001a354568

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ProfilerModule.dll

Filesize
8KB

MD5
50a5dcf70ecd101ab68b6d9c49caec54

SHA1
42485582ad30e0f2e805d8753f2640b1bf072f69

SHA256
d3e5217762cd2695b76f65981c0155a5d99e9e28e7626c725eae10e4601567cd

SHA512
d75b01f1d56176aec9e05ca04cf394fcb9633ca9bba50b681654ef13609e1d94fc324997a7a8bf8629432ae32df48711a04daf3494bd2f87e5a819de14fa46cd

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.ScreenCaptureModule.dll

Filesize
9KB

MD5
21b716e5ace608c2b0415546b6817ffd

SHA1
53eb487a0359c4b1e933e226e459652d443a0328

SHA256
07ffb54d68648e66408ef7d65a9b84033c45a868113db7f845ebfb3b473e14cc

SHA512
81c693804c710f5e3d34d92de4566dd59a2e33bb95f12b22bb9177bd97e1caa3e24d8b6060b1ba72195492075fc8e8a57851d85ac876f184f777f129c80cc7f2

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.SharedInternalsModule.dll

Filesize
19KB

MD5
e8a1d709acb9b8a7b9dd7768c312f3d0

SHA1
d6bb400532aa7ec6f2e8e420dcf8096660f43a63

SHA256
da8763f3e550de21e497be6b94e7adf8a2c141768b22a031fa126050e508eafa

SHA512
09aac2e3239836b4759003c1ac5d54e021bdb85b4db8f5a24d807607eccbb23705a3d94ccba9a2ab00cbf1eecd3559ab3dc4a5b405f7f52fee9d46f0dbc9b6f4

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.SpriteMaskModule.dll

Filesize
9KB

MD5
6398a1c430b3d78120ef714afe38b750

SHA1
6af671b630a15742a3fdcd19503e8c6a87a93b95

SHA256
6ae7b46beae6714ce87eb233400cdea5e6475a0bcabd461d8eac92917202cf86

SHA512
30f96a956a0fc44a3b2fe2eaa0067d636e854341b920e2a59fb728a6cb7142907d286d86d0e4a590b32fe5f2e0cff3d36c4d03a0b27b2d51cb0b615c1ce6537e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.SpriteShapeModule.dll

Filesize
9KB

MD5
02d7b08f7997b590b34a1624d6f92d3b

SHA1
78472c5af151963a49a41d6cfbc8754c12320241

SHA256
26f365554e8341350ef0eb445bdeb195311cd6d72cae8e4d2ab8cfc3e5e34660

SHA512
28d08bbf811d93db3ec4fe513c4389d04195f280fcf3bb85945c2647bdc187c19bdfa4dfa6b80ec812c62cc588a4906beb64c3da53ded5e82b8f8a67f78e93bc

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.StreamingModule.dll

Filesize
8KB

MD5
7442380b0b8a71adc47c73cb21955c04

SHA1
c2256a4689b589899650b496a8f5072b1477f683

SHA256
782eaa1ce41adfa951eecb223c0797130f156fc1526a987c40bf14474465d613

SHA512
7459add589f2f8767a495e129656294bf064638dc0015694a0b1667ff19f8e185683cac5471e5dd70bfe1f2c87c94629df40ba9338f9dab44bee42cc549cfc86

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.StyleSheetsModule.dll

Filesize
16KB

MD5
435d753fcf8427d5e34a9f64967dc50c

SHA1
371db24bca7a852af3daab5a4c736c25056b4838

SHA256
c2f23fdeaad10411a17b57f5f1ad7fa40141b6d3faf5f804dff95bacb08fecb2

SHA512
d2d320a8f46fe2372d895d2a4ebf544b2f33cf33b5a3ac471cba942688209c3a2bfc778108b6436ba1d0b76c78c95742d1fe8090f026dc3def35dfec66470c7f

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.SubstanceModule.dll

Filesize
12KB

MD5
616ff262a2da66de7b66e4527de8ce14

SHA1
4784123523d9dd8dc711d9606693003f1fe47dbf

SHA256
1b4a3ba5ae524811f50e51ba187eb3a532283116602fad40bc0721b6b3d831b6

SHA512
2cc7027de75047a905bcfbe5c1affc46c80cb818735af252e1e9200cbfe2788cab22565141dc5532584abbaeed50d8e10bcb3b5a9000d10bed8f61b0e9f9405e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TLSModule.dll

Filesize
8KB

MD5
9f1d7c09f9fb275515ac7e34a2746bea

SHA1
5a9c50e17124dafc78973784e0697d5f6099e801

SHA256
e071b7776c5c662bfc914ef736e49b680ede163abdf85d6a1eca59ca853e9ed6

SHA512
60faf6da856b65c5469453a2d277ba2d28d3b3b250bde08507206d9cd181c2a4ae50728174c47b031c59b0115f8df7b484b8880550d434426acfe52793d5dc50

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TerrainModule.dll

Filesize
61KB

MD5
34580860b5f1d9f70e54c217b047de77

SHA1
665cdacd655eaf77af40b3b9385721f9913e1b58

SHA256
a309d349903466d807ca346294e940357504265669678afd7a4d9453aa179791

SHA512
1c9caf2f5b0f1b5973043f286591c5b786c55cf67f3fe6035524cd771e2301f6a4d3c5941723045c1be0875da277ea8572925767e4270e43b208e7ee8ba6bc96

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TerrainPhysicsModule.dll

Filesize
8KB

MD5
ecf601c7532d467efe9705923e1186a2

SHA1
db7920f49fbd7cb8321a84732986885195044d39

SHA256
24cebd0be6e720891d95b9dcd22554c5aeb0050054dc2f0e7b431d9f06e44c1a

SHA512
d9a9e15d9fc7bc6ab69dee9e189bbe55048209677af17ac400b10088b28277a536b6fa62a4d03a559c5a4c61b601596dc1790834f97a2e9fd41be3276a80f0df

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TextCoreModule.dll

Filesize
31KB

MD5
e02ec4171091d2a858ee9e801bc7a14c

SHA1
8c240bcef906078e5ae2d9322ccfd9b52fcd400e

SHA256
c7f05dd733432ed7da762bd28f020f39fa2ebc7e91bd9638691318ce13256723

SHA512
8d45fd0895813f79830f249917cd8a08acb37963f8734affc1da2532d4a741263bb2c79b54f674bfe7f469bb94f15c90e8d5b43f0d3ca85726da34f4cf24e625

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TextRenderingModule.dll

Filesize
26KB

MD5
b7e9c465e2be7628aa9c4c2bf26109e3

SHA1
a7a961d9c339812bfe52349dd98f70608e368b90

SHA256
cb9fa16373a2031d1141801dcab5fb59c6c757b2a6eeef7d6c290f5464f9e4bf

SHA512
01cff5cea7a9837ba78672d1e75ec105f0cf0daadb55654fcfcfb8bcc045e9684d2b09884de052c3ef6451a0bb94c52995c449868b6c7fc8c2e4f237170466cf

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TilemapModule.dll

Filesize
23KB

MD5
6efaeda79e436179e4537dbcb1e30344

SHA1
80ad689abb04c669dcbf2ec9d68f2c40dc3c9a40

SHA256
f36212da0e0895a2e54eb9eec899d45428784307527e27a4482fa2bf8bf56efc

SHA512
a79745c6b986651c16125648436438768ee6ae84ba0863fa2a7ef1c5bd1f5d188f9206226b38357fc4e3c0a5b22b3dbc0eab1ac76f43d3de12b391243b58fbc4

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.TimelineModule.dll

Filesize
8KB

MD5
179b4abb939257c6c9527c2b755f68b6

SHA1
35ac1e5374521a0839f19b9b6ef9d54daddb9230

SHA256
322766e6162bb897a7d42dc6f14f52545d5f6114535d212f0c94e1bc97606742

SHA512
0ad15d5794af7b58b0a675ec0cf57c318f2cf708b3d97ee1e535b0eb4a07f840ae94764161643262b36908ba2ba52f00abf56452a087fd6782e75c923aa7217e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UIElementsModule.dll

Filesize
343KB

MD5
f3d6685d6229fd70157555c613011f40

SHA1
07b6fde93c182570c9051918d119b74ee3a59df5

SHA256
e8dfd1f0e14b1c4f1a47eef422aa12aeedae1732418fe33f2d90a16944d53ade

SHA512
1d55b1cf8b590eaed1b9dd9a72c85474edd2a00b82f7857d3e36853caa0a6ae505f556ca1cbe0e6558d8d90f587b9b43268bd17321470b62c2446b9b59e9a3e3

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UIModule.dll

Filesize
21KB

MD5
d04302511d4700d3ed12bef552a4c4fd

SHA1
8f32fba05278afc806c37f4772f2878b97511b70

SHA256
03f321a483644d6c9cdb4f42d013fd30c6421af0a1749140e113813874172718

SHA512
b9e46018900d8d0bed3a282f6b98de13834363b746e821394d8a154754877c962e78978d7253a99e401be4050be630b1594361cd02fd0c1f3a588f1571ca7ae8

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UNETModule.dll

Filesize
76KB

MD5
45b62ed9faaad280463b99f4b5172405

SHA1
6758dea188b8fb92fd812981209f3058bfe6186f

SHA256
abb2fd9936c5076966780c15bea961191e411d2086d0626d95d5405c744c8006

SHA512
d0289cef884537c21beded83a49f4e8cdfa501889314177ca7c561c3b3e9d19c2fb45eb0a3ea93d0ec1b56f6a64d26091fa32d8e901a9cb958814bc38183b326

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UmbraModule.dll

Filesize
8KB

MD5
6614dcc1cc738b9da59029c9b09c43e0

SHA1
5692dc8d0b830d35b7cb588cace5d3a8f9285183

SHA256
480dd9e94da370eb4061f5e83ff062dbccac6d99b67e14a92ead203323a57e42

SHA512
a06ff4f9df6480d4c6ed14f9bcb5ea910f79037240897b8e4d31c77e12d51994d6ab6d2e8ada9efb28b17c1eb11aa9674874df6f21f2d35a172caffbfbd6ba44

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityAnalyticsModule.dll

Filesize
23KB

MD5
73a0771433a4260995f7d9064751c9b6

SHA1
b170dc7930441d529fef99de91f21eba552719d8

SHA256
5c5d31811dbf82415192a93b8ab7dcef075517c5aea04dc73fa0d9168933f0bc

SHA512
927832d1af006990a7e579d4958245d90f96c19f01dbb515651d6f3902c0c6f9610696f754d4e6dcb4dc7dfeaa1d83e94f5104dd6533399b6e24fb1121571e47

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityConnectModule.dll

Filesize
10KB

MD5
af5c62b5768f27bb794964451bb0f3b9

SHA1
53998013ae36e4b58b4b7ff3d727991067864230

SHA256
e9c91dee0d4e9da8e8ff0f0673fb3279b39ef9c8c48a2944329917989b369d64

SHA512
0674cfe73fbcfe6920b137a81fd6379c9d09f264e5254658a7a55bfddff0bbcb58ce95f23a9d192258576470e37b3e556bd44b28e6b46949d3d6324bc11c5ac5

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityTestProtocolModule.dll

Filesize
8KB

MD5
6f3db9782ecb8c582e10b438c800d0d5

SHA1
a360f9d5e58e6ecab88499c5ec5a6ef28f4f9056

SHA256
39dd949b2d2558b785d9c39fc1144869d86e03e78483a9ca8dbd86ded3f1f415

SHA512
0c06bcd73b2a44aac2878c62e016b735360ab27dc3b334af91695910156c0fc3aa5a4032b06b347817668f737e39857d8b5f6b48714461b63726789caa9329bb

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.UnityWebRequestModule.dll

Filesize
41KB

MD5
a32f337c14e7bfb2ea72750df34ba389

SHA1
6ae8cc0ef16bb47fe216e1a73ccd71c4c337c14c

SHA256
c187797b8740806c9873447165eaeb73f378b2671aea0cd18b064156f1767f13

SHA512
42e56e6d4821a394b0cf9d61c195b0f13427e1296cd7c850f80eb3e8801d4b9f8a564d1c3e09b5f33a7803646f8114852864bf6a6b9b2b2168827d29cdbaf9f7

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\UnityEngine.dll

Filesize
70KB

MD5
c8f33f83402c23694f6ecafacabe9de2

SHA1
c001db8eda7df93e51a99d73b21a21fa16e92faf

SHA256
3e075463aa1a50b3c176ba629d0c6de14ed17322fddf486d0a2d3be3f96148ea

SHA512
cf4421666560c0ece53fce77eed272848fdb19f4dc8cdb7e5ca48bccc95e8cbb597726cbca95df4b9da16e2e333866e1a9390318f9d30376f77dbc774aa234d8

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Managed\mscorlib.dll

Filesize
3.9MB

MD5
6da7e8c87c2413c46e9d9caa9602e430

SHA1
40898fa1a75104842f3f5298b2e5fcb3215670fe

SHA256
4f2293adc32ba4fb36bb830ef4e2481b667b701dc2ee12a516487087acfded10

SHA512
a65ec37a62a6b8b7d95ebb67653375c0e73aeec4a274295d1906be17585be71711484d0c02483a07fed98fcfb76e9a09e47f1eb46f4df09c76ad2888feb7bb01

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\Resources\unity default resources

Filesize
3.5MB

MD5
3881a048d6ca48f04fb01b5afce9cc7b

SHA1
f82ab6be14fd7d05a3414d8e9ebcb2ff9e4b9d2a

SHA256
15150be5e88a2675beec66f1217a31ecf4593628799e86689db8d4a9c43bc7e5

SHA512
d909503f884aa0c50bc0fd5d18b7606c5ba7d632a0183b4a476586740f756aadbb94a1d2daaa06435a1b3b0267616e3c75c5b671550082b0bc1caaded13e1320

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\app.info

Filesize
36B

MD5
c52c75f2c4e05a82fdc41b967f243ef3

SHA1
044b6ed338c81b03fe93cd991cc6f27f65a0969f

SHA256
bb505a5ff37b224e267ce2fa735ae96d98df61d81d6af8b624819be3b0240873

SHA512
e8f812a46020cd2650464a3e2a842fd8f062257bc2df200bbcd6695acd0d581166027650aeabcde536131c7c470a7126e358e2c1fb0dfc2d0ca107fe7e0ff317

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\boot.config

Filesize
124B

MD5
ba714ac4297c71af1e2b6e8bae058846

SHA1
7fef4767f0aae92f20b32e7f127afbbb2cb8dac2

SHA256
bf29ca5c386eab01baa1ba8afd0615cb13e881f88575c28ec09c873035a78eeb

SHA512
2c5a568f2b9c4163e381f297fe6a93145339fcf8f7104c6e31f3bb198448c58221f2ee42f6aa4106620b41cbb0f1438a0c20bfde1e63c3b1adf2e5dbf2a0e07e

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\Moonscraper Chart Editor_Data\globalgamemanagers

Filesize
48KB

MD5
ced78262740bab9f37572086328c1b9e

SHA1
27356378b631e9a6c67907194d44968a34db3f3c

SHA256
3fbbdecbc11e5b09d55cba8950e207ed531de29227a961f935f006d33ebc5e98

SHA512
6dba27d5112f49ba5edb49574308f1854f5ac48515f8fd18813919df91342b3e58a6ceff5f976ed620fc83210c9e3e5c70bce4e859aad24ca5f55af7f82bee38

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\UnityCrashHandler64.exe

Filesize
1.4MB

MD5
62dc630bdc44ac2ecfad1a70198d5da3

SHA1
3653aff1e5a752be64931b806c42b4162b949db4

SHA256
3cc173267c3c16987bf0f2c017763faff122370d958e5b4034f67ac38a212f80

SHA512
adcb2694221670824270e4d89c892f457f843fc36c2ae7ca1c623c16fdba42d7f7e8c6788221660527dbc4f15b77d1edf8f37dbd585f4d667f0cfddf37640d4f

Download Submit
C:\Program Files (x86)\Moonscraper Chart Editor\UnityPlayer.dll

Filesize
22.2MB

MD5
fe10756a3f55b30fb8a7db5b8b4e423a

SHA1
1c9b0663d62a45d6d3645ac6d9cee23c27ddff57

SHA256
093257e3ea5dfe16674e3f134210471d9881fb657c22c85f21c8e41ca818e19b

SHA512
6a0765ec53e15a726c12c7748b0f8656be8d3fe204873283613f206d699cab018fab487eaa554fd915a7cddff8ac1a630a47156039f83dd52000d43c12f64242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
78KB

MD5
38024c03c46ec35f5ff7160efb4e1bdb

SHA1
a2cd0c373cb80cb737ef6840f7d9ca95577dd1c3

SHA256
0dbf292317f6be6954fac33f64394e59fba69bae32bd8a7b210dd7380b8b8c83

SHA512
f8ce539008e22d9c6ad8476f90ddf18017f5a6bc736599ed966c0132f1e5a7cb920e4bb3d21697852bb34fca9cb3301288035449afc40b8ce6ac9ac038975f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
27KB

MD5
46e6043b3a70e5986f0b72a748d9e3e2

SHA1
5d3ac460401a49fb84286e0f8b9edf6167530fa6

SHA256
171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005

SHA512
c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d47b4383b6076c5037a4cc6a5f9fcd34

SHA1
e8d9d4de16fc6d8fd430148343498d8754f76b75

SHA256
47c183aab7a12a21ab60a9282ad635daa6ae5ed7f256addda7be76c790322f65

SHA512
25a0b9f61825ce31c2b98a32ca38eb8489ec883ca6047261dac93a6c8820e62213ae62ac7b43040a65f3927055927f5b5d6a7e4eaa8535459b6e14668497c08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0c9ac804cca5592da89b2194b5a237e5

SHA1
a9d21146ab95ffbdbfd55e2e4b8fec604d10c8ad

SHA256
92a9483d44a7d06e0fe2df5b9e650ed1fcd001059b9693f86c5b4e3cffccddd7

SHA512
70bd75590184a75b59ea5789605f890bbddbddb7329dfb45404466888c49550d68748b33b66ca2be93f58f6cb5b0a4d47d1dda8bfcb71ef9b4b0b41fb70e2b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3c94b1f4d7572a548d001022c568461

SHA1
f5521c52a66c6d30bcb3adf0bb67a201ec343930

SHA256
ddf3dc2b2e93be4fb3bc521f0a393cc6b3c6d41093fc8333ea0ca8b217fcbbb8

SHA512
28c74e85aee33ff018a9c6c2b0a987778b4c6e0f799d5f27d270dc80ae741f335d6e2d160886884cbaaa9edfeb3b24e4f0b569ce691be7e802e1bd6ec4ea460e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3391b99a7024a5d3675e4870a6169e63

SHA1
23bb20abf26f04da2cbeb0915caab4341c43ef02

SHA256
31ea7479eca63cc63618e128f59fb9e44c33959ea95e770635da0e13007e4f53

SHA512
2707915351fb16822ea8157aa1515088b534adec90796c13e42465b9e8331001a1936b1689cfbf9538c394dae9bd148c4385039a932657f6ca3c42f8b8fc0353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_forums.tomshardware.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
f3e231685b4d9e212c9c73e6dff1cd7b

SHA1
b275535880737ce832265e78146ba8ab112cd491

SHA256
c060d705ffd1215045306aaec2ab3e8d9f85dc80280c3fd230f5c2a77b156201

SHA512
ec99a3f0984e4404b094dd28136c913ba910f40e918221ebade6675e950ba64c2fb160837b5019849a1e29ba9308d0ed317c0f510b44e9a8254b5f2ede4278fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
1e78a742da9c84beb330e0622a495f7e

SHA1
ebd1c11241dbdcf0e17386c1de6681853dc08a43

SHA256
1f123e64b72cc265a535f51cae78de7332a4457cc1f786eed43335d4d3cfd02b

SHA512
1e350dbf0ce5cc44226895e1b70b5d9b460647358a87b598ebe65958d2996d00cd4dd59bc251f8d52d135668624f8cc1ba25cec4e6cae53885ead49773ef5ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
c0d9a506b241bcc448d7fd88e99f0e2d

SHA1
ae16abbd1772fcbee8bdd10d3a210ae9fc350f99

SHA256
b5aa0c0edafa42e599bbe8160a5ff353517b50f65afdc638ddbac72673fb2e32

SHA512
8a8a19fef60f9eaee1031173b52ea83a831ec8788eeebb53056cb8b4ff05e9ffda75048387d4b4018e984c1a0be1eeb0fd5ad8ab08bab323798ccd85e60a2f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83eccd4f9d2e29304c129da60dfd77fa

SHA1
b9c7cdb3eb9e39276fc7479db4a9a78dedd48387

SHA256
eb8e66ab73a684b0087b42f7dfc4884bceb4885046896ffddf4808abc4be45c2

SHA512
543c5a67592c3873982f0389c5191182508e290cbe504f3073435d822a57f0b991603526c08808e52d54fbd59e2986704cb331c091ccd788644cb9ba0c83be73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
478bd752b027a4ed4726f14f68912f2d

SHA1
8b82190ec4ccf6682d666cc6d11e528ba6f38f87

SHA256
559d5b869eeb5cccff212b121fa5f71a1f76547fe236863d7d1260019bc92bcd

SHA512
fcab7e006c43160ed00edcd063951706d67bd9a12b370ced7977647e8ec4248b944318f146b3c0d879cc82fe906371eae2bfea188f57e33eb945947b4df4c15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
5583d99e4f74afbe7d701f837f15a25d

SHA1
08cd9e5a562e98a31293e934e39860249660ae9d

SHA256
643f02d9d2a7a04dedd10771609cff04042e2e715d93fbb9e9ad105c707725f9

SHA512
8be98291b8a75715e602e18743bb4c8e21c83a0d909dce18e407d00e896a3ed0bf0b58226245ece27dab4411304815ef72dafa2fe6c9fc7d11fb14ebdf77c7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
433a1d8db465825467c45d246f479d2a

SHA1
72cafac0b61ed0bfbd64b2f2182208baa72c2555

SHA256
b1757d94f6008b130ca2d9e43b32f29859552c6b95f870097cccafe4b0e21441

SHA512
d627dd90017a8a14610a318b8ad36551818440a87213f7e025091f80808d270ec44474db7b6187a70f3f9bdcaef6dfa445e904ed991606bf11bb8b659cab0b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d9912e8a6ebdc2659c323a0799a19a4

SHA1
7a5a768be0e5eccb58a23df23246e2c90acd736c

SHA256
247babc9ff1cb4251b96169e7185a047e950ed91c5e2579f90f1dee0f59f67db

SHA512
b57c1393bf86831bb6cfcd187fdfc553a258658ac79dfa13ca32ae8eb4d32952fef7e39482541565aded24fa2d1d80e51068acb37a774e63c7dd94c0ae2fd68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
80ab802f54edaa2897f9663af53a3e00

SHA1
a190039a31c79878b077c0096403bc91bb796bc3

SHA256
1df3514eeb56a12a102ba4d9f4cc8c50bb3333be743dfeae7dadbaaae7e042a5

SHA512
2a36028a4cb00a2ef625569e3ba18439fc5d92bfa036c1594db629a0b77d9acf904fbc6d03b47b6462e4cf0a65d413f7f968562db862aabe6be4bb78053c4114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b163057a0eb638e9d665d04b93d56339fb99e052\408301bf-7989-41c8-916f-7b37265362f4\index-dir\the-real-index

Filesize
72B

MD5
3344c4323ffe6a59d1fd59b8fdedaaa6

SHA1
1674ea3bcfec0653f0f628aec8c1ac5bac0497a4

SHA256
ee75fe9de20e85449290250dfb193d82d9ed57e5ee97a99380d65102590796c7

SHA512
9f2a6dbc9c4b3bee8a8f377e32bb04685d08b68f18d03e38d8f1ac605dfa667eba3dcf763c6fb0538a05368e124a8660b623905ed298bafe289a65aa26be64d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b163057a0eb638e9d665d04b93d56339fb99e052\408301bf-7989-41c8-916f-7b37265362f4\index-dir\the-real-index~RFe5b314d.TMP

Filesize
48B

MD5
cd18f51e11af753bf1f477952ec5bfbe

SHA1
345bff4117580bce86c5b6ed29381fe9787141e2

SHA256
7a62f4fa2ae3418213a0b4bff0ae314bc36324f6d01115de216308913f639a14

SHA512
9f6ed5314aa18f89bfb93480c6556d8d73b700e3e33678c9b831c8bea28f9b0905f11536734d2f8599c6a700fc6ac069aec5b5e3bb5748493f82d2449621e615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b163057a0eb638e9d665d04b93d56339fb99e052\index.txt

Filesize
99B

MD5
ba381c67f90cdb2ce04ab02a18e8fdb1

SHA1
e5672b0351d099e02f53d5cf66809fbad1f6f260

SHA256
a25c04ec4cc13b2bcf7dbef5ea8cda572a3d19cb40c5b5e77757587ad62bc952

SHA512
f299bf62a4bbd4d270131c1d45e40737f0573d7033eedbcda91c75c5af9e34778c18894124d0d5b2f8fe335c6a1a7dc14fe42e4a53e643b019cae5b17e5a53a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b163057a0eb638e9d665d04b93d56339fb99e052\index.txt

Filesize
93B

MD5
e41f36e4531cbe56d247eff506e9f880

SHA1
8279db0ac55dc6b6c4633ddb55c27da77e75c10c

SHA256
c91ffba230a67527c060e385cf11b23467ef8a8026810b0efe7f080bb2b33a13

SHA512
a6a0a2a2c2959459630a493d9b2f045ebe4d478f53da99b26654d2c2ae06de46197000910b69325090a77fee3354a6f20b028eb8ed4b16ec78b04727602798ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b3e51c6305acfd484a5cb8d5ce934caf

SHA1
c56a4c420a2abe4915415c229b3b58937f976a95

SHA256
04b046c19356138af0cf0ad1f47842777db3ee8a03779717d125e0b4c5685190

SHA512
1d4271ee342dbad857e792244ec1b922d69fdee87fe2246b9c760178e37fbb079a3c36be33d62a245c320fc3adba2b889ff77113f592f5cb286c358499d61153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b2fe6.TMP

Filesize
48B

MD5
eb70112ef39dd7c892e5b20e15a3afd2

SHA1
9b722021a28dc6d4d9ecd844f61394cf9b1e657b

SHA256
bb0d0071ac9764145d65fc20e16946ce1897e3f8f32580d1c8bb8f0b8b176462

SHA512
db04b9e62c1453bd5e1f4679a08599952c8b6f4c98e27d727aa6dbafe7de1f6395f37ada959fa0e5de32a4c8b2624c7d1d74d07648c07bc2cf0005a5ae621194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3cca9c684b42b09bbf9328a99e2e062e

SHA1
b993f2046c851e80d5e59b9644b249d1c699e150

SHA256
ca8ffe04dca96b731db7d66824a20c151d35ee31d5e6fe99764a5159d5ef5eea

SHA512
39653a085ec4b3b59c1f1465a28c77da2350fdeb70696f663fe88eb3ee07422a3e9725694050220f5782bcd82f8603bf2d2c7b3e011ded8151428334c24160d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
81ef01c8861ca033ba3f832d823ba971

SHA1
44a23271ddc5c4db2ad7a71755f3a6072f40bbc5

SHA256
d493a9a9933740cd450dc413f2108db55fe0b3080c0596d9ad89705b8baa76e5

SHA512
7613bb06fdecab59137c28b9540acf26d92b8d746aee860ba8657cfa34b3921f5ef8c063e89161adb6fe00bb214c5843f8393cd9f04c6681ac926af06003fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
50aa236292ab851ddf521f300f4e2072

SHA1
dad33729308ddea7d46f1c48f8bf3f8215ca5ce9

SHA256
fce13baf5a7d6487d73cba1d463f1d09b560880a56ea90ec141e4f86fabdc216

SHA512
6fe2f8c50e3c052b40c4aa7cc20bb61f37a7b329a57dd6a8977d07195e1e4e60e0f71a29fd554b1e26d2f3744431ffdc358dc0ee1564c0150ed0ea9c604f298d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
10f205add32368203fe9632cd816c117

SHA1
577b988c1989a2dd5386f665021d75099dd73c6b

SHA256
db25ed4790db703ea8daf45a8fe8b789aaf58cf78bae14c918248824fade9f65

SHA512
01d5b0a63979ae2f749e13ae47159d4a7c774010e1a43a946343118f9b2b9b7ed46ecdff576b259a8faf40faa4ad267ca5ba34b4d5e565d58b8c947cf1c9b33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0099.TMP

Filesize
538B

MD5
f98bb8d55aecdf858bdc6e5ff29279f0

SHA1
953732f97c0ef8773f1200cea27416e7869397c5

SHA256
1af3e92cab2f3f5a532f7421e306e20bfede3e0659f20842f9be3bdb331fefc1

SHA512
0ec4b179458571b9974b99db1c93602dde81f2d9ef5df63f08c7937961f8f4cb9136abb225bbec84daade7495246981f349846cbab653fbd39c9ed5a2352ec24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aad727082d731fa0a217ea6059fe2e37

SHA1
027f435e4fc35fec397e5a0569cb8c344d4b376a

SHA256
c7c326d9ae056dfa5aa11d4037680f4eb5eb73ec732e363c34154fef027a49c1

SHA512
65834f1db3781634d8b26be8069d8c706972cb070a85703bd30d274413fe92d6b99ba33d11bee3f3ed5c66873d93ecb7a2253fa83980285dbbe3a26fbb037091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3ee991f0a7c3828da97e4206f14c99ae

SHA1
4c9606b01777ba23a3ad26cb6e479023ffbc1533

SHA256
03207ba9cc03c8d97beb52d248253b317fdf12dcd06b4f3c386930f6db288e01

SHA512
49656119cd89bb1fcd2233941b9b4a8363896cd433aa434e66e14e3ed14e62f78e9185b306fb24e700b85c9f250ec118ac43deb76eae4fda88b93e17a68b47fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ILD7V.tmp\MSCE.1.5.7.Installer.Win64.tmp

Filesize
3.0MB

MD5
2cfa7813948e1d642c83baf7c93d772e

SHA1
1219387504078b58915ac95bfed3a06a3487a36d

SHA256
ca66c4326d5e58b71b53b0f21db7b5d379666b18244de6e44504955dfc66cb63

SHA512
1fe8836e24a6425898b698fcc203fa7057df09d5add083239233a303d176bf0b2639a9b9f6426686ebacce4602ae263a65d87076079859a8173decd4dd53927b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
57dd7525ba095591996460e4d295cfc1

SHA1
f9d5f6f703031ee002f27efac95753002b0ecf35

SHA256
9b68c3d122c4c35975c6f859176cb63d80e1445e536bb3acc171a89c87d18095

SHA512
9867b4d18f077b97c531a881e9bad6b6e8fdeb5918fb47e559e650f0c7c903b71976f4f86186d812d5c1d736e76694448bf988779e903ffe5a5c10842fd0c82f

Download Submit
memory/60-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/60-0-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/60-391-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/60-8-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1356-456-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-457-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-449-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-447-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-459-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-458-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-453-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-448-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-455-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/1356-454-0x000001BF2F0F0000-0x000001BF2F0F1000-memory.dmp

Filesize
4KB

Download
memory/4840-12-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4840-29-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4840-390-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4840-10-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/4840-6-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download