meduza | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa29heGpFdTE3c290bDRQLVBhZFFqWWQwZzZ0UXxBQ3Jtc0tteVFGQi1FUzNGUDFZeUNHQ0I3RmlZenprX3k4Y1ktQ0FFUWtEa2pZemJHZHlxZVZFbjB2a1FfeTNNZU8yMzYtbFJPcUtsMW5EMGV3Rm1JcTZMd0hqbTB5RHR0LWFyZWpZWDREcXJJdFdiTXFlZDBJUQ&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fnliuafcwkyryt%2Fa&v=r7R_cHRgRnI

Analysis

max time kernel
209s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa29heGpFdTE3c290bDRQLVBhZFFqWWQwZzZ0UXxBQ3Jtc0tteVFGQi1FUzNGUDFZeUNHQ0I3RmlZenprX3k4Y1ktQ0FFUWtEa2pZemJHZHlxZVZFbjB2a1FfeTNNZU8yMzYtbFJPcUtsMW5EMGV3Rm1JcTZMd0hqbTB5RHR0LWFyZWpZWDREcXJJdFdiTXFlZDBJUQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fnliuafcwkyryt%2Fa&v=r7R_cHRgRnI

Score

10^/10

meduza collection discovery spyware stealer

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
425
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 3 IoCs

resource	yara_rule
behavioral1/memory/1560-806-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/1560-809-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza
behavioral1/memory/5892-1276-0x0000000140000000-0x000000014013B000-memory.dmp	family_meduza

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Aura.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Aura.exe

Executes dropped EXE 4 IoCs

pid	Process
2180	Aura.exe
1560	Aura.exe
5876	Aura.exe
5892	Aura.exe

Loads dropped DLL 2 IoCs

pid	Process
2180	Aura.exe
5876	Aura.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 10 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
359	api.ipify.org
348	api.ipify.org
349	api.ipify.org

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2180 set thread context of 1560	2180	Aura.exe	122
PID 5876 set thread context of 5892	5876	Aura.exe	131

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5768	cmd.exe
5992	PING.EXE
5520	cmd.exe
1136	PING.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Aura\Aura.exe:a.dll	Aura.exe
File opened for modification	C:\Users\Admin\Downloads\Aura\Aura.exe:a.dll	Aura.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4976	NOTEPAD.EXE

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
5992	PING.EXE
1136	PING.EXE

Suspicious behavior: EnumeratesProcesses 57 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
2092	msedge.exe
2092	msedge.exe
2292	identity_helper.exe
2292	identity_helper.exe
2912	msedge.exe
2912	msedge.exe
1560	Aura.exe
1560	Aura.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
6008	msedge.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
5892	Aura.exe
5892	Aura.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeRestorePrivilege	5412	7zG.exe
Token: 35	5412	7zG.exe
Token: SeSecurityPrivilege	5412	7zG.exe
Token: SeSecurityPrivilege	5412	7zG.exe
Token: SeDebugPrivilege	1560	Aura.exe
Token: SeImpersonatePrivilege	1560	Aura.exe
Token: SeDebugPrivilege	2124	taskmgr.exe
Token: SeSystemProfilePrivilege	2124	taskmgr.exe
Token: SeCreateGlobalPrivilege	2124	taskmgr.exe
Token: 33	2124	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2124	taskmgr.exe
Token: SeRestorePrivilege	6108	7zG.exe
Token: 35	6108	7zG.exe
Token: SeSecurityPrivilege	6108	7zG.exe
Token: SeSecurityPrivilege	6108	7zG.exe
Token: SeDebugPrivilege	5892	Aura.exe
Token: SeImpersonatePrivilege	5892	Aura.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe
2124	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1604	2092	msedge.exe	82
PID 2092 wrote to memory of 1604	2092	msedge.exe	82
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 2196	2092	msedge.exe	83
PID 2092 wrote to memory of 3684	2092	msedge.exe	84
PID 2092 wrote to memory of 3684	2092	msedge.exe	84
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85
PID 2092 wrote to memory of 3720	2092	msedge.exe	85

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Aura.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa29heGpFdTE3c290bDRQLVBhZFFqWWQwZzZ0UXxBQ3Jtc0tteVFGQi1FUzNGUDFZeUNHQ0I3RmlZenprX3k4Y1ktQ0FFUWtEa2pZemJHZHlxZVZFbjB2a1FfeTNNZU8yMzYtbFJPcUtsMW5EMGV3Rm1JcTZMd0hqbTB5RHR0LWFyZWpZWDREcXJJdFdiTXFlZDBJUQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fnliuafcwkyryt%2Fa&v=r7R_cHRgRnI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9920546f8,0x7ff992054708,0x7ff992054718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10148559967816961440,7473477715915863795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5932

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Aura\" -spe -an -ai#7zMap31319:70:7zEvent22289
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5412

C:\Users\Admin\Downloads\Aura\Aura.exe
"C:\Users\Admin\Downloads\Aura\Aura.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- NTFS ADS
PID:2180
- C:\Users\Admin\Downloads\Aura\Aura.exe
  "C:\Users\Admin\Downloads\Aura\Aura.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1560
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Aura\Aura.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5768
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:5992

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2124

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Aura\LICENSE.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4976

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Aura\" -spe -an -ai#7zMap9408:70:7zEvent26943
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6108

C:\Users\Admin\Downloads\Aura\Aura.exe
"C:\Users\Admin\Downloads\Aura\Aura.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- NTFS ADS
PID:5876
- C:\Users\Admin\Downloads\Aura\Aura.exe
  "C:\Users\Admin\Downloads\Aura\Aura.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:5892
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Aura\Aura.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:5520
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
21c5b9a2472d8c465b2d61665f72bd47

SHA1
52842f05e5f9733b717f1004b0245a556a54a759

SHA256
1e04e44632d5e8bf2954fd6dbe6348bc3c2b5b4442ce68603a37ff324fd68163

SHA512
dd95511065e0002bdb1f658c30bab6973f510ade3b24be632b338bee2f6d4c56892eafd40d7c721469986a6031b349a2e510c42a506a6677f6893e390cbcd24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
36KB

MD5
25128601171eff06709b39b12d20b794

SHA1
6692fe2c2c9328b1ef705ec58764770723c9360b

SHA256
9088fdc056fbec29eb7abe637a2ea1d31291d5ce7a0c28be5d3fc41c0dd323bc

SHA512
3e2653730426d96f4f49c763f8c390aac93eb97e678431166e2071da70a07cf763d57482b3dd1f80e8abc68a752fa73101da146f7da1496160edaa4a385bcdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
160KB

MD5
c013f4e809b58fb558c3b4c70ba8388e

SHA1
44fdd554b67922166d2ac89a1db88c5edf1ff63d

SHA256
0f4fd94e8705b10a2f79e87920b8cef68da54a3cbb12068aa583290284e79f1b

SHA512
66748ad6b6bb85a58adbc4209408ce91c19d18c933bf8dfddba992c71f2e921bb05fb3de082633b03aee7d81cff2ee074de3535326e1a27b3239f36813c4a87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
4KB

MD5
c10ec0f2037dda92e47ae214efb05cb4

SHA1
5d7ae8b7407b4f101f7fb62ee4f9582e84aba6cc

SHA256
5b73dccb03d10cf1385783dd7956adcc4dcf28fb841221d17a69a5369bc27afd

SHA512
184db8c71f04ec6bf2ddc10d7d5754b064cecd2ec43ae21d9bf840f200fb0a856c52eedcb2d6ca7641acb99cc850e58388266e5e27fca9e557fd9e00118005db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9add3204fd7200db23215ba07967d35c

SHA1
eb14f0ccb5cfc96b580250c812425ddb4932d47f

SHA256
38054dafcc368d5337bffe7605666bb45162949b58105a533274b88b075f186b

SHA512
ea85400992728e0473f394c1bcf185407ba4238732dee91bedb7163400ebda4619fc713755d5756ac5e93e68dbd62a2ad4fe7e1fc7892077867768c464108fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
e6f756e2ace59e03ca1f0de5e7ced899

SHA1
500fc539550e45a66c91a8884382a90ef27c06c4

SHA256
b97641a7466c1dd160ab1aeca7e95a5568d6058cd58aba21fe5deb2575ade1fd

SHA512
5f8e9409e8a12f5f6efe5bda7847afbb607e0b7ea5903e219b19cb26db3e3a74f5cce838db157c2600cd00d8f2d49224a8a2c8681c63d77aa554e346aebcbac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
74039c4022b77508cb4d891ddba83e65

SHA1
0d1fb554a9c152ec506cdb74f942fafe5e96cf59

SHA256
2a54b4cf7b48424834e52c80eccc372793543f9239e7a95fbf9ec6f1adf5e5f0

SHA512
47ee3aa5e28f31f69cf1243f6d04c8dad162d9cf8d0bfab55e491ec888caaefd9eb507fa0473368cfad9fb8f0d0245d5d734da697f6c54c1f39a1facfb95c425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8763cce800bbee75f1a08e240ea4efe3

SHA1
fcc3ea8efa3769a328499c856b8574d8cc0a44b6

SHA256
34f41c8f84cb29835f1a49cae8d8635183dfcf95882a2dfaf2358d04351337a2

SHA512
bc85e51b2b303abc3ad3ee60fe832c287f2f4aab51c44ba56277ce14a35d98f60a6bf9a40e240dde9169c2f92bd0c6c43a33dada9c83ec60778f29ab7efa3550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fc150bb4dd493576bd1ffa7b26ec3c5f

SHA1
a6db8661cb67e42edd78411d97e4d1d8136b64f2

SHA256
46623b72c272f2b2728392262f96d53fd8e6c7685addfb28a555f9d7ae2c3ed6

SHA512
9457c01530ea6e83558df8656ae40e3a2fbd8c7b2450021a9f292bbccb0745a67d4f4c5dd55ba21335792c70cdeaaba3c4293082f36ca72a9dcb751fc1070169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c97bee1e92e5fe1fee1ecc871519824

SHA1
2013e2d3de5eb9f8d31d6678c2f54e1f07bd7c01

SHA256
bfb7b7094b120b0bcd1707836c34820b2956b3fc2d0fcae2c3607b11e019ce7b

SHA512
d2e762224480edd8af4fd0b5b01721c0a7ac0a4192428dd8c3af6decdc9d28ba01f170e748ad86a191e402410c823bbf5d5478fdd41f388cf4127075e054568d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c45cc196cf9089e211b3ca3f5357272a

SHA1
9324b1ec56f83a49bea22a9db3cd8000d91a0ca5

SHA256
69d74ea7e3cc615bb64e2dfdd6195659b4ecb7ec2b9db9d9461feb70d65d645f

SHA512
25631619f128b1ca9fc813166bcf222b450a9a4aea7f772475bf87e39f359cc49618989bee6bfd367f4eb565c35b2c0af765b6c24e946dca849606c0dc00f513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e13c8e2c509c68f7951dd760cd62931c

SHA1
937bdbc72c2049d8c600586bcd58cf4a2a393198

SHA256
da270b778ed8a873129dc4d1f4c4c2ff65d6492243a930e1bd6cf878601a6659

SHA512
668e46e95f4a0b3cb187424974c166fe9ef097bb4a7733033a51c1f5b820ca9155b81e3f96756ae45e2dcf4afd7429fec7d00c5d4b88aa697eaa182b0c251537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
328995da797c913db4374ff1446e46d2

SHA1
12de3ac561aeab7488805c30f1c221db78137963

SHA256
7cf92dc0efb072503e6cadadd2d488689e28ca76210a9cfd410080eecf1bc29d

SHA512
dee9d6ec3469a394760cc5577954cc61e9182b889fe212f1d02be5d2735078d09107c70616bbfeedb9368a017f1c72ced61aa414a8f7a83001d5b705da6f4c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2bd75205803986f91c6e1f5880bdf9ee

SHA1
893d309521c0f112fa4dfc79978463a743844d62

SHA256
58bcbeea6a0e6c0a803eb6a01429ff9a05ae4869d188a43a7805c10c1d48ad28

SHA512
2abcb6c266f65141408ac9e9c1eb3dae9effcbdffc81a0c165ed55da35432c66e38a3722e81d00ab9f5c662d39c84a99cb74fecd8fbd0025bc6d94ae879a526b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582296.TMP

Filesize
204B

MD5
feef20c28b836e3935c05fc75afec03a

SHA1
07c329dd44671869109f8d77a3cfb7fc971ca549

SHA256
42351bccc845db7430012ccdbdc6f69641731d1a03c074ca956e21e7d80496a6

SHA512
dc68f0c9cd927a405a1755cca835b6ee08d966cb13da98c075df858765d0faa62c3a647b47635dda56dff06fd0a053f73da1ff2baeeab9f4ffaee49db173da41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ea1770e7ba318c7e910a89ec9ecd6a2d

SHA1
5944e5fb5e3a738bc37780da383454b6b2eabba9

SHA256
d5fa635324644b238714ce4bcbe3ae2704a421c840b9848292cd6b3d9ef9235f

SHA512
38b5778630cf72a8b1be188a564d033a4a3102e994ea871e314b53818c92d96609e7c4b815b6e06d7bee75ab09cefb5ebbfe0102eb489a0927d967773ed335f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
593ba0457af30525248be051ada4ce89

SHA1
c29a802a2720f2abf4db3715ea2971dabe409c93

SHA256
625b11816846224d638c865fc771f9a40f13e630d31e88d4febd0ab27d7e6acf

SHA512
848b9c87ec7ab5162919998300e2a5ddc662ee009045d6ac445cfe78bd9911dae0fc6a0bbec14f9eef95c07fc3d67ac6f27a85a5e1acf8fad9d9c30d643c7c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
15505e02b424f74984636ab4c3d6b45c

SHA1
e01aaaaf8d7d47459b155b1d57b3a7b0dd9305bf

SHA256
011f7be1071453e6d867f02f7efd7948143836bccc84c472a2682a3584b84431

SHA512
f3fee0dc1f2cdf804427fe8bbb8eab4db99c7fa179a310dff6e7e6f6e3f93195c134d85964bdee0dbcb07970b25eb7e3766cd31c2190a114bdd1f7ed2fc19b29

Download Submit
C:\Users\Admin\Downloads\Aura\AcXtrnal.dll

Filesize
550KB

MD5
6e353c4c50e19aa7fa32750caaadfdc8

SHA1
f769957ef270dea7eebe3343681823d8bf39549e

SHA256
fcf336915cb31035f31318a82b528ac29b46286d149ac20af48106b127f281a9

SHA512
e10d918364c1c8108f0be51c523852c0ab270804071514406698dfadc733ff002c8e87d35116c48a8fdb02a619e7b84ccc7c81a5f1b6ce031d54a9aef9ae4a8a

Download Submit
C:\Users\Admin\Downloads\Aura\Aura.exe

Filesize
1.7MB

MD5
ba5d6079a02d5c637d1620949f15b659

SHA1
01cf3b2de4e2c5df715696674621a3a647dd5433

SHA256
19d597987b1985b1775272620247412f3e837b4b6c558b306fad2fbd5c56776e

SHA512
290a03831752666c8aa9469b469764ed803c4083ab14704d4adf7d043f13af33030b6ed587ed4adef72423eae1b7d8621fe225d863dca805c892006718529b5a

Download Submit
C:\Users\Admin\Downloads\Aura\Aura.exe:a.dll

Filesize
1.4MB

MD5
cf95e3c4af4ec7f80912920df378506f

SHA1
8a3d53a05371400f6268533e04594b7819e93382

SHA256
b6e385f82df89138846e64bc99589757f0d2b67b35d669fddf3e4b9875e08259

SHA512
8f1b447a59b4164d6fd33dc6edbf8917e70f153b6239baa0659959f22d4cf52233243de67bd572aa8c8a64fd0902dac4c3c3f5696b89c89ebcbcbd4fe3ac12ca

Download Submit
C:\Users\Admin\Downloads\Aura\acproxy.dll

Filesize
2.5MB

MD5
153b33a55d6114da5528b236a17cfae9

SHA1
797f97936282847930455b9deadd345f57753a6c

SHA256
80ec02d5362f5972558bcf9fde4309eb7f0726e2640d57cfd4ba5b3f9043ca31

SHA512
2c28d06fe9a0e44a8fba78df5f2e2e066da8f54e18c6a1589a93456e3382b2224c8ba0bcc799b03b936827285eb9c213f954c30ca1fb35f084f72e48af070f6b

Download Submit
C:\Users\Admin\Downloads\Aura\alibabacloud-oss-cpp-sdk.dll

Filesize
1.6MB

MD5
2698f138e8c4d573bb0daedc47acd123

SHA1
ec86054e1b8587787de6ffe4bcf021be87c42ad3

SHA256
2ee24618c12271b7c9c18df5f2beddf02fd93ee7457707e0a6a54d8d8e88aaa2

SHA512
0f1d2deed598c5a8c42cadac654b971384f28fd1dcb031057a385b3335bba3b223ef09e7b181552f1c2e1706b8ecbef221c657ca012db74b1fb94d92fb0bd755

Download Submit
C:\Users\Admin\Downloads\Aura\com\COMSupport.dll

Filesize
38KB

MD5
e8fb6c3324cb66e60900b813b364a5de

SHA1
8019d3cfb0667646b5aa5a38eaf9a9fdc194c4eb

SHA256
742176460afa2a4ed3642142dfa954e7f53668009a4973459888d5edf9ed1bdb

SHA512
68d66bafb16e1f668223baadd61f53fe1c87ebcf2c6752554c026d880f93f34c0200b83343a73318a93d93f4e05a7c9ed5ad46acbf72f870de337d1a74c18b44

Download Submit
C:\Users\Admin\Downloads\Aura\com\ColorManagment.dll

Filesize
97KB

MD5
eff6f115f31539581c175522a578e799

SHA1
16c8e3b171021211fc52d1ad018ac809247dab1d

SHA256
152cbd8148b160b0ed4baa2ed7ce10b680f45f7e3159d133cd0427575da42251

SHA512
0068dc71612fadd30c459a350f2f3a44f7cdd12c64f9ff3d759828f322794a57ed16442ed87b8fb572e090a9e0f926c4347235f35181136e2900036bdf57a7fb

Download Submit
C:\Users\Admin\Downloads\Aura\com\cpr.dll

Filesize
159KB

MD5
7a006dc458d9c9bc4666a0f03d354d3d

SHA1
b5a716748ccdc13be07ce8dd249647046273715f

SHA256
91e513aed4cefc9cbc8ccd014310e75d5c098c958a23b1ac0780b07170f91f1d

SHA512
bd962c90a7d1e928ba8beb974441906aa7966f83fa2a1daf1d72608509df1722573e055c7f1739bf809106670fe05feda1c377c57332cc3d1ff42a6a1fc01666

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\DefaultDateTypeAdapter.class

Filesize
5KB

MD5
5fa5e8bff188fa77339be47c0445b868

SHA1
6cfd237016e1d31131f89acec74b890ffed36511

SHA256
d01c0b1feda662709aadde7f893a27ad9ac2a81321f8ed4708c96453a19469d0

SHA512
212758f2852d3238cee1ea055b8aad4600fb7376d01b342114d38e9c36e5facfe5d41f99e9875fff895d37c61413254c391ec4f114d028b7634980cebc184e7e

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\ExclusionStrategy.class

Filesize
291B

MD5
ef34890648a3e6768c1f28499889d468

SHA1
77cb9ddfdceb493d7e4b305eaaf9508ce1855a30

SHA256
8622d35e48bd1862025ed7aab23dd0bbf445419f07a51ea693e4678e2431b8bc

SHA512
e8be670d8797186ec0081f89d34c0d13cc1ba2576cdd0fbe111a06ba2a7ea049adf2fb76b4d0d47e4650020ed3abb9e07d6e1d810923e5c6322a7fc964dfc075

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldAttributes.class

Filesize
669B

MD5
0feb3257edfe5828fedf0a5580127441

SHA1
0431db5dba406aaa135a15d21342c1e510b9fc9d

SHA256
89dc9c53b6581a5ea19dcec9cfefebdd66a521291d6d172a803bdc071984afcf

SHA512
d1b83d5a085e290a98d5cf73816137929253fb1aca2ed97ff7af05898b263bfbc32a9e67c6522428441b2a95cae7e80c20df39b1afaea391d8a3f25911cb3390

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$1.class

Filesize
711B

MD5
7a46c39a76b08e750af645e5fdd87def

SHA1
96a2fef015cd67667a761b14a670b6b5ca9463a9

SHA256
c43df3769dac20d5cad76107848ae6e47c390361c032766843b144a8ecaffce8

SHA512
a063d023b7dff37b1459d06f3391b40d044297c45d0733332af41f4eaacb33ac78973279dc7b7d2a34a4ce966eb5bff7e185e74c9d9ca70c70dd6cc2c13b18e9

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$2.class

Filesize
837B

MD5
2c2081998ead087521b523e590b1a8de

SHA1
1e3fd3b6e789171519b2355cecfc7039405103b2

SHA256
082e164407caa847c4a3d85a03fe0aefb9ac59aad9601f90bfcfb27e15b79e4b

SHA512
e6bd0bf86e3d06790fb2b11933ad9a175a385b2ff57ee673a8b97353ea9ed454e8cebcf6083c2f3b9f3451697e586f2842af6288a41e52ab61684bd655515998

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$3.class

Filesize
938B

MD5
8e72cd9d484797032505dee1dc723d74

SHA1
f0d8f30a0f9db59bd00fdbb1eb114d642c491e7f

SHA256
4b2d181c33d3ca363a787995b2b54ad817c06be36a4d63bd7eeeb49a27e67133

SHA512
46d507ffc0713901f3bed2f31103370f794f5442992ab98a6ebfe0f4592245da86c9abd167199df85607a524ac105e7a921ad6faa32676db1740447930e2820e

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$4.class

Filesize
1017B

MD5
b6ff58cf12f38aa187ad63373e7f0d64

SHA1
c1977bb944de0a845f1aaf75994e6aa88cd0c265

SHA256
6a1d5d22b865e5c24e32fdc23513d6c1f0c25bc4d8f10621a165df5c37a0f024

SHA512
f7ea16cd742d6ceb19ace29ec8bf311714ce907950c91b924e90776c05e701312678970a34e6d3020becf3dbb8381ebd48aabc522f814fabb7fbf0f89c4e5b65

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$5.class

Filesize
1017B

MD5
740c73103f7ad1d9a3fd9920d98e9661

SHA1
6a22c81e68de834b9007cf5409810857c8a8bd5f

SHA256
7283bc2b2a95eaf61136dbdd9c61f8429986c8e772d76f7750f3d55126035b3b

SHA512
652ea1130d92be4a41ae23e28be2b5ad7885ffb6b57591b5fb7bf4f3b15aed75eb6402ff841085c4a26f8dd301a19d9bfcad4bdb6f1944dd56d175b1ed0c7c31

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy$6.class

Filesize
1017B

MD5
657b04ae6113447e4e0e6d5395266e69

SHA1
927696a05ad0e874706e7b143a68d76ab478af76

SHA256
385ad02972837a4e4cb3b298b801e2ae217dfefe346762fa63e052cb863663d0

SHA512
f1fb62452524868fde262e1e165691373c43209bf1970d717825ab7e12a7e500154daddbf7133ef6f70b184e52e786d9e16320948b93abe07f8eed8ae9d85cc1

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingPolicy.class

Filesize
3KB

MD5
6665072a8630159e42b74a78b3407dad

SHA1
be3ec695908362b10b0cc3dd20ec690ad8ec4203

SHA256
9c56f90f4553b6524cec192e73d23ca4caa076a9468030829fe5a73e0a560313

SHA512
e7e6b0ee3546dba2b73c7a673e04f0664313b44b4d4381937596395a1f919da08629c5647ab6cde3a2a713b803840710dc7fe6a52541c50a1b481f2431e360b9

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\FieldNamingStrategy.class

Filesize
207B

MD5
7ecd425b3bdb4f9fa94802249e3b43dd

SHA1
1b1c088a4347f674cd1010389833894ceca0b15c

SHA256
2949fa992767e87f0a936e3bc6883d125a183691a3356ad84c041d4817dc8b91

SHA512
6fc29a4bce9614e30c28658cc8a7ab095ffc05490f4cd1909370a8f72c2ce010d2fe49c260b263da1897ea78334cfabe5650cf0c85d0f4f10504cfb61afe1ffb

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$1.class

Filesize
1KB

MD5
45bc906b919ec12d77cd287d80742222

SHA1
76b222ac86d090fae06004283e82544a479ea999

SHA256
6f0ffe661cfc115101d0f58ea4db9bd81267e94ad644cace0343b6060f4e45ab

SHA512
f76ebbc359b1562984ce9e7eae75ffb91d445072758e4c92ce5d186bb986d63f2e0960cb5e66d998af8d5a71faad7def321236edc98966d02c8e9d7a65f9c3a8

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$2.class

Filesize
1KB

MD5
7ae38d7428a1071815e2948dbf752d3f

SHA1
5b8f415ef46818cb902e88341a60e9a6bfb0beb3

SHA256
762fd7acbe0767f35d944087142ff7d7e035ed397d7e50a6e8d378d0c585c2b9

SHA512
979b360687b721ef71b3d1eec2342dc89a46e76d44195a76e67fc865e60b3737a5c014a8e3bbf13f08500f1a4f63454f28489d066b86ecb3e4222a36185ab6ca

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$3.class

Filesize
1KB

MD5
7721376cc2e3542033ac9793b22a8aab

SHA1
e6fbc43c90ac2d3de0d4dbc1edee5725e2e54321

SHA256
9ea1403789feb67c3973f954168eec81f6ea08bc572ba22fdcba59cac108e860

SHA512
e79e31239ff2fba4197c55ad894d17d35f78163d92a3630e28de0b1e7616da3e55154efd0fb33b789b3bfc90884482cba114d720854f2983a206948df26651bb

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$4.class

Filesize
1KB

MD5
1b0e4089b42b77178c91dddec375267d

SHA1
0d9bf37e0b4186df714ad367be53932ebd7c18a5

SHA256
cecf9f7431c1b73b342146717c1f95434709d443bb67dab62f5d2d0b811a71ac

SHA512
f02e992e325ed89abc6b75ad3a60c2262160be2590d5d4e350062c1013bf2db7f2fc563ccdaa8c06ff2fc2476c3130a7a5e52048227f0dba471f8766c54780cb

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$5.class

Filesize
2KB

MD5
6edd546e49fa1edb9ee42e6844d6e5f8

SHA1
e206f39570a4e61c3f023003187d4cc263d16548

SHA256
d75763d49636aa1ddd1489a3b47d0c92873b05dbd63f39386f62a36a764678f5

SHA512
d2aeba8101faa9c7cb402dacac6e95dd6b0966a831200820517bfb0ba5ea346434dc42ac7d36c6366ceaa515f3606a42e6628adae1bfcf12a39f3755ea592a5c

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson$FutureTypeAdapter.class

Filesize
1KB

MD5
988f32925de69f3fa161ce31f9457030

SHA1
1c3a756cbdc87174b53c5c70f642629ea7c1747f

SHA256
e8ce2edfb24887e638a429413d2dddfc2e3732490225fe5c9813d8f96ebfef0d

SHA512
263da2dc1268dcefeff6229e285a0269b97d690432cc4e7ccd6744aebab9c5c88a1a3236d324b4e959f8224ea1f6d034ef8798f9fa18d557e44e565deeae087f

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\Gson.class

Filesize
17KB

MD5
6d6eb7a6d876ba821f2b0d74f5f60376

SHA1
e50275935eb6a4f13779820caa45550a0116d196

SHA256
c42f7d67e6161de92b067ffc5da1033a92b21ba4664f626f892db01ba09cc6ca

SHA512
410f03a677076619d13f1933a77ad3dbe37e474b01e9f8c9ca4153cefaf7a3c2c5c9f7c0489a3d2db8519ffb6d791174c448acc75f345a220da00caf8fd0c49d

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\GsonBuilder.class

Filesize
5KB

MD5
340e30f4a8b705916a8afad3d5996e31

SHA1
440f845a28e07968aed1fdafcda38501f6591643

SHA256
18b5171d59fa5072b63737fbd88206e471f4e3661cb997513179d0cef33e1ee7

SHA512
bcb5167593c648fd26d18f41ecf73a8e89965553c193c3a68b936ae8d2e78b629774022806e96532d7780262ff7ef3f93acbda345f2d44891d26b336f5e24822

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\InstanceCreator.class

Filesize
302B

MD5
3e61ef9cfdf68394c898b42d02a9cbb4

SHA1
ed0b23b16843c880263eaae206ec40dec36faade

SHA256
64da1bfc0e3faa9bef86a483a24095c2ccd0c199211be71010869fbde9b1f30e

SHA512
5464018f2f43b10875fb485e6cb2c22c5ff2507c035e35130a386c760fd5104c9e3e70c343eb2de571af2985d835391f24f6cced2525407b72638009713816f7

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\annotations\Expose.class

Filesize
523B

MD5
7b13ef2fb5a973d8dc125b127a65b332

SHA1
03e635e5779a4ad183be682e252a6dcbc22db180

SHA256
b4bfbe8fdb2efe297bc4bebd1729b49ae188bbf0eedddd3bf4e46f14b5321970

SHA512
d5fd059b9699b745676c176c9bec320c2bab9562b1ef4a1d2a1d53112d1c4f9e4ec71855a2ae848269e6a631d8d451f6c4c716b05c62ca9135d86829414548b5

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\annotations\JsonAdapter.class

Filesize
548B

MD5
5dd2ac6d69f2d166f787f571140c1edc

SHA1
337179191fbe4366181f7906eac9c5d672c44e60

SHA256
cc02351c35bb570c632baab634bb6132008fb5225385f74cc81bf98edcd8d235

SHA512
d97e9ac283cac12c251f3e8196e5d75d5bc756f0c8d2d1900373e54ebb3118108dd7c83a5f97a6fb669a892b58f4f77a45f0c959787ea1f5e7503667bdc34e6c

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\annotations\SerializedName.class

Filesize
566B

MD5
b73b9adc3cfab8799494ff7702c12e4b

SHA1
ec4e7fd506bd303d240d44ce27e03bec4d65d7f6

SHA256
4d2a4dcab1f21c1be95b97e7fc7431abff19f005219f214ff1b0ec0d8aa3ddb5

SHA512
51e76e6e569e828efbe0d4b14c1ef8003828b737b381d1b825bb7992996842e1b02fe5b1d91e740a1d11b49911cf3cc2594ca4802f02d98b06ee740b46f94e14

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\annotations\Since.class

Filesize
456B

MD5
5ff747e107f72ee8f1670189f29669cd

SHA1
ede7dfea536906cfc71790e367ae7925e46c3d92

SHA256
4a97393d7e9da70b144e417530b7b51502aea032343cc5d27b9892654743167f

SHA512
18f66289d77855ca767fcbf55cb0b1f6399e4ea31d64b34de58c41285f54fa4596e734b19b2cd5d1fa9442db66201224f662b3fa547425c4e62e3875bb86691f

Download Submit
C:\Users\Admin\Downloads\Aura\com\google\gson\annotations\Until.class

Filesize
456B

MD5
dd046b2452d7834dc0a6fae73c889a25

SHA1
5f77830d6b95a35d11752ab61ae796840c44b905

SHA256
99cb68b4c9d07eb3e49b42b2182355bd6410db0f3ff23e6e1609650ad8ebd004

SHA512
555a459691e5e04656cb856678fb9c8bb0886742cea79fe6480dd166095884985bd2f9f80c24d6984e1b1fd8d3056696a695cd09338d68e9644a33b360300a1f

Download Submit
memory/1560-806-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/1560-809-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download
memory/2124-829-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-830-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-831-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-833-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-834-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-835-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-832-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-824-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-825-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2124-823-0x0000017203D30000-0x0000017203D31000-memory.dmp

Filesize
4KB

Download
memory/2180-811-0x00007FF9829A0000-0x00007FF982B04000-memory.dmp

Filesize
1.4MB

Download
memory/2180-810-0x00007FF793000000-0x00007FF7931B5000-memory.dmp

Filesize
1.7MB

Download
memory/5876-1275-0x00007FF982940000-0x00007FF982AA4000-memory.dmp

Filesize
1.4MB

Download
memory/5876-1274-0x00007FF62D330000-0x00007FF62D4E5000-memory.dmp

Filesize
1.7MB

Download
memory/5892-1276-0x0000000140000000-0x000000014013B000-memory.dmp

Filesize
1.2MB

Download