578a311c3e56fd9bdba19b2b77d51042b29990645fe19a3725c52ac05cf3d499

Analysis

max time kernel
1048s
max time network
1050s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
08-12-2024 14:02

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Dislyte_setup_0.0.4.exe
Size

13.0MB
MD5

f30399c8bf4eb9a17131d690ff0ad6ae
SHA1

5470e2299335b7cc842ebaa5f037249ded8a14c8
SHA256

578a311c3e56fd9bdba19b2b77d51042b29990645fe19a3725c52ac05cf3d499
SHA512

7efd180f87e2b3e2f4442b57b64e1ad23a0f77add7228d386edb3c68234ace902e3466ac8ecf294a156439fcef727d8b73cab84439cab72cd3a3f37419647891
SSDEEP

393216:TXZsb9BjOBTuKPTm89HldLz5tg4iX8zZiN6:TI9xO77vldv5tgn6z

Score

6^/10

discovery link pdf persistence privilege_escalation

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208} = "\"C:\\ProgramData\\Package Cache\\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\\UE4PrereqSetup_x64.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\UE4_Prerequisites_(x64)_20241208141452.log\" /burn.runonce"	UE4PrereqSetup_x64.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in System32 directory 56 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\X3DAudio1_7.dll	DXSetup.exe
File created	C:\Windows\SysWOW64\SET824B.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET82AA.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\SET8380.tmp	infinst.exe
File created	C:\Windows\system32\SET818C.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET824B.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET8318.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\XAPOFX1_5.dll	infinst.exe
File created	C:\Windows\system32\SET842C.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET819E.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\d3dx10_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\d3dx11_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET80FF.tmp	infinst.exe
File opened for modification	C:\Windows\system32\D3DX9_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET8209.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET82AA.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_7.dll	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET8015.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\X3DAudio1_7.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\d3dx10_43.dll	DXSetup.exe
File created	C:\Windows\system32\SET8380.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET813F.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET813F.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\d3dcsx_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET842B.tmp	infinst.exe
File created	C:\Windows\system32\SET8043.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET818C.tmp	infinst.exe
File created	C:\Windows\SysWOW64\SET83B5.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET80C1.tmp	DXSetup.exe
File created	C:\Windows\system32\SET82C4.tmp	infinst.exe
File opened for modification	C:\Windows\system32\D3DCompiler_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\XAudio2_7.dll	infinst.exe
File opened for modification	C:\Windows\system32\vcomp100.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\d3dx11_43.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\SET842C.tmp	infinst.exe
File created	C:\Windows\system32\SET80FF.tmp	infinst.exe
File created	C:\Windows\system32\SET8266.tmp	infinst.exe
File created	C:\Windows\system32\SET842B.tmp	infinst.exe
File created	C:\Windows\SysWOW64\SET8015.tmp	DXSetup.exe
File created	C:\Windows\system32\SET8209.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\d3dcsx_43.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\SET82C4.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_43.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\xinput1_3.dll	infinst.exe
File created	C:\Windows\SysWOW64\SET83B6.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\SET8043.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET80C1.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET8318.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_5.dll	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_43.dll	DXSetup.exe
File created	C:\Windows\SysWOW64\SET819E.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\SET8266.tmp	infinst.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\SET83B5.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET83B6.tmp	DXSetup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\Scalability.ini	XGame-Win64-Shipping.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\cef.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Content\Paks	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\resource\img\btn_9.png	Dislyte_setup_0.0.4.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\zh-TW.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\chrome_100_percent.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\tr.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\resource\data\init.dat	Dislyte_setup_0.0.4.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ca.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\sl.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ca.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-heap-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\gu.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\resource\lang	Dislyte_setup_0.0.4.exe
File created	C:\Program Files (x86)\Dislyte\resource\lang\th.js	Dislyte_setup_0.0.4.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\hu.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\kn.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\fi.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-core-heap-l1-1-0.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\CrashSight\Source\CrashSightLib\Win64\GameBabyConfig64.dat	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-crt-private-l1-1-0.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\th.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\PhysX3\Win64\VS2015\PhysX3_x64.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-core-libraryloader-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\Engine.ini	XGame-Win64-Shipping.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\hu.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ml.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-file-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-crt-utility-l1-1-0.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\resource\xml\set.xml	Dislyte_setup_0.0.4.exe
File created	C:\Program Files (x86)\Dislyte\save\config.ini	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\sl.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-crt-convert-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-private-l1-1-0.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\ml.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-core-console-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\vcruntime140.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\resource\xml\ann_list_item.xml	Dislyte_setup_0.0.4.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Content	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\ru.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\icudtl.dat	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\Hardware.ini	XGame-Win64-Shipping.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\vcruntime140_1.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\SystemLibrary\api-ms-win-core-util-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\DlgSystem.ini	XGame-Win64-Shipping.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\FMODStudio\Binaries\Win64\lilith_lidj.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbis_64.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbis_64.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\FMODStudio\Binaries\Win64\lilith_lidj.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\pt-BR.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-downlevel-kernel32-l2-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\nb.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Binaries\ThirdParty\CEF3\Win64\Resources\locales\pt-PT.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\CrashSight	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\fa.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\mr.pak	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\LimNative\Source\ThirdParty\LIM\bin\x64\Release\lim.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-datetime-l1-1-0.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-math-l1-1-0.dll	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\LimNative\Source\ThirdParty\LIM\bin\x64\Release\lim.dll	DislyteLauncher.exe
File opened for modification	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\locales\et.pak	DislyteLauncher.exe
File created	C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-handle-l1-1-0.dll	DislyteLauncher.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_d3dcsx_43_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_XAudio_x86.cab	rundll32.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_d3dcsx_43_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\DirectX.log	infinst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\SystemTemp\~DFB31CC6FE2A79E28F.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\DSETUP.dll	rundll32.exe
File created	C:\Windows\Installer\e5c7816.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_d3dx9_43_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\dxdllreg_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_D3DCompiler_43_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_XAudio_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Feb2010_X3DAudio_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Jun2010_d3dx10_43_x64.cab	rundll32.exe
File created	C:\Windows\Installer\SourceHash{F9EC45F9-074A-48BF-92E9-A8CADD56F693}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSetup.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF446333C201114DED.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\dxupdate.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\Feb2010_X3DAudio_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\e5c7816.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF133F55B874BEAF7F.TMP	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\CustomAction.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\APR2007_xinput_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI7C0E.tmp-\dsetup32.dll	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\9F54CE9FA470FB84299E8AACDD656F39\1.0.11\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\e5c781a.msi	msiexec.exe

Executes dropped EXE 62 IoCs

pid	Process
2204	DislyteLauncher.exe
2344	Dislyte.exe
1304	UE4PrereqSetup_x64.exe
4004	UE4PrereqSetup_x64.exe
1788	vcredist_x86.exe
1156	vcredist_x86.exe
3992	vcredist_x64.exe
3272	vcredist_x64.exe
2008	DXSetup.exe
4432	infinst.exe
3992	infinst.exe
240	infinst.exe
1184	infinst.exe
3320	infinst.exe
3272	infinst.exe
3556	infinst.exe
4544	infinst.exe
3640	XGame-Win64-Shipping.exe
1468	limpcbrowserex.exe
3248	limpcbrowserex.exe
4836	limpcbrowserex.exe
4640	limpcbrowserex.exe
236	limpcbrowserex.exe
1188	limpcbrowserex.exe
1788	limpcbrowserex.exe
352	Dislyte.exe
1240	XGame-Win64-Shipping.exe
3880	limpcbrowserex.exe
4308	limpcbrowserex.exe
2320	limpcbrowserex.exe
1752	limpcbrowserex.exe
2840	limpcbrowserex.exe
3576	limpcbrowserex.exe
1860	limpcbrowserex.exe
3356	DislyteLauncher.exe
4664	Dislyte.exe
1224	XGame-Win64-Shipping.exe
1736	limpcbrowserex.exe
5100	limpcbrowserex.exe
3348	limpcbrowserex.exe
1436	limpcbrowserex.exe
4684	limpcbrowserex.exe
1856	limpcbrowserex.exe
3148	limpcbrowserex.exe
3332	Dislyte.exe
3232	XGame-Win64-Shipping.exe
568	limpcbrowserex.exe
828	limpcbrowserex.exe
652	limpcbrowserex.exe
4376	limpcbrowserex.exe
1244	limpcbrowserex.exe
4408	limpcbrowserex.exe
2312	limpcbrowserex.exe
4124	Dislyte.exe
3904	XGame-Win64-Shipping.exe
2680	limpcbrowserex.exe
2308	limpcbrowserex.exe
1316	limpcbrowserex.exe
3736	limpcbrowserex.exe
1980	limpcbrowserex.exe
2468	limpcbrowserex.exe
4740	limpcbrowserex.exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
behavioral1/files/0x001a00000002ad31-5287.dat	pdf_with_link_action

Loads dropped DLL 64 IoCs

pid	Process
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UE4PrereqSetup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DislyteLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UE4PrereqSetup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DislyteLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Dislyte_setup_0.0.4.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3640	XGame-Win64-Shipping.exe
1240	XGame-Win64-Shipping.exe
1224	XGame-Win64-Shipping.exe
3232	XGame-Win64-Shipping.exe
3904	XGame-Win64-Shipping.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008e4795fcec2d58710000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008e4795fc0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008e4795fc000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8e4795fc000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008e4795fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	rundll32.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DXSetup.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DXSetup.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DXSetup.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "6"	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DXSetup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}\Dependents	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}v1.0.11.0\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\Dependents	UE4PrereqSetup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\Version = "16777227"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}v1.0.11.0\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\ProductName = "UE4 Prerequisites (x64)"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	DXSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\Version = "1.0.13.0"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\PackageCode = "2FA1C12879755F244AF89A63B8216C70"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}\DisplayName = "UE4 Prerequisites (x64)"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	DXSetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}\Version = "1.0.11.0"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList\PackageName = "UE4PrereqSetup_x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\Dependents\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9F54CE9FA470FB84299E8AACDD656F39	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\06160A3C31624122A971135BA0D60E46	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\DisplayName = "UE4 Prerequisites (x64)"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\ProductIcon = "C:\\Windows\\Installer\\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}\\Setup.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}\Dependents\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\ = "{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9F54CE9FA470FB84299E8AACDD656F39\AuthorizedLUAApp = "0"	msiexec.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	UE4PrereqSetup_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	UE4PrereqSetup_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	limpcbrowserex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	limpcbrowserex.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	limpcbrowserex.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
112	Dislyte_setup_0.0.4.exe
112	Dislyte_setup_0.0.4.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
3640	XGame-Win64-Shipping.exe
1240	XGame-Win64-Shipping.exe
1224	XGame-Win64-Shipping.exe
3232	XGame-Win64-Shipping.exe
3904	XGame-Win64-Shipping.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	112	Dislyte_setup_0.0.4.exe
Token: SeBackupPrivilege	2252	vssvc.exe
Token: SeRestorePrivilege	2252	vssvc.exe
Token: SeAuditPrivilege	2252	vssvc.exe
Token: SeShutdownPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeIncreaseQuotaPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSecurityPrivilege	2144	msiexec.exe
Token: SeCreateTokenPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeAssignPrimaryTokenPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeLockMemoryPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeIncreaseQuotaPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeMachineAccountPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeTcbPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSecurityPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeTakeOwnershipPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeLoadDriverPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSystemProfilePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSystemtimePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeProfSingleProcessPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeIncBasePriorityPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeCreatePagefilePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeCreatePermanentPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeBackupPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeRestorePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeShutdownPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeDebugPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeAuditPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSystemEnvironmentPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeChangeNotifyPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeRemoteShutdownPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeUndockPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeSyncAgentPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeEnableDelegationPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeManageVolumePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeImpersonatePrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeCreateGlobalPrivilege	1304	UE4PrereqSetup_x64.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe
Token: SeRestorePrivilege	2144	msiexec.exe
Token: SeTakeOwnershipPrivilege	2144	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2204	DislyteLauncher.exe
4004	UE4PrereqSetup_x64.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
3356	DislyteLauncher.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
2204	DislyteLauncher.exe
3356	DislyteLauncher.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe
4388	taskmgr.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3640	XGame-Win64-Shipping.exe
3640	XGame-Win64-Shipping.exe
1240	XGame-Win64-Shipping.exe
1240	XGame-Win64-Shipping.exe
1224	XGame-Win64-Shipping.exe
1224	XGame-Win64-Shipping.exe
3232	XGame-Win64-Shipping.exe
3232	XGame-Win64-Shipping.exe
3904	XGame-Win64-Shipping.exe
3904	XGame-Win64-Shipping.exe
1364	firefox.exe
1364	firefox.exe
1364	firefox.exe
1364	firefox.exe
1364	firefox.exe
1364	firefox.exe
1364	firefox.exe
4800	MiniSearchHost.exe
756	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2204	112	Dislyte_setup_0.0.4.exe	78
PID 112 wrote to memory of 2204	112	Dislyte_setup_0.0.4.exe	78
PID 112 wrote to memory of 2204	112	Dislyte_setup_0.0.4.exe	78
PID 2204 wrote to memory of 2344	2204	DislyteLauncher.exe	84
PID 2204 wrote to memory of 2344	2204	DislyteLauncher.exe	84
PID 2344 wrote to memory of 1304	2344	Dislyte.exe	87
PID 2344 wrote to memory of 1304	2344	Dislyte.exe	87
PID 2344 wrote to memory of 1304	2344	Dislyte.exe	87
PID 1304 wrote to memory of 4004	1304	UE4PrereqSetup_x64.exe	88
PID 1304 wrote to memory of 4004	1304	UE4PrereqSetup_x64.exe	88
PID 1304 wrote to memory of 4004	1304	UE4PrereqSetup_x64.exe	88
PID 1304 wrote to memory of 1788	1304	UE4PrereqSetup_x64.exe	95
PID 1304 wrote to memory of 1788	1304	UE4PrereqSetup_x64.exe	95
PID 1304 wrote to memory of 1788	1304	UE4PrereqSetup_x64.exe	95
PID 1788 wrote to memory of 1156	1788	vcredist_x86.exe	96
PID 1788 wrote to memory of 1156	1788	vcredist_x86.exe	96
PID 1788 wrote to memory of 1156	1788	vcredist_x86.exe	96
PID 1304 wrote to memory of 3992	1304	UE4PrereqSetup_x64.exe	97
PID 1304 wrote to memory of 3992	1304	UE4PrereqSetup_x64.exe	97
PID 1304 wrote to memory of 3992	1304	UE4PrereqSetup_x64.exe	97
PID 3992 wrote to memory of 3272	3992	vcredist_x64.exe	98
PID 3992 wrote to memory of 3272	3992	vcredist_x64.exe	98
PID 3992 wrote to memory of 3272	3992	vcredist_x64.exe	98
PID 2144 wrote to memory of 1616	2144	msiexec.exe	100
PID 2144 wrote to memory of 1616	2144	msiexec.exe	100
PID 1616 wrote to memory of 4708	1616	MsiExec.exe	101
PID 1616 wrote to memory of 4708	1616	MsiExec.exe	101
PID 4708 wrote to memory of 2008	4708	rundll32.exe	102
PID 4708 wrote to memory of 2008	4708	rundll32.exe	102
PID 4708 wrote to memory of 2008	4708	rundll32.exe	102
PID 2008 wrote to memory of 4432	2008	DXSetup.exe	104
PID 2008 wrote to memory of 4432	2008	DXSetup.exe	104
PID 2008 wrote to memory of 3992	2008	DXSetup.exe	105
PID 2008 wrote to memory of 3992	2008	DXSetup.exe	105
PID 2008 wrote to memory of 240	2008	DXSetup.exe	106
PID 2008 wrote to memory of 240	2008	DXSetup.exe	106
PID 2008 wrote to memory of 1184	2008	DXSetup.exe	107
PID 2008 wrote to memory of 1184	2008	DXSetup.exe	107
PID 2008 wrote to memory of 3320	2008	DXSetup.exe	108
PID 2008 wrote to memory of 3320	2008	DXSetup.exe	108
PID 2008 wrote to memory of 3272	2008	DXSetup.exe	109
PID 2008 wrote to memory of 3272	2008	DXSetup.exe	109
PID 2008 wrote to memory of 3556	2008	DXSetup.exe	110
PID 2008 wrote to memory of 3556	2008	DXSetup.exe	110
PID 2008 wrote to memory of 4544	2008	DXSetup.exe	111
PID 2008 wrote to memory of 4544	2008	DXSetup.exe	111
PID 2008 wrote to memory of 3076	2008	DXSetup.exe	112
PID 2008 wrote to memory of 3076	2008	DXSetup.exe	112
PID 2344 wrote to memory of 3640	2344	Dislyte.exe	114
PID 2344 wrote to memory of 3640	2344	Dislyte.exe	114
PID 3640 wrote to memory of 1468	3640	XGame-Win64-Shipping.exe	116
PID 3640 wrote to memory of 1468	3640	XGame-Win64-Shipping.exe	116
PID 3640 wrote to memory of 3248	3640	XGame-Win64-Shipping.exe	117
PID 3640 wrote to memory of 3248	3640	XGame-Win64-Shipping.exe	117
PID 3248 wrote to memory of 4836	3248	limpcbrowserex.exe	118
PID 3248 wrote to memory of 4836	3248	limpcbrowserex.exe	118
PID 3248 wrote to memory of 4640	3248	limpcbrowserex.exe	119
PID 3248 wrote to memory of 4640	3248	limpcbrowserex.exe	119
PID 3248 wrote to memory of 236	3248	limpcbrowserex.exe	120
PID 3248 wrote to memory of 236	3248	limpcbrowserex.exe	120
PID 3248 wrote to memory of 1788	3248	limpcbrowserex.exe	121
PID 3248 wrote to memory of 1788	3248	limpcbrowserex.exe	121
PID 3248 wrote to memory of 1188	3248	limpcbrowserex.exe	122
PID 3248 wrote to memory of 1188	3248	limpcbrowserex.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Dislyte_setup_0.0.4.exe
"C:\Users\Admin\AppData\Local\Temp\Dislyte_setup_0.0.4.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:112
- C:\Program Files (x86)\Dislyte\DislyteLauncher.exe
  "C:\Program Files (x86)\Dislyte\DislyteLauncher.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe
    "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe" --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
      "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe"
      4⤵
      Adds Run key to start application
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1304
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe" -burn.unelevated BurnPipe.{F40325C3-EF28-4F11-A54A-D8AE04948FDB} {A279AB48-EFA7-4139-8604-C559B4D27F4D} 1304
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        
        PID:4004
    - - C:\ProgramData\Package Cache\725656A642A518F8060892D8AB82226C1430C964\vcredist_x86.exe
        
        "C:\ProgramData\Package Cache\725656A642A518F8060892D8AB82226C1430C964\vcredist_x86.exe" /quiet /norestart -burn.embedded BurnPipe.{6B9933CC-07F8-4738-B222-F82CD4389E7B} {4AE53766-67BA-4A73-A192-16A80B262006} 1304
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1788
      - C:\ProgramData\Package Cache\725656A642A518F8060892D8AB82226C1430C964\vcredist_x86.exe
        
        "C:\ProgramData\Package Cache\725656A642A518F8060892D8AB82226C1430C964\vcredist_x86.exe" /quiet /norestart -burn.embedded BurnPipe.{6B9933CC-07F8-4738-B222-F82CD4389E7B} {4AE53766-67BA-4A73-A192-16A80B262006} 1304 -burn.unelevated BurnPipe.{4334A314-8E60-4414-A017-3B17B6E8F00B} {EC50CC0D-A102-414F-A784-CC9CF7E8E338} 1788
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1156
    - - C:\ProgramData\Package Cache\5027E77B7EDEDA314287F9E2279C3927D92F6FF8\vcredist_x64.exe
        
        "C:\ProgramData\Package Cache\5027E77B7EDEDA314287F9E2279C3927D92F6FF8\vcredist_x64.exe" /quiet /norestart -burn.embedded BurnPipe.{27564C43-1983-4CE0-9BF2-D8EFD2E80879} {72AB1088-191B-415D-88BB-645133633C7A} 1304
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3992
      - C:\ProgramData\Package Cache\5027E77B7EDEDA314287F9E2279C3927D92F6FF8\vcredist_x64.exe
        
        "C:\ProgramData\Package Cache\5027E77B7EDEDA314287F9E2279C3927D92F6FF8\vcredist_x64.exe" /quiet /norestart -burn.embedded BurnPipe.{27564C43-1983-4CE0-9BF2-D8EFD2E80879} {72AB1088-191B-415D-88BB-645133633C7A} 1304 -burn.unelevated BurnPipe.{463832DC-10C2-4F83-B156-D56C49BB0FFD} {B9D6D7B7-DF3F-4B0C-96DA-3ADF2E0B8251} 3992
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3272
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\XGame-Win64-Shipping.exe
      "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame/Binaries/Win64/XGame-Win64-Shipping.exe" XGame --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3640
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --quit-from-parkapp=1 --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd
        5⤵
        Executes dropped EXE
        
        PID:1468
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd --pk-host-port=8888 --lang=en --flags=0 --ppid=3640
        5⤵
        Executes dropped EXE
        Modifies system certificate store
        Suspicious use of WriteProcessMemory
        
        PID:3248
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1740,i,8047075427054213717,5808160849151237452,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:4836
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1740,i,8047075427054213717,5808160849151237452,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:4640
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1740,i,8047075427054213717,5808160849151237452,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:236
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2368 --field-trial-handle=1740,i,8047075427054213717,5808160849151237452,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:1788
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2376 --field-trial-handle=1740,i,8047075427054213717,5808160849151237452,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:1188
- - C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe
    "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe" --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
    3⤵
    - Executes dropped EXE
    PID:352
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\XGame-Win64-Shipping.exe
      "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame/Binaries/Win64/XGame-Win64-Shipping.exe" XGame --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
      4⤵
      Executes dropped EXE
      System Network Configuration Discovery: Internet Connection Discovery
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --quit-from-parkapp=1 --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd
        5⤵
        Executes dropped EXE
        
        PID:3880
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd --pk-host-port=8888 --lang=en --flags=0 --ppid=1240
        5⤵
        Executes dropped EXE
        
        PID:4308
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1548 --field-trial-handle=1640,i,16344326625216657496,8763077560250653061,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
        6⤵
        Executes dropped EXE
        
        PID:2320
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1640,i,16344326625216657496,8763077560250653061,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:1752
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2216 --field-trial-handle=1640,i,16344326625216657496,8763077560250653061,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        6⤵
        Executes dropped EXE
        
        PID:2840
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2376 --field-trial-handle=1640,i,16344326625216657496,8763077560250653061,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:1860
      - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2392 --field-trial-handle=1640,i,16344326625216657496,8763077560250653061,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        6⤵
        Executes dropped EXE
        
        PID:3576

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2188

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2252

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:560

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 190FFBEE3E9481CE840E61E78C33B26F E Global\MSI0000
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI7C0E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240942125 2 CustomAction!CustomAction.CustomActions.InstallDirectX
    3⤵
    - Drops file in Windows directory
    - Modifies data under HKEY_USERS
    - Suspicious use of WriteProcessMemory
    PID:4708
  - - C:\Windows\Installer\MSI7C0E.tmp-\DXSetup.exe
      "C:\Windows\Installer\MSI7C0E.tmp-\DXSetup.exe" /silent
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe X3DAudio1_7_x64.inf
        5⤵
        Drops file in System32 directory
        Executes dropped EXE
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe D3DX9_43_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe d3dx10_43_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe d3dx11_43_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe d3dcsx_43_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe D3DCompiler_43_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe XAudio2_7_x64.inf
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Executes dropped EXE
        
        PID:4544
    - - C:\Windows\system32\regsvr32.exe
        
        C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
        5⤵
        Modifies registry class
        
        PID:3076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004D4
1⤵
PID:3584

C:\Program Files (x86)\Dislyte\DislyteLauncher.exe
"C:\Program Files (x86)\Dislyte\DislyteLauncher.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3356
- C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe
  "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe" --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
  2⤵
  - Executes dropped EXE
  PID:4664
- - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\XGame-Win64-Shipping.exe
    "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame/Binaries/Win64/XGame-Win64-Shipping.exe" XGame --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --quit-from-parkapp=1 --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd
      4⤵
      Executes dropped EXE
      PID:1736
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd --pk-host-port=8888 --lang=en --flags=0 --ppid=1224
      4⤵
      Executes dropped EXE
      PID:5100
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1580 --field-trial-handle=1748,i,7644538119343432213,11164599538403907069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:3348
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1600 --field-trial-handle=1748,i,7644538119343432213,11164599538403907069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1436
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1748,i,7644538119343432213,11164599538403907069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1856
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2420 --field-trial-handle=1748,i,7644538119343432213,11164599538403907069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:3148
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2428 --field-trial-handle=1748,i,7644538119343432213,11164599538403907069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://farlightgames.com/termsofservice
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa4f413cb8,0x7ffa4f413cc8,0x7ffa4f413cd8
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5050220580739424363,5089396544714614202,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5050220580739424363,5089396544714614202,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,5050220580739424363,5089396544714614202,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
    3⤵
    PID:4048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,5050220580739424363,5089396544714614202,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:2180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,5050220580739424363,5089396544714614202,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://farlightgames.com/privacy
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa4f413cb8,0x7ffa4f413cc8,0x7ffa4f413cd8
    3⤵
    PID:680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    PID:3236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:1104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5236 /prefetch:8
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    PID:5116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
    3⤵
    PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7148 /prefetch:2
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
    3⤵
    PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2392 /prefetch:2
    3⤵
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,7200824579995362759,17290349015838135249,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:8
    3⤵
    PID:1860
- C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe
  "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe" --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
  2⤵
  - Executes dropped EXE
  PID:3332
- - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\XGame-Win64-Shipping.exe
    "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame/Binaries/Win64/XGame-Win64-Shipping.exe" XGame --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3232
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --quit-from-parkapp=1 --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd
      4⤵
      Executes dropped EXE
      PID:568
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd --pk-host-port=8888 --lang=en --flags=0 --ppid=3232
      4⤵
      Executes dropped EXE
      PID:828
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1672,i,15869746501619964401,6281851377545399994,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:652
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1672,i,15869746501619964401,6281851377545399994,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:4376
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1672,i,15869746501619964401,6281851377545399994,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1244
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2400 --field-trial-handle=1672,i,15869746501619964401,6281851377545399994,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:2312
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2408 --field-trial-handle=1672,i,15869746501619964401,6281851377545399994,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4408
- C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe
  "C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe" --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
  2⤵
  - Executes dropped EXE
  PID:4124
- - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\XGame-Win64-Shipping.exe
    "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame/Binaries/Win64/XGame-Win64-Shipping.exe" XGame --env_id=prodaafe93cfce5a7c038173706b99dd --version=3.4.0 --env=prod
    3⤵
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3904
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --quit-from-parkapp=1 --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd
      4⤵
      Executes dropped EXE
      PID:2680
  - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
      ../../Plugins/PCSDK/Resources/limpcbrowserex.exe --start-from-parkapp=0.1.2.9 --pk-env-id=prodaafe93cfce5a7c038173706b99dd --pk-host-port=8888 --lang=en --flags=0 --ppid=3904
      4⤵
      Executes dropped EXE
      PID:2308
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1756,i,18152568300602129091,398768244552367062,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:1316
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1756,i,18152568300602129091,398768244552367062,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:3736
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --lang=en --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --mojo-platform-channel-handle=2280 --field-trial-handle=1756,i,18152568300602129091,398768244552367062,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1980
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2368 --field-trial-handle=1756,i,18152568300602129091,398768244552367062,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:2468
    - - C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe
        
        "C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe" --type=renderer --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/0.1.2.9 browser/0.1.2.9" --user-data-dir="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache" --no-sandbox --force-device-scale-factor=1 --log-file="C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\console.log" --js-flags=--expose-wasm --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2392 --field-trial-handle=1756,i,18152568300602129091,398768244552367062,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
        5⤵
        Executes dropped EXE
        
        PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa4eeb3cb8,0x7ffa4eeb3cc8,0x7ffa4eeb3cd8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,5104887314509135334,1450180938854224785,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,5104887314509135334,1450180938854224785,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,5104887314509135334,1450180938854224785,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5104887314509135334,1450180938854224785,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5104887314509135334,1450180938854224785,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4348
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d17ab07-1036-4f7f-b6b3-0435bcd7fec7} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" gpu
    3⤵
    PID:4516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bd445fd-4016-4d44-9071-3db7b150db26} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" socket
    3⤵
    - Checks processor information in registry
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3172 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {608306b6-d1bd-404b-9128-11c75a75ec73} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -childID 2 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22033ce8-1ab9-44c5-bb45-fdd58a1b9b96} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4932 -prefMapHandle 4872 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e8ae00c-bb5b-40d1-9772-9048cdf5d315} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" utility
    3⤵
    - Checks processor information in registry
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 2560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {998ddf75-520f-4a93-8486-beffd06105ec} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 4 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {093e92e4-f88b-44d7-b41f-4b930a193c3e} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfe94133-fa75-4dae-801a-a754b8b02008} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -childID 6 -isForBrowser -prefsHandle 6228 -prefMapHandle 6216 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce62d31a-a25c-4370-aa4d-5ff1ad42d6ba} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -childID 7 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d12f0041-277f-42ba-88fb-185301777f58} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -childID 8 -isForBrowser -prefsHandle 6452 -prefMapHandle 6456 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bd85f03-22af-4d2f-bb44-eb5774a88d76} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6460 -childID 9 -isForBrowser -prefsHandle 6652 -prefMapHandle 6216 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1e2c399-87b1-4ab5-ad8d-20bd912c28d0} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6620 -childID 10 -isForBrowser -prefsHandle 5468 -prefMapHandle 5092 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93770cfe-b03a-417c-85aa-fe16d4d8cb62} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6228 -childID 11 -isForBrowser -prefsHandle 6776 -prefMapHandle 6784 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8ed4b0e-4cb8-4a6f-801e-8079aa9ba728} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6888 -childID 12 -isForBrowser -prefsHandle 6724 -prefMapHandle 6472 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e74f3b-8b25-4b6a-bed0-c7ac9c352671} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6832 -childID 13 -isForBrowser -prefsHandle 6840 -prefMapHandle 6844 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {030e1a73-fbcf-4662-9bd3-9fd76552b904} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7456 -childID 14 -isForBrowser -prefsHandle 7452 -prefMapHandle 7376 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95dfcd3f-ef44-4442-9393-6ba374b45003} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -childID 15 -isForBrowser -prefsHandle 6560 -prefMapHandle 6536 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b23cb2-1625-4873-94fc-5708c3f595e7} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7576 -childID 16 -isForBrowser -prefsHandle 7608 -prefMapHandle 7604 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef7a0fd2-ab81-4061-8858-bbb3d272752c} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 17 -isForBrowser -prefsHandle 4456 -prefMapHandle 7616 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec07fb88-9401-4ba7-98a1-22fca3cc235f} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7824 -childID 18 -isForBrowser -prefsHandle 7944 -prefMapHandle 7952 -prefsLen 27961 -prefMapSize 244658 -jsInitHandle 1380 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f07add-3e34-437b-b9f0-8dfee1a4c241} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" tab
    3⤵
    PID:3416

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3954055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5c7819.rbs

Filesize
22KB

MD5
1eca3d5a3ee0198e2ae51e9f4680b2dc

SHA1
fde28591dedf2b7781c1695b34b2fb38e8767ab4

SHA256
6e6c796ec9cdb66eb50bc62f55c53f3c63d88a34a9a19a424e32340276691de7

SHA512
95eeffe087c8640b7fd54b5265a581f4f1b8a3e4f011acd02d0c9c603acf58433c98d997f7a587d8033ab52d07e3b46ef0846459760aeb2afa23d728c6bbd1a0

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\Dislyte.exe

Filesize
333KB

MD5
879c13187869aeebbfbe7b930af495ba

SHA1
b7f87e8b613a1981ddd26b8c9df265effc1fa2e5

SHA256
ad54f97675e5557ac8bd9570ecd84d92e0428ebb68b407eaf77c56eba00472c2

SHA512
14e01fcdc582f4fdf96b8317e763245e9bc90b10ac57c31ff42981d12e157823f2a97fb7bba9bea5ac3ce21a2d3c3385004ee085aa67cfeb4a2a1868514ad7af

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
6758f8aee3488dbe68c9b474d11b7c09

SHA1
500ace646431382e429862516a816e71d62855ff

SHA256
6df76986aec08e89ea037bc5271caaa82c69bd7eefba4fc293f92de1b1213e5e

SHA512
1f20eae2f4ca95b0d8a913adac082d32d42bf6a90f7fec201189a61983058039326d7ee0651d3d59312afe1eea870cecb3ff67cb67d1c45fbda38f0fe20fc1e3

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-console-l1-2-0.dll

Filesize
21KB

MD5
09e82ec6f1745c4a7105b56379e5dc60

SHA1
cef6edfb0aeb44caad29bad95447aac77ab55270

SHA256
05c7a25f72f40225ccf8af947a8e90580656228636d462a520b503de2c8e0aad

SHA512
d2698dfb3efab7e698b96280ffa897acd89b9fec78b7aa97eed4cd2d0dcc6657e732a82337cc987f0d4497b66275f2c88f6884417a134f6354af41c9bc481596

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
796c56d85a41b53ebd6d18f0a09c73b5

SHA1
28e561bcc1f85c3c54507e5d2d97c212f9cce8ca

SHA256
c541697c3e9086c6483e88d9cc8fe8a2efc74f663da0b0662babc04d3f79000f

SHA512
4ca10389eda1a82e4dc0a6484cd6caab10728d7ea319eb8f93d87e708d2f882dfbcf9abebcc75c68455fa9b4d7b6aa34764b4308a7150c3fda4ad9ade22c512a

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
56a8f4f8f019e1b09369bf2138b56588

SHA1
863af96fcd78fb54fcaaaf4ce9a07b12d4235500

SHA256
fed0c40d172de4de52dc2230c5c92fd6bc8e8553619d5bb5240dcc4f025dc8cf

SHA512
22973b4a7f77c35a2aa18e4d0c871cb08ad9551e909f7daae5bdd3bbc6bca01cb2f01dff2688bcbcf01371c730da4c09ef5f22c2b22cc9c4a18b8762f210bfcc

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
15f3c06d69ecce79552d8c84b1153a1e

SHA1
8bfe2cad35e7ed54cb1e570520ffa9a5e129de51

SHA256
cdae6e7d24d4ca4b491d483135740cc60f2dfc74dd2e01779e655b9f8f85a337

SHA512
024b80e906fac608a3ed1c46646c51d7fbef854883f32feed98a42585d909abc48dae419171a38a66e9bc7a686812028fc4b7b7b2a75c535b5a78f0b260a153a

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
12be7e99c4323ab24b704217e4605f33

SHA1
7d97c35e0d70341e6b8fc11f7caa075a73bafe8b

SHA256
cbb6cb7ff25363b07647ea05d01f2881837d50b04bba4debe875a4aa3a307c52

SHA512
a12222247524770e6f38c9d17933e78409b3623ce5e2ac5fccd37702e2a365f4219919a22bc121fc68e6fa4a66e6b38f694a37f7d6dde6f189ea6b5048d3e2fa

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
fc67b593fea9e5041a3ebbb1d63cc6e2

SHA1
6149407959f7f1f8049ec89debbac0224b9d313b

SHA256
02c96dde747ea574fecfb93d43dd9829236a1b22f0eb5513c0e0b27b7bdac934

SHA512
08a39708334c68fcee0f14637f0cb349bfc59fab9b756fb9221a0d2189a10954c1a79e38b0fca76fb0060a99f54a2ab9c56d74c3b018ba993e7358cc990195d4

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
c9aead0b44ca448e8de83b94750d44ce

SHA1
3810fedb4d552849256c33aabe6c35d79013033a

SHA256
682968c7640a1d55485b7c10dfdaf520b1e1c73a8be267853e80be893be3fb49

SHA512
ef957aa7f451c07a5d87964f9cb4b7c0a1de7b7e4015f569cfaa093e105a704c74221209d0d362983a1ecb756eab2bf6760c08a90a6a77b10a4aa8e3180c8f0f

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
74d28c728dd1a065924132ae160beff5

SHA1
7787637e247e256947c2d34df5c58bbbec5b5f1f

SHA256
45a0eb1b83f448054536d3aa628393b7418477897e841c66384ecc7f4f18c2f2

SHA512
961b06a363f15fd7c6148c6c3364e6152f6284d8ed061bf6501e867c38cdcac6b20b09722315aa605ab2284bc61ed18e30d67707d6956786a08ec073a9b1f21f

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
75c7f5339f085082522d71294fa4c3a6

SHA1
0b45dc77b9e5ac26b364756fe8b39d64e42f6761

SHA256
9986a39b7f2e067ee7d1f2b3db0b940e2b75900152f099ff41cce8ddd47565e0

SHA512
685cd2ed25384e45e6be07cf8a3d342d14fef8b3e3acf429b6dd62b0654983f6a670182bfb252534118abb79feb4a915575c9ef9f68641fe16682a64031c41e3

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
1034b4c29f19a19b632743326e1ff771

SHA1
079fec3a020ab1031f0d47782a8238386f4f3f62

SHA256
54b51444c8b6c9342fd20f5a5b0909a906acd0bdc9cf4d70134d5f8cffbe3209

SHA512
d3e3b72dd3c8f08267f761a6b1bb1664f0c34eea54cbef99c710cc23d6904481d0f47f0318a07f6c517834e4efbdf6b2616d2e27708e051ddc841dfcd8d31e8d

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
dbe8ac845032de6a29a01e7a8bfa6595

SHA1
b2b2e984380c6c05eefd824a0478d623dd3e84b7

SHA256
ff341ef2c2c389d44bbb1c919ff42ec360015985c0dae2ac760ac5acad0cb1d1

SHA512
e722d3a24a792c143daf38828d508eed3696fccb3f2158e428c252801be9e8c0a28e31ba116d506ccdb0722188ef6b7e060bec00073fe0e23f410e1e6d7a169f

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
ae5132c8595181cf05dc7cca5ca723f2

SHA1
0a1f017457adfa7146107b02e6c541ec79a50f44

SHA256
6cbc929f814d7e931e0f6f510da1696b059c53bf66934a68d218d3342ce4a289

SHA512
51aca4c11b1fb3803fb19ef5ca540f9b08f780e70aa290f01abb2d7778a764f74fe9ec74f5c16ff1736db2f8f1feb19db1a37c738cd3cc0f3fde89809674d341

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
da6e95b036eccdcdab3bc6069c8cedae

SHA1
54338be7dbaed3ae020b04e6270de418b7b1b69e

SHA256
3ddbcd067d495845b7134f30bcea031ad558df4acb562b2f3190941913227158

SHA512
69c54ef10c873023a10023bb94325f4094b383eafe16397275d03decdd770c728b43f94ff722501662feb23bbf9edcab93008b316e286eeaa881beebfe3bd98d

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
84fcdc8e69dcb800756c8ccab6eb0139

SHA1
6f248bfeff341105899173e9575002b4474fb8d0

SHA256
bfa2145c3d615540193a41c9f9605018062307e9fcf1665c390f0034178ecb4a

SHA512
351cc6f478847ba18a9dff48916ca92a4ba311644cf1ab8a30688e7373848d0ff0934865ab7e100c83165750a2a57bcbfe3a92f67e358b0a2c82b295c7815493

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
6d13a3ed4e60106177e88ab4010569dc

SHA1
1080fa5c0c033258fdf9af3542fcffab586dd830

SHA256
4fcb066de08f48a490e7d50417469ab3099b4a7fe318a8845e4ec9b3e3fd52be

SHA512
7d2207fda8dbde3574b15cfd7dd394d539845457baa17533a236638a7686f10f8bc9fde65c2a5b25cc2ce2d2a4775e35190864602bd9c3584b2cac943084e4dc

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
3a4d2b82eed4632ad773b92834cf8615

SHA1
9e07fa2dcc36b859a8848d120df6c70b1a4437cd

SHA256
f3a31997c715dec8a6857d87be217c7acb893839156838ba20b5ef818ad5c9b1

SHA512
f21eff486107ccf80cf1393c6e85a0d3670dc854c54c11b001059e3fb9d38bd01eac45b9d6bbb2125112fa2aed6d744ae3cd3e63913c63c572224af2f2123aac

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
a1fd2e1f3e20518c102455b80654a506

SHA1
62904587b2d1acb270ce4ddb09829bb9d0963b3d

SHA256
470e9d04a1aa19c6b84b5b10cb055ff55caabe0f45d63090865c196b66c295f5

SHA512
80784de136c0bba906f5d7810ea4aa30dd44bc0479e88955178ce4fbdb88c241e25433f962b816e77cadff8120fd695bf33e4be8a278c35fdd50d1f67b6afff5

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
341c352fd602cc3f6d32ad3c7a604ca6

SHA1
2955d5c492f0104de1bd727b0d34eb814d09fbf7

SHA256
4e57ceffbc2ef0e4dbfb92854756f97d2b34d9e29db16f46c476ed360b92b1cc

SHA512
49d3d0ffe8b11ae6ed84db7739fbe321e42ab18da9043c70b8dfedd1c9dad052f906d481a40034816737961c172c31717301d63295ff95ef011b2e157d952ed1

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
2090a00c17fe86651d5b32b46f92f6b1

SHA1
90495206e91fc0d5edd0c9b6dc72b3fc8f95471b

SHA256
0a3a017ca780353d56157682edda4cc3a19a236625fe0f2356faf635cd4f6ace

SHA512
290a4a0497b9d62c3e1bfa848049ebf1c76a7fb90e4ecfd8acf7168abeb2b62bf9e80a850ede61b3eddf406daca218cc676bda8e5576e6ab36dce9f906caf5f8

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
e1055938aa1405e106433dcf9865c70e

SHA1
bfa7284e84448530f4f17d5b4e4cd02e8729cf12

SHA256
243c00a13c8fd6d764ebf22ec5a93492043949616561697b776fe9f62360665b

SHA512
ea76b172e18b63c5961d9d0e2d94418dc2566a925561f667b3b2d45860cf97ba6cc5a4406a5e9e1c26fa6d0df746ddb4716974009fb3677ddcb8ea78012757c3

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
66cb49e507917409940e4d43ed67ab91

SHA1
64a3b351ce6955ac41553984868b56d11a73e57e

SHA256
be439f71ed591f8f65b8894e84569cf3cc3363d88536e49bdd998e49e069d0e8

SHA512
a1b6a7e77b0c1c631efbc8d9acdd797ec582235307e5a656d636edf8e2cfb660fe3932e88609d805355b9b6e06e8691cf0742d90d0e23df687c88744a4af4a4a

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
21a340b24d55d0278bc949c5249d2169

SHA1
3c1e54534fff816609e9b6b45ac37c7f225411a0

SHA256
83e86bee356668319f4115846ed9a571cdb37cd8a0eb036fc2a960bdeafcb526

SHA512
d93dd181986261c1a373c9ccd57a54cccfaf634897fc1e63d1dd37c29becb1e3a69e21c02152d4dca346e3d4d78894e4871968cafe417aea9f3fcac00855db81

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
6ed69ef4309e1d822ed3cb932f78dc07

SHA1
40dffe5b926dbc912cb7c4c4fa540049e7ff37ce

SHA256
718bbb66ed24612c40f415ef11f07db287b1bdf0b130667689d1cdce3a1bee29

SHA512
ff1df05606717dc6c6cc4e8fdaf58267b422003663e57fe8daad44a98b37182cb39c877dd3b37c9283e4fef3c211f33d0f083a00add08c6398d4871f53aa0b89

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
0eca4bfcd4018811e945c50db46ff9fb

SHA1
2a3bb32f44ec2057b9befa66ffbc3eba9d9d750b

SHA256
8e28db596d46ca22f16d8825bebc9406cd01d5efe4233a2eaa6b450473741766

SHA512
3be5ec732f7da63600624e366eaf45df1d7c0478bdc3acd829b549ea0dbb9daede969681214d4dc71b284ebf0443dfd64ac8299b0d49d8e3406efce9a2623614

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
7b00e2a659d323ad29f7ecd06487c91f

SHA1
f8c2c3a856a2226db09eed429de8326c5a3dc0e4

SHA256
b29f3f250eed6d05bc000a1020ca65215838c3733b78293dfca459031df575f8

SHA512
89132bd68d57ce3b992254bb9aad293bad1fc85e6c5c7fa55a92afcf6f41a3d50739dd8a6984d9cff846f4a8a8365177abf78581957eda02886c179f445b22dc

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
8aeb6bd5580d77be52e3afea1e71dd48

SHA1
f5ad96c00a0ed526cb1a2f54f0bd51910319a1d0

SHA256
4f79b6338f8438e63627b174d5b1bee2d2dcfc40a6119221317fe3f0d8b1e1a0

SHA512
7c68a30d1e9a2467131896aaea801c944ff1647455a2a82aa2fa5aeb27c5385815e20a7e41a56ad609b50d6b97381536a90391117d903c5fc0ada1a815a43a7f

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
20771a7e2be8efa6bfb3973dc4503820

SHA1
a6636131cbfdbab7da8e0184b1de7b088dc61000

SHA256
7320687be8b742cd70ac0e5f1b0a854502063f9b291147785aa7355a38de162d

SHA512
3f04cbc6a36b30ade2387dd4390b2a1e271403e7e4a044091aff10d9d035b2f1deead58cd4af234544a78c19b99e512472468ef05b31f2d76aca0612bab37740

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
3c351e6c503b9e6639dbbd9683c59f67

SHA1
bdce17a3dff6afb1c53b3c45358725a64fc9f99c

SHA256
3550d96592baf95f0be865503d98f47c8c8d4d36b01190589bb7bd08585c739d

SHA512
2cde4b736db9d89d28fbc2ee1d54505ec12b06b94edc96c1f2b3415318f1750fbae40b8cd682e5dd1ebf2193d97a2711235c59f61f7122402cafe8b83ddef90e

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
40b6727c5c79a868c9a8ce707a2db322

SHA1
096d14dcd5f4b72c801023521e210fbc09e959f0

SHA256
167a2b52964458b16aaa166de281e52c35dfe920380c9c7783a06678b665b2ba

SHA512
ff2c41c8f63c69a445e48fa6cfa4dd6ea8d9d3d4d17cc9b616a9fc0a5226e10594b05ce52d98104d5f8554c8be1576e4360b34835ade5181d8ab5a558904b546

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
eca0016736bb2ec25fc67f9e9f0759d8

SHA1
2cc5973ce9d1f0f7425a44ae0e378597295bc011

SHA256
255c9a44ed1106c673821ed4ef165788d6bcc94b2924d0fa1d36af4fc2eb0b9c

SHA512
c4b526591c6d759e7594a3bcb73e6b04ba44abcd80bd5706dc9a468c12eb8b1c2a5c76789dc6f2cc77bb560958097460d5507212cba5eaff158c195669abf025

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
72cc5863651b71ce4a72c560e9642df4

SHA1
e2a0508f1c29dceb3a6942bfc563ce9a86bb204f

SHA256
dd4be34d6de584a82f12803b1be98afd48bf2f82e87b8cb77141b41ea6393cd5

SHA512
56e6083c6cf595674a2a5eab15a21e282d01537ebce373f3d315aec62e880b200714a3cdf9812706d9631136ecbda91909f6c7120a587011edd48e95212fd592

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
1f0bc24d9116515226c17c313e2f0b2c

SHA1
2b60ab38b410714b499dda8ce6b72501b33a51f9

SHA256
93fe93380fae70f12ebe85b92e5326321400861167ee0ac858a81d2f7fa37d4b

SHA512
e900c9f414b5b5670195e63d15614613c855523f6cc900197cfa40d95f6fd0a70e0aed25f17bf332d4b42e8cc2a809ee6ef8a494c652691cd1655aa0463635fd

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
bc219ab28fb1d88edae3da2fb296fcc6

SHA1
1d83e3524f05758be84bf13fd23dfedacccda411

SHA256
6ea15153e8948e7fc9e0aee7cfc5cb7b9b8f872f94e6714bc510b9bc7291ad9b

SHA512
e05d1e29127353ad1c1e69174db12902debfff5e88b0fa1512fb6195bfbdc51487ebc7cf504ff59786551f637ec5a95b69876b81b438812b1789308687ecc191

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
29KB

MD5
7a101d01b182373b8b384c810a97e5f8

SHA1
d247ffea7e6dfca129408373de7e2975769d06d0

SHA256
edfb4fcd63eef1adebf52c0fc7e6029883201c97be4d9bed9bf203d0ff595301

SHA512
676ee257109bc6d5e8dae11729ee62dfa942bf674d8099ec3b6942310980692c65c140f0b637c1735985527b063244aac725c1c79448a2bbb23348c043b77289

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-private-l1-1-0.dll

Filesize
73KB

MD5
7b7ae91a526a6d1644682595ca078fdd

SHA1
a820c100f378466c43b9bf1e30404d19df1203f9

SHA256
558ce3eb8b6fe5752008385e225df7a74eae6e8fef74ff0b23ee4ee7e21f87dd

SHA512
ea3a65ff0174df43345a565947006c2d022cf814d85be9c6967dc8020507170a932ccfc5d6b3e37e82a6600497f1c4918238fc5d138d400843eee4148ee03b87

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
61dda8999421ec5bb0293972f1e7c482

SHA1
ee44f9d64e71426fc2028e535810d1eb36f47ad5

SHA256
d92c5cd5e4e3738ac13e28e55de12e6da1ffda6f8e1c7687e0a0b4092c6b3462

SHA512
78006d5b178c5e2166b253abf3a152088c1fac701f8b839f2a184260c2d9191c4b07046ede1c20626c5824824f96e3838c178082dbf3421a011dfb4d8cce33c4

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
c65d65349df5cef27bbc62b01097721f

SHA1
e6c52534595f35f6c8e46f0f9674b98075c4305c

SHA256
1aec90818ef928b5b6ca252e2ac3ffe4ecc1f169251eba720d0035dcb22ba322

SHA512
3da6e8e5c75a8c5a2129d29641f56d99a5f4e46b5e60ea7e7df9cd0128a2ad7a10c55a1448f6887a98644105988ab2cbd7c5eff5ab147c87d055149dcdd80141

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
506cbb0bc39e02a3a59eaa530aed45ac

SHA1
c65efeca3b479f52151f01c2e2b8f6283d9fa68f

SHA256
13328be331666a312d58b6a1b537f8b9ac8922de02e22ddcd0ec84a550e59715

SHA512
92152a0d34fa17e848bd4de4d7c9a878897f5dc6891da7f3a66fac0227dc252a2f0d7a747a1852afa515832814e9485cec3e12c3c92b700463e02b0a0220ac71

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
af11584ffdf901ee5b33decb835327d9

SHA1
787312a11dd81c332a6e03a2a70db9dbcc6845f1

SHA256
e45dd01a9f6edcf992f3c74c0eb41178851490db9123a4c738497fbf4f73ec0e

SHA512
4a7a32f80717607eafe92695379a8063e4ce6d1bd2008b6b09edeb447eaceea30187756e25b8d34efb150b1e941f2bd7c29c754814b3d262d52a4a73882175fd

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
077dfe3d31200aae0f7f1501e24703e2

SHA1
3ac4eb87fda328f8315b3d576e5f765551b319b8

SHA256
0cf285ef569249aaa3fb95de1793fc01895f6805ada65d801302f430b62a5153

SHA512
d06561db911d6b4c0a50a701c20369522ded288d90b80950eccd087ea14bec9567f64e0c1f0212801119d07739b51a22a4e4781583d353c4147f468dfdb1f251

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
4498861d0b1434c62cb029209cdcbeb0

SHA1
90fbf2e25bf053a98ca0a8fe504ecf2d9c15b1b6

SHA256
d2a27ff370b4f5c87e5475573d23ee261825a9cd1dd55ee0551a361f61414209

SHA512
2c2a1dc55703e8568ce4471bc50e5e3042b481fa95fcc73d7693c2cfefa60ded7df748e5efa1b418168b719232d7f615b88df845c64df27a36557d6c50702161

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\api-ms-win-eventing-provider-l1-1-0.dll

Filesize
21KB

MD5
8315f8029e736bef979c39e46bf49771

SHA1
ac6b59e93d55d8b56127c337408348d0f71f9b28

SHA256
1350b9421b950ff295e2ab58f8c24bf6a3a1aceba5c194924d33b827d7520a45

SHA512
d60fab2062862b00904930a1ca68559498ed4876e2ac8db15f0e484a5ed5f7b1628808272051a1588041ca61b4fc2cd543573add114f37f1bd7fa93f8b208987

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\msvcp140.dll

Filesize
557KB

MD5
7db24201efea565d930b7ec3306f4308

SHA1
880c8034b1655597d0eebe056719a6f79b60e03c

SHA256
72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e

SHA512
bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\ucrtbase.dll

Filesize
1020KB

MD5
2c8fe06966d5085a595ffa3c98fe3098

SHA1
e82945e3e63ffef0974d6dd74f2aef2bf6d0a908

SHA256
de8d08d01291df93821314176381f3d1ae863e6c5584a7f8ea42f0b94b15ef65

SHA512
fb08838983c16082a362b3fc89d5b82e61ae629207c13c3cb76b8a0af557ad95c842ce5197ae458b5af61e5449cbab579f509fa72866308aa6fbd3d751522d0f

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\vccorlib140.dll

Filesize
326KB

MD5
25a304a65ab778e0170f46d54f8cb566

SHA1
d2e3570f5e021c90da834ea81ce130bef4bf9252

SHA256
c6a8856d3eedac7b032e7a8730faf22707c9e23c2e289d500daac0dfa5de39a6

SHA512
d4ea79d54e40a0e0dedcc21905556a8e98a28559b281ea35c54f2d08998f49e98c41048d3886c9df383b6aa7dc931971588c0ddbb1e19847b4784cdf512bd5e5

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Binaries\Win64\vcruntime140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Plugins\PCSDK\Resources\limpcbrowserex.exe

Filesize
4.3MB

MD5
9f2b282f35f6d24722f890b07a404719

SHA1
ace8815e75527733c40df382fd2444761bdd0e16

SHA256
4447cb7094b9a1140e59c7627ddf71fa5bed9c718e671f798410c207ff294d83

SHA512
ae030a7580c3378c7744c95a2b3f84749737354d0fe1d4adadfd6ad6b8292b5ef12416ba8f4052db068d4f560a9a0f1b5a896118bada4ff49f8f127e32c2adbb

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\CrashReportClient\UE4CC-Windows-138FABEF47BA53560E4BAF8BE07C9F9E\CrashReportClient.ini

Filesize
114B

MD5
db79c7aa1b5f9a89394a7d03705a7a57

SHA1
4d7189219dac0807612df409dedd78a21507983b

SHA256
974674634f90340cb0c289aa07fded7268501d8278e30717127e9f9594c5a522

SHA512
c72313ba32ad44ae51ed013febf199b289305d016f7d79a4c2b72805c716e8e44bfa21ba96acb51a5b38e29143a61e9e4a69afc6293a264ff42144bb0dd25ed1

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\Engine.ini

Filesize
2KB

MD5
37792ffbb15992f670b67ad798753fd9

SHA1
139388af6a4b2280f3e829b24d098122c0fc59ab

SHA256
e3dff34ed58820919fdb51f88c7803ca71fafed002b82f01e1de618f62c7bf1f

SHA512
39b06e1b8ea04d10bf14e128ee3f3d71db72a1042264147c84c0dcc6c81326d8b4d7209bb22618ba4dd759528e499d8d17cb813b839f70235c156aa8203844d6

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\GameUserSettings.ini

Filesize
1KB

MD5
b4d116bd13d99ba0120abf2d9662cba8

SHA1
fd122e3cf8b8066b3107658394b0eb6d369976ab

SHA256
eb8101c02662a1043c43670f5d2bb518d6cbf3f20d9cc1002d1f55c8ed442960

SHA512
db25d3130a90925b5c33128a550a5a56c2b24de79c4749951471d1db806f2fcee50256d3acdcb92b1f5b5cac71d8f22cb7336e9f1f73e567022ea962c820aa57

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\game\XGame\Saved\Config\WindowsNoEditor\Hardware.ini

Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Program Files (x86)\Dislyte\Dislyte Game\sandbox\ver.dat

Filesize
48KB

MD5
3e69d88f989fc783b3837f2220284b30

SHA1
2ed98b3a75d134b5d81fec0e283edb73f9f3f5cc

SHA256
a38190bce6cd5901ffa93d157cf0009cb848de43fd9b48965fcd1b6345397884

SHA512
c6c2aa8d7ac970cdb30ac1e47a99bc598dc4b4e10afe36c0f2a4b054cc883e07053efda660a6d789ab37a41920e2a1920148732086bd5522dc16b17afefd573d

Download Submit
C:\Program Files (x86)\Dislyte\DislyteLauncher.exe

Filesize
9.3MB

MD5
9c536edea9b1df9a62264bb063c5b968

SHA1
15564d3863e08696bec0ee00632e2fbf03f21f0a

SHA256
c8ede143983093ef75c9777d7a88b8ebc2cc10ae1b1ba3293aeae8b15baf6c50

SHA512
efb366c6cea44c620ed6171843851a7e5b18e5c7c4cc469f28ebdc2b7bb073c5624def175c409090d251d7ee3be236829449d50c6f7c32cc7bb20ae9264a9cfb

Download Submit
C:\Program Files (x86)\Dislyte\save\gamepack.json

Filesize
4KB

MD5
8aab3449da47e95ce2a03bdbbb3025d2

SHA1
fd61a86dba4306727eaef89773029ba12112fbc7

SHA256
eecc2b59493db5e3cd6c46117b8e2ed1680d56b8a10fdd6bc5a390ad3cff3f94

SHA512
6b3807874525f38ba2a42da868638a2f5cd033d010c9224dfdc5d27966c974ee2d5be8e985642dbaa5d0f47fb2197a37105fa0337b7de5ad1a5afc328356e091

Download Submit
C:\Program Files (x86)\Dislyte\save\gameupgrade.dat

Filesize
1KB

MD5
4d2e88793e054ee6016f05d37f4e6c62

SHA1
8a090508a9666019c53fb0a8746bf2b7d76ecb13

SHA256
d56e1cab6f87bc80240686dd3ae642658c57d148c99d7f34ca7312daeb4375dd

SHA512
f433c1f9b7338a3f342e2cb35c430cbf4f04826cf385d8dd045ae62cfbfd1d31fbe7d458f425d0fae853053baaa26f7ed5cf1c6b4df1cccd3fd82c5b08364bff

Download Submit
C:\Program Files (x86)\Dislyte\save\gameupgrade.dat

Filesize
1KB

MD5
ee4200f536c20cbe2333b34b8a551ca9

SHA1
de167504375920e845b33f36b84dcb3834ffff06

SHA256
2b2a3cd9382938c9f159421b10cc62e0c88197a01cc4af2061cb3071529385ed

SHA512
af0f4e1fd20e00fda8dcb6884b04f1f837b8912ea34972097f12bbad17d2d1b6c83e12bebba3250cf5aaeab1603bf07c0f6a826fdf44afd5c8f3132da5dde8db

Download Submit
C:\Program Files (x86)\Dislyte\save\launcher.json

Filesize
916B

MD5
e2cf2d18fb91e5511ea4f4f63c712aa5

SHA1
7fa7075a866e96a0f2501443d61000d9de2a83cf

SHA256
8319aab002fcc5eec1f57b165d5c20959507edd843de34fc4a5a24089ee4a6e4

SHA512
92aea7f1707a309e80b455af2f0da5e75537d0df404c5624a9399330f78d9584628fd3ab282b3734a67981352d89fbf68d6d98cd6dfd6d02cbef11ace4862e23

Download Submit
C:\Program Files (x86)\Dislyte\save\stable_info.json

Filesize
31B

MD5
7ee12554395d909ae7af5cafd5f5303d

SHA1
d0a8f3c34a60c1fdfbb5a6c53f9b2fc8ca52e998

SHA256
88fef7f7727da3a206dd01b34fef393decfee4167cc94bd7aadc7015cf5369fb

SHA512
a40f5f96001a43131374cee21e9e2acbc550c98a41a1ab0192a8d3e8f6265bfe47cd95f84f29372219f2a9f364d0096cd24a294d28e4d83e0873fedfdcbe5810

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3877cd6f0db2566bad2da8b057363863

SHA1
775201ecc9266dfebc30f4a10848e5fe5f7027fb

SHA256
70284ae0d2303a85ed9e312476b661ae4435a571293c0d97bca5a74d1b84587a

SHA512
f4f8ab8785b022f0d10441741ee55b7e2ae6e746716084e90b02a35797653acf55b9cdb94d44471ea3fef4d74b33664d253df0d7b3e4a6f7f2b8d023cdfad884

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Cache\Cache_Data\data_1

Filesize
264KB

MD5
46383f129d4da884be012d2321b32d9f

SHA1
311a75c1abc3fc4c140567bd9a86104ce0b5cba5

SHA256
9bd3741e8bb56fa71078f31b04578ba1d614dc7ad8fa8c0921025fe5e33d4a09

SHA512
52a0624301610f33dea97c9e6b127cf127f14c0cf5de4b5cc825392e92b62fff5a28f67a58709c0bfe415054ffed0936f3a621f40cb933122ed125f9c67c7971

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f8b6c6b4c876e156749bbb4b5088f420

SHA1
7228c64efff718a3da054f8ec723a23f4a27dda4

SHA256
cc545a544ab99a55b92a90bfa63f5065cf6ee0e460b9f92cc3e41cd7d1d23636

SHA512
0cbe94ad8336b405d5cce01dd93efc43a614f81e5d57125a4a6949592f9439846d8411566f5f837447b4dff8c5a1168b4878127a4f5789e57ef7392d892d1c97

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
24fa17ad13f221739801a6a971df2594

SHA1
ff1d936520ab6690894106ab19df692194bcde1f

SHA256
f7557e99d2ce4389fb850088626203436c130faac655a19b86699375567c5301

SHA512
e1ac0da0688117ff7e2ee350e84814cd97a589670a8fc440eb629c738f47a0311416c7827697855162e3b9a067a82dc54f17ca09e290e33618d64bb60c415ff8

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
fa1cb77baada15cefeb0f932a718e5ce

SHA1
46ab1207075ce04696124b9b6dd347e909ae18c1

SHA256
f8f8001585d4e8cd1f21a4ab11e8cd019d4f8fb84a683434d202238c9b0c6ffe

SHA512
e35185980e64a9251b7525faf1b96742bdc4c3d26d69aa7a6037497480bd6fbdeb561a4c973e7cf60484670d46892ad7e0f4d81849ad3ad7db09823cd0b9c2bf

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
92bba17757ffa0a91805096be1a961e8

SHA1
c193759f9d9e64ac0cb792a941bf56766ebb1695

SHA256
233b7675d8e28fac44de6391cac43b69fef202965614570dae418e3a55a6a6d4

SHA512
d1243bf16ecaed97c02c896d3087d0d8201f6c82f7937a7769ecfe7eac7948ad63f7683ec999bc38438057060643b9bb9664b49a4c01379909f0a1f89401163c

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\LocalPrefs.json

Filesize
638B

MD5
2018542f09ce079eba8f856281be3e43

SHA1
0ee540e02a21257491375aadc3a6f976af790a83

SHA256
f345b3fb9b8f41123fea95c7d3b0bd2a7707ffe5d02df72da0c6672a24d13bac

SHA512
e4954c5338bbfeb7653c7837459b9435c63eaf9d92461f5640122cbf7f09951b228d0f6b78ce82afcf406a95166474e4d6c4a79e29e5faf2bbe6572d734b2685

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State

Filesize
725B

MD5
04bcbb00486fc49928d19c9d7aa236ab

SHA1
dde775efa68e9c9321774b4d3974618950811818

SHA256
fd9b1b4e083fbcdecc16cf196771f7380e70980f5e677f9f17f783235f28f930

SHA512
6a2ee784efea7b38071f11493c01e4ab25d657df97aabef64e0f995efe2d6673baa618f95960fe8dd85b710483989cdbb9861a5eb60e1a303dc4a8c05d2d0307

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State

Filesize
635B

MD5
93326afabb30754edc737437387ab733

SHA1
edc2e9e870f690e965031acce72a3043141402c0

SHA256
4c66a2b44062983397432aa1781f308d3dd9bfb39446abef5555189dcdd4c4dc

SHA512
6767f99dc4eb421e04f1264c85edb47b2cd95f2c3bd46b44260be3fee3907e6aaca8b76795ed673a59131e0e8a01d4fcec770a40324a8e43c86216fe9835996d

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State

Filesize
725B

MD5
2d8cfa29a562d7e4ad6c36df2547f5b9

SHA1
5f360763909da5fa2d540a7e0192e4a657bff952

SHA256
e9fe7bf358b83cd544cf6d892e6bda9331e1c147e252d51a26fef4ab5aaa5b0c

SHA512
a1dad9d49dfda17cf728759c3a6075475fd5626407d8f63ae2760b935f10c44d961fdd037b41aea78c111b2bf4e6ee0254bca4a8b807ea86fecaad744cacfc46

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State

Filesize
725B

MD5
3b73bda3df6ebdc7770fb74b28573cc3

SHA1
6d579aeaaf3ab4d8238de5f75f6ec3d530be817b

SHA256
613b29acbd5fe1d742b0ca035294cc5dca2079200743ddc8fd62949d66463722

SHA512
4ea2991d13401f16191b448b05f58494a212225c037e2f279cfff9269c1e8b3f31e23cffd3334c9ca73be36794591c8556159afa9a959df60260699a037ceffb

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State

Filesize
725B

MD5
d9557beb7f10dc176c8852adba9fa5ab

SHA1
f2cc4a450e8612f7eba6c30313eaee1838d4aba5

SHA256
792bbbdff284bf4bc03cf15898d86b6a4ca8fa7903adcff44b14cafb1a4c59b5

SHA512
f0ace7e924f2ecd74377c1d05331b23aba03d3a910d0b572a622bbf3b2586e7f5ab9c653248071734648d807ab41b8a378068ebfdc1fb740ed6d2fe15d4bc65c

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\Network Persistent State~RFe5d4d19.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\TransportSecurity

Filesize
370B

MD5
f74732c1a2d8976581ca43f7ed90290c

SHA1
2a46e2908fe84e792a55bfad1d0cdc8f8aaf7f8f

SHA256
50182fbfad665d7256580370cf6db4ba0f9b947e6d73fef0e2765ef37f2715cd

SHA512
9925322b9bcd1f694618b61af2faed77e1d55e22c2dcb505895ed648d6ccd5f4aa43979cf9edc48b7e4129d8a5fcca0924b996a6cac15473dec91dea28aeb80b

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\TransportSecurity

Filesize
370B

MD5
4e12c9ca90c94f5344dc236e63899942

SHA1
ff715584cb5f30a35530afd8d36d4e73888e8ed5

SHA256
c86cc74fc884fcc25334db92cdb86ae102995b593d81e733d0e1b16384398615

SHA512
9316ca12db9c7a43d1ff4ee2cb3b752ca1cf48009508774da869d1f6669768d2256af844dbb0e0c63f553d190ca90f3a8e16a81f595b7ffe995c15a392e7f254

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\TransportSecurity

Filesize
370B

MD5
cd1658dec0c4bbd9acfc3662ddd65fbf

SHA1
5b06bca7927069b76fc036f59f910709b2ab6b03

SHA256
5a7f38bd5602acaf1c7a014f598867eaff8c13a9865f5b9f0ded95d14a0b1697

SHA512
c8e1cc04c96c75aeeea20c7e426360276e0d932047004f862192e75f2eb6d1b02c72d758b052657a902159ca67068e103492b50cea49065ac8a0560dd7230a67

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Network\TransportSecurity

Filesize
370B

MD5
5f3ee2fc147c8ff30db5689cd4d201d0

SHA1
4092c75e8b8516edb3e177fca4ee36a9dc5c86af

SHA256
7b8165a8ad32d8dae9115ee9288261209b3f2dd14436658c4df5427a19786910

SHA512
69ea603f64f7eb962f8aabd849320bb367599918921bbd5f7a06bb2b1209fae8b8f328d28cac68195d992a02775edc7da7a007c3ca374d96407a00f98e6db298

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
54410d72fd3cb2f2a6d397f32dfa1cc6

SHA1
4804be670d9f6f35d01c591dc7c27869df31630e

SHA256
76ed6562dc61b4325c890ac5224ba882fce5bcf7036171c25ac4992d1bf9735d

SHA512
42d37b5d4241eeb7e4dd999f977e128a4168fc5fa1b095f4adb67d7bd5803e2051bc86933510f2f96beb0a4d3717e7a1596ddb9feffc54ab4d171091de9cb539

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
ccdb9cb1c7aa275653cf98fe874de4d7

SHA1
310e9fb15f486978b34051fc19787967e5299083

SHA256
0ac1dbd8d1135b22101a27f82b346b5c0667f265276cdfb51c5df9c1f4d26c3c

SHA512
f96b73eea7e7784dd9d610ead504433354fdc5eeaae5fb561f8e6325ea8c7cc4accdda1cd13ff8d12486840c94ce3da07148c7575eb059ca36c795ed2af15741

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
fc11698fdef9e3101f7cecad383f2008

SHA1
a49e201d32fed2a2ce95b768c670ec33ba820466

SHA256
49df97c342f1017cd713221c31341e41d8a37322a29d94af4f9b335415ce2654

SHA512
52777a7a28f29bb8585962ef093a5cf46de4f7e055f862ebd8872dc90feb00b6766d1529b5f0b7a90aba269487ffbf0d4d99dfe9f07ff1df75611ebb31102827

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
c65cae80118e66b0d6ba9ee3764b2433

SHA1
be6edacacfc08469fe5eba20e5aba97e78c02cb2

SHA256
a1c41705f25f5c3dd55906bad8b38567e2b0d96388c0e7c06a16bb874b53fcd6

SHA512
a1fb28fe1cf68c4bee74aa903a5db19170843aafb52a0c5f7b7850de91b5a55b7c0497ae9883b6394f35b45574dbe3fe1c1890bfd1960e1f8c07a4fcb950673d

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
0e7f28e4f8c12eb449c7c96d8073fee2

SHA1
faae1e291979802a4df9b7fcd36175c727f477b7

SHA256
7e4ca2815e3f2a1d79d741932f062f4b4ae1da49e381f0b9a1205dcaf792ee19

SHA512
5f6f6efc175078a5dca252863597bdc82d48fe66ed026062cd9dd82f72054f0d536929befc8b1cb8d442cbee2462c11e1287cc6eb8b0473efad8440e59325362

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index

Filesize
72B

MD5
373869fc6e6d1ca448a96e2f6e0e8ca9

SHA1
784b85b44f15b41cdb9cee4f56ab1c4dd2c6e306

SHA256
16efa8467a63ffc936b9074eac013403a0b61455a7e33fd828e4130687b1fde9

SHA512
8daf34a11bab4c7f93fccd0fcf4f5c07c7b316a75fd3b921f3875213d8d0c96fde8e7fa32e88ab737c88ae83b360caac95d14ee5599290c15d5f8d6050b6542f

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\07141b28-fb1d-45f5-864c-e5efa284e1a3\index-dir\the-real-index~RFe5dc660.TMP

Filesize
48B

MD5
d4f512e2d4cf9de4610ae139689572bd

SHA1
c56bacad19ad9f59c46870b9b37a59c0ddc87090

SHA256
0afb85cd597c7881a696e867f50c3db757f9eb985ac59601d824e0d89508cfcc

SHA512
76f18e893114c644314e9d0f3d82feea8128ef39646c9696748dbada6344917061057a35c5103a1dfd57f20c2fc471fea7393a24c364ab18cc6dcf414ccf415f

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\08ca66d6aae4caec_0

Filesize
12KB

MD5
f2a1409364334299eeb2abc190f844c3

SHA1
10397b1dc53b191ff83ac13c82f1aa69f5b50f76

SHA256
0827f01a838510ec221f4e605aac4c4ff3f8158bffd5c9968b2b7665c6363dd3

SHA512
57ab614ad97a0eb49fb97d02b16c9de4c58948f5e28a1a7cbd4b8aa8e22b2b2a421f4220d90f9b5f4f4e3ccf8ea5b10dc9a88439c60349002ee5235271570351

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\2335e802adf10860_0

Filesize
18KB

MD5
f42b8ca2c5988dbc4b158d40318125f2

SHA1
a3e1c957012e2ef21d29735e40f64d26e31f8c5b

SHA256
11c419d29cae8165d35b90f4238c042527856860881e672fa56c623758fa26ad

SHA512
7ccc951f135e358e59b8bc9f832464297194510f6bed75d2a0d258bc67ba938a7348d8b60ed267cd8d64de0dc23b0b69be46f43b50a4e05918e897571383d1c8

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\30a77ac98d8f83fe_0

Filesize
42KB

MD5
601c88112a442bb73e422c84cfe37242

SHA1
825de19fcaa1b7ddf1730ccb7f21071686c0fa30

SHA256
6672ce1f7d4bb3317210d6cea37ea0393a213d0a60d0df5a469a3fa940e83d94

SHA512
a2195a4c0c1cd5407dbd21f12a60f96b704ff5f2dd6c165af0f0d488086e8faf656c70110559be28fa19a07684e5e60476e27dda1452cd3c0d36af3a0d8a4735

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\31469f82fd02957f_0

Filesize
28KB

MD5
6df6f8980d583b9f7b3f710642919f0b

SHA1
21885924f6f4708fc29e9e44bf50e08a361437db

SHA256
96619ea51080593c13e02ba244082e5e389c8af8d47ef20feacf7a9605d55975

SHA512
53afd39eb062bbea0fbfe1ec9e7c47ec38cd4feaeae1693b91d24e694f065a451d899185d6a20d25eca2470921a89337008af272460694adf6e7d9ddd4f60526

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\5adf45fb0858196f_0

Filesize
46KB

MD5
1c437a334be708067727b7140ac143ec

SHA1
8ddccc79314c84d291ee73895d352dfabab86524

SHA256
02262e6cc997aa442a3d40220169a328f2eae97b3ec241886b0fed4adc65bb51

SHA512
c4f5bea0bab551ec3cad63403c93abb5f4cc8f1eab7db88b9512ca75d910f4b662d8b6c2a427020ce0c3da4eee3a0fbed11785d6caa26887cc3ec50b83b46828

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\624bccb449ae3c59_0

Filesize
15KB

MD5
95f5d8f865064d35e1b9fdb51d4dbd51

SHA1
e54854a52aaf62cc9b0577e5c9179b3436383684

SHA256
7434ea7cb31e9e87d962325d26befcf8a24c47f81da85917b30277b503a17659

SHA512
08a8e62e667802de66f2fd28223c4d7c2a4823f656d2086bfdcd7d159938027284e0dc175abc9a55bd48ad82da49bfb5545424814544756ce7c93ea1737a3f68

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\6444ce5e4a149924_0

Filesize
16KB

MD5
21d9f8fc7a2b97244e9e057aca85ac06

SHA1
f09d2b148085fbe3b7c3c0b562b1c1b44d81aa36

SHA256
b982df5f280d07faa4c2eab97762ed7770afec370ede6c8efd02fc1a0f8b7ce9

SHA512
018c34fff06f800cadae139e367124b813bde2caf8068e877eda2c03443cf76b006a242d47b6b9306b8c955b915fa51d716d783f5b8fdc36cb1457d39b362b23

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\9d8ba9404f35ac42_0

Filesize
9KB

MD5
54d926b60df2481287d99b6aeae692ac

SHA1
3913aa2a1357f4b8bab892c84f5583892373496f

SHA256
371ae4ae009a5605981412f52660c6c68ddb1f5a994485bacf4c0f45f4d78c97

SHA512
e0a371e3c602185913570aea051fa6e16f3c105a7ada5e5b25ef06b397abb0006d46fc7f5f291ee58ee3ac432dfc5a3b4608fd4037279c87de5060c5ddc86b34

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\c33adf0f48bdbf35_0

Filesize
846KB

MD5
93806a08e87f1fa07566fec7dd62cd05

SHA1
11afca6995ce44f330283ce9ca921797623f61fd

SHA256
3ff8b6384d31ae1e2e97d9c1d601fb1561001b64d480d8f04ff7db6e9137363c

SHA512
0f647f04c6f77277efe1af97a259350629ba714b2fbd1eb98802b123e376e5b5a34a12afa6292928a4abbb71e99fdd74bedf3606c9d8d3d5bb790162451477cd

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\ca7049531374351b_0

Filesize
17KB

MD5
03cc721c63d97bb8451aae14b009dd2d

SHA1
88b1fac5ba68020bd02d7a9b03a24e7774c68b1a

SHA256
da4f911e6f1381fad76c0fc3b2dc10adc4e5edde62d527d82065e5109c472115

SHA512
d3244a0a0459582222deffa446039656e19502c18996aa39b2485251c382a7c79bc1bd739e3885051fce98bd313c62c47a5eeaad4b65e23398452868771ce078

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\d10a8deadc83f24b_0

Filesize
7KB

MD5
fe5ab637c1b5389aac2e1037fa8e83bd

SHA1
bb5cbee8a096f85ce2c52eabdbf107b6a75bd20b

SHA256
08787c08363694d02864fa8d293e88c4602de4dba55fa9b58eff8a0dfed3290c

SHA512
250efb0147916f1eb7ba15b9c916cd0e406cf4829b4da7dc2c813cb8bf5882cb6148cd97b518a6a11d571cda6ecd164978404cd99e395a93d0990131b521cba4

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\d472610c3cedda83_0

Filesize
11KB

MD5
87d3f5dd3b02cf1ea6a9251c0a267099

SHA1
d46195376e9be2d1a90b3fe9e46d2d776e30daf7

SHA256
17f96bb3fbe03e4c4007b92584f04cae9812dd1769b54992dbbc5cf9656ed460

SHA512
5d73b6eb1659227eb96467ec9502ad3b423b295e25bf1370aec18155c647e220dd6e52a997b47235c7c14b13a37ac7f8e4a665fa10e52d32bff1d5605664c7e4

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\d87d2ac68a6d3b01_0

Filesize
62KB

MD5
d9301be3ebbbdfd9786ea959ebe45564

SHA1
ea835ae3bbfc75061213b5a5a7e8b4ea46b2e614

SHA256
89c6d8850e41672ab7b0b0e3461329fcdcfe98be2f3aa01af309fbfe42b04a41

SHA512
7440f90f20e5e51c1aea5e6c6f22909386e9aed7f8ca0a52c21884b6a90db8820fb11dd5e6d2508b2b4ef39f8b356aa68d1180fc3dbabbf3d8e0ba7cc679384e

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\f36625529100e637_0

Filesize
15KB

MD5
f5b341bedc2bb2febc8376ab60c08a6f

SHA1
69948e77d89b544b41b0aab49d37b6b85eeb614f

SHA256
ce6772c5f8add8521fc1ebf3e2e7f66a6989f36b924a9ce1faac71c41e7104cd

SHA512
8d8155c7ee8bb636dd40ee2b92aeac3e5e087d497449bb85a49d268969c1074331d25b85a62fe84b1892cd85e2f5c75f851ace7f3203f5be8cdca7cb0c976049

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\f8b707ac5ada6e04_0

Filesize
154KB

MD5
ab57bf48e4602f77bf1be28dc18a7170

SHA1
f49819539d2e8262af73a17b2ff70d2d6679d389

SHA256
f045ee143fa53a69dc0ba4c6281d5df2551b52df84d5beb420c87f4008b7afc6

SHA512
58e761158b9a6f9f0e6f5dee91167efbd7af8b465008de3cff342fac48971f36083eae044206c18033ed9363a69ec778d3de6d62f61cacf967ee3fc95ebf4b17

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
301b5aacf507452fd3951bdfe9c988bd

SHA1
89bffaecc238241c26594ee7407e59fdecd2afef

SHA256
dcfff115f031633d2613938780221e8c80cf704f3c352e3bcae50081d3c74725

SHA512
55cb38187e578068ec52604e2a74587e3c8cba4443de70e42be0eec9f6a8a6eddff1db50b8cd65ccf2bdb94b647a1abe41b24c6ec10c5593350d2475910b960b

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
ff93bdd2227ff3e4e0bbec88b5065de2

SHA1
7ddd8de581903a68be208bd4cadfce022d839a6f

SHA256
39aeba7e1d865c06c98a9caf76a7eb66167e729ba791bfc61845c105a5ed0aab

SHA512
670d8dbf83a3c5031d680a334d9e88b94e07e33ab83e7123998516585f47f67fb6b69701504d842ae9ed50532df782b786edd6e7e0cd45f9a9d8c7a069c4c247

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
96a4cde6a50380121d2e1ba5c4146287

SHA1
1ff96c60d1e1370b96626e841593c0e2a9657e5d

SHA256
1ff11199c1c5a7fcfe7869c557e2f8844bda38e40a76b563131dcf742687d953

SHA512
c48c9611bee9b0680e7acd28d44c36f3c5ea31dd50768fbcadf0253b724c4b14aa54f03d05c9c9d9906a024fdc122db970ed1374cde73321fbd743e643f8573f

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
b7733414c26c5a953f5375d8c76495bd

SHA1
7fb95f522345ee65744840fac1b62350f251bbf3

SHA256
22d9015d790bad5cad8fbf1aca88e3a59b0030cded1f8acae3da93325a623c9b

SHA512
3c65f9809e7e017d0f0c6a7e6243374f997040192b17bccd295cb5ea6880ec68a693a73c7909d6680ccae4e8e6e0f99421b3115a13141028e7939db91af4a295

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
2e2720c513e0ba61831ea51c6205fbc5

SHA1
fbc29bd107d86aa6864930c6b5c9c4285d156011

SHA256
7c397937ed2341099a46aae51c09c12e31181f8c5a4ee4516b1020abce99c3de

SHA512
0828398c2cee57c0b5f94fdaa2b945c0e0dac58f4b03f0a27cd6be5219cc5e9111d33ed9b9ea324eade1814067e736865dee3d516fb238b9038e9c50b054c3c6

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index

Filesize
408B

MD5
0e03d06e18b4827922aa4e37935eb5c2

SHA1
7304b164677963a93612b46d4dce37a0172d7d21

SHA256
1eac22c578ea2888e7da014ca60236478f28b30f67c11280717206d3b31a85b3

SHA512
131f661d71f93ae115bc7a56df0e287749205af9f406058059638e0572b56b85eaf18184c8a28784cf90c3bab5dddc914c318ef0b6ab53701db2b5c569e758d1

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\d6b7927e-98c2-4425-b02a-d2e19d8df98b\index-dir\the-real-index~RFe5dc883.TMP

Filesize
48B

MD5
df175ccca2f6da6d8c8f470dda9673b7

SHA1
f4b101341a63da743095ed579e995a024baec1b4

SHA256
dc11d3cd675c6283784a8c8ac0b25b0aeb5d6fab768ada45fb3a90dc2ead9eba

SHA512
09e784f0dcff965e2c4923cd52b18f18eec16a557fc8ab444941a48d3ca21e76b34ca151d47a1c4fbeea64042f16c899ca16248148638abf78bc3afbe3b70ec3

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
bfb19f4e3ce70d4cd7613a8adcad5ba1

SHA1
5dae2501becc875959e757656741b001481b5f41

SHA256
e1f1f1a02645f7be93a008b1869c74ebd54c87645f82d62d2a1f52796bac17b9

SHA512
c8a7facb15e1d25c1a44031120d4331ff03326bd4ccafd3ea5bb8de44c2d47f35057e35230322835f92fd314b86988c56e9e6c98b09e308d52234cb91609449f

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
5be2cfc77a7a697845866d795b0672e9

SHA1
de657aef3fc68a3627e713a4f767776a46754ece

SHA256
10d7535ff51979e261cb4de79759729cdc7fdcd1132c7c74e5e8a2e03bfc13cc

SHA512
87a954117788503c046d50870bfffe0bdeb8a93f3bbe9d04a82f80870300581e69d4b46194d5ae456e82c2ce4742714581a74f09a65d5531b133a46723207a58

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
a7bb353fd32355352cdd44479ed5eb55

SHA1
6c51a663486d148ab3fffdb7bb3ba645aec27d55

SHA256
3000b17ee40b5292a3e2bc1a228fde0907b39b3ea709c948ae547e9a2764eb06

SHA512
8f2be95332cb8a1bb37fe09ba50592194fd783a71c6f61e8f3d0724e4ae98ce4f08aebdc365e43f5048d9dfc05fd9011c1c7e1e1c29cfed9d078b8409a1ce283

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
79999f99986e2a2b3104474477d9961b

SHA1
bf205f8ed6054f08e6866f6e92e98d715267624b

SHA256
28e59a26828545720007e5e06fc75b84ae83cbf4888196379fd482c71fb19fb8

SHA512
84b2f977b7e621bfc0b3f8b70d031b7f1f4f34ce5baf050167b4e3d1e96201c0bca2a2bd297b621f97c929b3b04eedf3b95936bfccfe5fdefa85d395b824fb94

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
25cd2488cfa98d3a256cda1bae446f85

SHA1
c8088a85ae440c90910caf25f063f3652ea2d01f

SHA256
be999caf086e64c50ee7e64ec326ab0e03ed0d6c45d93aae05770a616be71de7

SHA512
55858b8ea64488a094f53eb84ea136c4daae69b6d4ee003625f9ab62f8b9bc9a51195e71f73c3a6a66a7e2dde102f37617601fc92a7e133823a6ad64faea1f5d

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index

Filesize
144B

MD5
1fa6717721ab5daa28f19064e29245ec

SHA1
60dc6ac4ef2c15782f759a2486ea89a361fe0350

SHA256
02281ee8b484912db82b37a11bfe72f6909960c19876a3ebf2a938d7ed4e5f55

SHA512
cfe9977d1728b22d85aa9d64838a47834cdb1b838abdc426cac5107bbdb40c315d38348a75de8bd5a8e6b8e364ada5bb25404c22c54fd0872ba8cb207f7ca94a

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\f2242058-599c-4500-8fdb-8898dbeba9a0\index-dir\the-real-index~RFe5dc815.TMP

Filesize
48B

MD5
0cd5e094a386e2828da72436f7594280

SHA1
89d75351bc02506fffb85b754c6cf41f9b9fb504

SHA256
0437c7052814efec819b8ca5665e19e934c1627c7c2c8ec68959fb061e6cb3d8

SHA512
e600db1499b028600579e7a7a11849cb1d7f09a335d6e964bdc6051b8064233cec98e37e46013c2500a98aabbd84cd682aa9cd093bf6c0fdc9162759fde22ff7

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
241B

MD5
c89450437ec2ee193d6a384969ca8166

SHA1
6da4998130204e63e990275ef3bd1ecf33eed628

SHA256
eac807094fafb3ae01b1e0324d02127627ada7534d803fa6766a510e3531f7d2

SHA512
e39b25c823c2e7318d8fefca84da4eb6d6716bb4815e8e6496d86a51c536f56f5d466043defe3476490d69894dcd9db08d5d94d66ed11da3c9e801b44b7da49e

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
174B

MD5
558ec518a8e56df0e1a86997c6d72de4

SHA1
12816585907adb97027cb25ab60e4e86343252d0

SHA256
87aa73844a92f50d15fb90d573e95259239ba71ca4d52f917ecb7fec7caea60e

SHA512
ab829cacaab6597c6605217056323dc0bd39b425f7f557bdbabd77d08eed7984d7fe1ffdf153fee6880978c03db674db971762c70534161daa9f6da7c71c81e2

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
238B

MD5
eced39bdc70a3a96ce627b37d2f9aa42

SHA1
c94f862d5fa5b003f2d84fced9f6438faa1df0c6

SHA256
c8aee1b59cc3dbed22d4a055259fb40a390c7469cfc857caad884e1369f4f6ec

SHA512
6cabc1ee147243f4e227d5c2787b5696b3c31dba4226d3bc933c1c941cbecdc89870f24fc008d1494c02efd673075f06f3350554bab1f3c1c99477e2189cb9db

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
241B

MD5
8fed609acef382e4ad151fc57c03f035

SHA1
3a891f0cff2613ecd98ab69d3b74e68be2846d49

SHA256
712aaa6399c888d9539addaf92253d8e092ae3aa6f7d3ab3f181b0686eeab59a

SHA512
b14215392cd70d03a926651fc907ab62167b3fdb0618644ab9aab255968c546bbf717907fde38dcb4bce23c3c061d0e7b31d916ced1ee48e1cf21753f8a67321

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
241B

MD5
08ceb491c107da41f2f3b27d64370880

SHA1
0d85665d17d577707a79beb39bba4bd6b997d6c5

SHA256
a4af6b5d138bdbb015474c902aa8b1d3bb06351be88fe4e2de29ce20da019f1f

SHA512
3241cad05a8b382808a869851f0c6adad5ff57cb6b51fe6adde9d9fca4ea82524b8aa15ccbdd2d80fdc0c2128da634c2aa2426494ab178d315a1668b83b5017a

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt

Filesize
241B

MD5
9a074372ff73f44be3bfb38246ca16d3

SHA1
e37979f649dc6176b60c437515220fa1a14c86a5

SHA256
3e7d503b50059b91191778bc934ff902d7df742bfc7a7941a6636c2e1e80146b

SHA512
9f4df14c4d10bb3628b8705515cbd586d5aa3b6d8f33b4eac8da0a8ca75141e70e8e05554e7d081517540bd2ac18511c7a4b285669b9fbd48a7db8a3fcaa939c

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\CacheStorage\20dc0036495044e0a9bd4df2c6985329caee0d05\index.txt~RFe5d786f.TMP

Filesize
108B

MD5
937914baf33e97164cd9e7e8ccca7286

SHA1
887eeffb78c63106aa5fd1397e28fdf71ed0613f

SHA256
468f247233fe9d9056ad6d3974c771693b68cf7693c92453b2c1caa7102aacf8

SHA512
f7056f2be713080d8b8c15a599483c0c4c1b7d943344fb91ef8e3aedbe708dff6071e2802c8f6836c35b60e89f2c597ae1bc31d1b22fa832729f3a0b4a65e63f

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
774c81398e6c57527da9b30121616a49

SHA1
5b1ff724d5c271942cb4a807319f934e2324bc3e

SHA256
ce3cafb5724e2e849ac3498e7f7ffef9c692b1aa343965fd21b261467c3725fe

SHA512
2aa8bd818ef3450e47abc9958226662e4f998fe11b2bd464ded4c7b6fde4b41bb1f830b75d5a61356668ee51f71b93b523137cab32244cf74e9ae05faf9bef67

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d1d7d.TMP

Filesize
48B

MD5
376d2986bec5144f885fc1bd2654cdfc

SHA1
c26152f76d7e707236bf3537ea11134f41bd1b14

SHA256
d09bf011b43471c59693165c4224e9a51e108f26d997ed0772a9edae635b42d5

SHA512
28b2f5832d7408f32ed12191f2cdaef2f4e88e6b1eabac93962c21ba6d799ac72df6b884da1c51fc9eb85d25c9f7eb805f8300dc38dc038ff4783f3d83e4e753

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\.limpc\prodaafe93cfce5a7c038173706b99dd\cache\limpcbrowser.log

Filesize
4KB

MD5
254ff6ed8d51914a38288fa8e905ed34

SHA1
c64e54e9757498795aa7c70051d1f886eae33d71

SHA256
a1ff87d8ccf15b80e8be02368d07b2322e36e7bcb39e05527ca681399195eae2

SHA512
ec94bef6a5e2d4d7e4a96faf5c4ce348416f7ffd1e0bacc78767a56eea30431c1b2ed7f586f93c52f9c22be34ffe3d9f063d7e80c1c1f99888462f63e129a9fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a464945321bf3c4abad6260f0fef3dd

SHA1
3449b1e9330bec89fbd79e852017e6f37e6a68e5

SHA256
372d8b87f15c565cd62470392a49e7adc3746a8e44da53977f18796924a9d35a

SHA512
250760f2d9ad6b2205af86854b0460f3daaa387d82621d1c9316af5512617ab4f149b5b19649b59f68758e49222165d4ad716b1c1c94e80cdc13349d3c46bfad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
55598db3dc40b52ef5937f295fe3372a

SHA1
4ca25d612f4759ed48f166df42e42e0b9be44819

SHA256
780a259ce0e385d50d83d2335dae08af681fc49ef9b0f3f0727d5ca8ba992cc0

SHA512
8f6a05691a334351ea534671619606f244bdfa761b20f4c42f60fe8378b56d1155af0a612f3dfcfe9ebe96ee1edd97fcfb3062113eafa57e2d4349ea9a360c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23176d058283c002dab12c54075f9cce

SHA1
772300eb8fd89e37572c233420961db17a63aae9

SHA256
0e5d477b2a22b57ca7c0c7b49895b68efbb652f5559b660626400cab372815c1

SHA512
3de3bc63933b2937b299abbb0948482727c92e1193a009c01daeb61d0f3909153a8b8bf61def0dfe862917afc50616a336c4356bf32fe3e2f349d1b2e446d117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e17d4c3-c22d-4a07-ae77-ebfb2899bae4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e8dea1b7ef44e754e5c434170561b437

SHA1
3aba90986e3f6180c079abc83f5dbd12a2b09042

SHA256
2e667a8305e0dd74aa410f3e96b10d36255dd6b94a6c509fd51900a3fb429e6e

SHA512
2502db1f8f367726a872d51a0a0b70255ef70ffcba3f24f038343d94da48d9765f8b02b7aad60c478751fa1b3f90ecfde04850dc5595e1bb5a85bac720e1d934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
ac990b536c3ae5027f894058360901ce

SHA1
ee860270b203911d62022d5b3c7c89054b5c26b7

SHA256
f4dbd7ac264a83f69af57b89242d7f77da05972416836eda9bdecad549138a54

SHA512
57ea332a2670493a8fbf97350876fae4abc7aaa33761d2201bec5333512538f6484152768a8d85a87ac428fce9984ea76d993b0224fa6f55a479a74173f51003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
1e29023ac86121858ad61bd001e15c1a

SHA1
fe200bedd7cdc869b94bbfb348cef4f8c8f045de

SHA256
c5d3dafd75236fa3be4a8d3b31383149b4c2a53d4488e0f9f2091d5358badb84

SHA512
82552aa1f4b099754f16703f22270d4ddfc554a59ad9489c21135e4c2f367f16d65314eb5d9cdf67c6e6e74567999259a802f2c7bc4b8dc15d8d0a25bfb73367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6e1b177c1073d33afe35d25866784ff2

SHA1
4f96678aa7b3a50e0e01aac669f0d1957c6100f7

SHA256
369a295448c44185b6509cac8c7b357460a17b4878dfbf1f235f6bced28fc587

SHA512
429953f0e1a3b94da85804a3630568d195153cbc57337185e8992c470f688c60d156853f1e26ba0a057c5bcaed6195b818f1eea68cfb43827bb2a0916bff46d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3e0ca345c9f3cf8b13861a17f08f41b

SHA1
69bf8b0ed1f1526fd73ee52544d254d599d791d2

SHA256
f0e79ec08ff208c38b4401c74f997348e6ee8a82202732a1b818d834543db709

SHA512
f953068bd93e8f92cd34e377cbcde7abf322753c1e8872cd8eabd3667f1ff96f98b6cfb750e1ac13b5ca952d134c4417664977b9817604a662d8356354561da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
157fe3f6ff96d545d646fdd6b5c70633

SHA1
fdb5d4ee2b588433dad0372887b643707653a235

SHA256
d014f47c1f0069901e0431aa2df1cbbbc0539e02018c3d0841f0e803fde589be

SHA512
7ce45ced95949512ff61cec6a2b626f2009851f532aa875a43bdc518de66544523b2f9b810f6e76d4ad907aebc3fedf91e90c950e58b3706dcdadb3c508fe5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
27cb8347edc8242d91ffe06ae56536b0

SHA1
b104389fa69dbc52a34267c0df26f6dc7b5062dc

SHA256
2fcc0f6f4a30b5f0904bdec7bd5cf7b5c4a1fd7361ec838df4dc88b9b4644e9e

SHA512
c504137e16edab5f76f41812abdf6423abd167714d182d53582351d234443a776179fe2ece32b8d3bb018db997f639c11671c1592ea8d293f4c2929145f9953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
55ce48ee9c1941c1ccf34ded6305437e

SHA1
2299e74238549f99afdb9bd208be86680c297bac

SHA256
e4c7bfe722835054ec2bcba6495369ed01cf3c8b558b3da4f4c64bb4a394d200

SHA512
51450a0653b137a145060d4ff6f6249f8bc0a7a5a1a0e374211333e4c2d2e1995043cff102da08d5616e95e19ef65737e5ec7d712c73a96292bf073433c416db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c8f04036b72d3b51de63ee9f16497fc

SHA1
511a31b11e4bbb6cd012524b4135c0aa72a5b8aa

SHA256
057adca97feab40a404ddad82b112dc5cdd634df39e72c67e22d31f1e4082523

SHA512
fbed37fbf0556378518b49f80deeea3cd23ce2026f1343c97cafbfa9955909c8d97872e034544fb9a37d93b0bbd4ca2e1f6281c20a4b9535722f205882f39d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29b9be6c79d515080500acc74e05c790

SHA1
b7d5e3c0b1bda1a90883496fa2c3e13c282227fd

SHA256
87d641e6e43c9a5deafce4ea47b1d2b83ee0fd49ad69aed08e5217390b72db4d

SHA512
f291aba0186c72e71aee0efa99dc58f5d3828ce3877824b5424d3ae09492d07cb106693d74b4fc647d5d9f96066799d63701f6175ecb1d98ae45a680da578b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
faebb48109230e82878aed4bdcb29aa7

SHA1
1f89da5b7390dc8c283fbaa0a57c38cf7e6f10ac

SHA256
34d3c2c21c3cd27529dad33948654075e47dea0536adb7fdd0b5944bb72f7e7f

SHA512
48db6fb141d232434c2cb4d3ada0de90574ef2774de7a0cb561506c91f8c3dae85bd5e99fb5969ebd7e83dd6a5dbd7dd8547b9a964509d538c4ed8aef0a14b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a62a816428e52de3505dd051e12ff5af

SHA1
2f4d612d39a8bc254c6559c4121aa9398deb29dd

SHA256
29370a7cb63b69e19d098b2d19f7f150f80a6ee634730b47164ad97f99df0c15

SHA512
1f51fbe62e084002115d64a4b1d661f5251719b59b2c8b65853751253c39004882827b4d4fd9a849344f883ce7e81a12e917a12eaa802b6124ec2523e85fa2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae7250b81a3a019af19c4097f80309c0

SHA1
5f4463c040b30d93e004b58669d79df4893419dd

SHA256
2c358e7d1266b26cffe9306f805ff5450809c9c281bccc12ea806319cb0392f7

SHA512
af6c2c935a387ea01129a71b7317646173f8067fb15546be1668ea3221f9302547cf0dd6609e2fc73361434866132502e4257c286a5cd376eccb49e05b5ceec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea8e45b2af48e6589b70ac1e368fa7c5

SHA1
4026a7614baf2338492077c07a408d52dc2d67f7

SHA256
26c42dafa4e7f4c24645ff83535b629d1d042e7654825dc0e18811216cef19f1

SHA512
fd4109599bedb37d5b470a3f881830e38908cb1deec4e4586c3562782f20c1f9f0ac5eedf34e4825c6cb76764894910dee3d4e7a6743a04f7d64ac4fe829e4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93a4e6db1ca5f39772722d3559afcd87

SHA1
b82968b2a1fa0bfc194920231cdeacb5b673125a

SHA256
ae8366c3fec1a2e20b80826c1937f691fef22b4fdbad50d87c4a7ff4d1dc8669

SHA512
99e7e65d61eabd245cb8ea50c8711ef598d1bb100fbb4cd55bca9781b8e97bbd15aea97d20e402ba112a283e6c96cec9a04be118663bddede2699f029fdd2be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfe94525a134804266e0f931f10daa88

SHA1
94600ffe0e23d592f1c0c46418a50115522873ab

SHA256
f676a7f38d7a2865f721fce51ad2e106e3c054711faf816c39be4cbadbce215d

SHA512
970f21025ae67858290e0a2b229612662d1be8e3d251924f372937cacf3784e5b4938dc8ee22e3aad3d36223e3f3906a6b686e75ce22e1fb8af53bde8adb74fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca803166b209ab89de4fbf127e052e05

SHA1
d1505f1ad3ebc9ca75653b7b044681dee5b61af4

SHA256
1e248f8fa2266f8ea2ab2538300791239ebddf3d3d5db3771ad3849d1d1ed83e

SHA512
7823541352f10abde8cae7fd51599dfcee6cfaa39ec194d356b03c41071adb9e302c006b4daf4e6682557c02d43a875cfcf73e236704eb53ec4eae8b6e87f94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aae1ebdfcd103594cbb23752b6293c09

SHA1
817d77b64bd458b09a5267dcb40bbc39a5535749

SHA256
986a1092eea1f6bfb5ab78b2666995adbbae16521d5b5c5b2ac014d84ecbf6db

SHA512
d766d7d7712ab2dbafdecf062ae35bfe0593ea06fac29daa4b809dd4a748f82327a1fd218284f466214891b344f361a2f1fb7697595911ca665ac24ef26f9769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77d3fac38bb3a5dd0d3fb4ca6ab019f9

SHA1
f5050eef49491d53a2feb641309ebd9ac8af5992

SHA256
33b228147d5219c3b70551effe99d98a4c242178a0ab8643f263fd64e5a87330

SHA512
7cc9c8c4824a0e43f2a2e641390902870491eb457b6b66d8440c2aca6c9fe82dc236868bbdeac52fe84980f341f9f966d782449627419999086ca986ffbaf529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b82c41d3691b556be0ed618e67ff4361

SHA1
6bde250b8b4f94a1031d5784fcce146d8a49ea8b

SHA256
8d98c20d9d71a995a314cce30d32a0f88decd8dc1a4f9e988e2602a58866ecdc

SHA512
e3570d9d5cfc0bc3376ef8715142ade2f5ee90a3d2ccf93960826bebe1eaaa2bfd30dac1799565ce016fd4af62faf2ac1fad6e076b50daf30416a424e471a6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
ae24d166d8d13c4925a7480bd8371a72

SHA1
27aa04b33f8b0f90f106e8566e581ce339b11ceb

SHA256
548cf909cc3211c33e623434e670dafb739ade372588fe3324a594f57255a0ab

SHA512
d1e0912bc46603dae21e577214db1e7314122bdc742b61d4def6ce2e8c69ded8a5944e93d2039b1a22b7bf7d0d9ab33a76b957b1d33ee1d5c08020db4853bc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
0ec3ffd11cbfbc6f54fcf5c95fc5e95b

SHA1
fa9d4ba5bed61085c37b311874409e1188488b97

SHA256
e8d87f92d712450c0b7d438359588208c7781c256d965603df9a97fc9a8c2300

SHA512
94f44d4f3585882d949b5f99ac229bfb3d3c012ad872d8ced242701ffd932a5611fef82a9f751a476813a74bf1bb417561f47bf3436871331a76c3da246ff23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
1237833b34989a6626c779e0f8abf115

SHA1
552dabfd27587dc15c53f1e9c41ff0e803f1f234

SHA256
57535ef45767a406408f294164524dc1b22c4fac1a7ebab677e647826852ff5a

SHA512
1ece25690a99fa6b59592c4167e561be38d9411de8f8de14b6c53e0c8d9db7248c3331a1e4f7563b2fce8f07ea6cebade1170671284b837a536b9919b3921eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
c86fb8c3703895cb7e0b2b156c492b62

SHA1
c3c161ddafef8c6f4a3be140a972cc36df3af530

SHA256
c2677fc307fd71226016ec719b72c6e57d83e88c69937e817b236831dd2aee07

SHA512
e68eb0696a46f9944a00e5d04bdd289ec0c8f36185a594bf11d5632441d16198886e224a0f635b1161ae61f52c9c8a2cea950da0202bec473509568b5c8abd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd2cc3a9c60454f4d776bc5d55f837a6

SHA1
7acd59588999eb95689b79c2095adfd29ef70f9d

SHA256
a576434f3a7d7f6c50a5a474b27579cbc2bcf8659ca59f1fe55a73fa337b633c

SHA512
d58824ad9a4a988da6e83ecb90daaa6532af9e3aba3a9ed86f674440bf001b5afa3d8f7208c7d0df6e657cc1cb651cf48e80fa9a764dbfb30cf0d212be9963a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
733b15b800bb16ba009b3b09952f99d1

SHA1
af20205fc69b6c17308e993d1a638038a3e95496

SHA256
8f0f71af4754bb5236806e9973fe1b58d298a6b429689d2ff252a073fde32604

SHA512
506bcffd92d5f42f381907a740a797251b6746fae9d7d435b6729d8ef26a16d46354c54b6f2cbbb0bd428eff49712dbe35f97f074f9941df3d7885c898839214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6839b7242818ef0d3a7f7ec16a214c3b

SHA1
c88c6eb1ab62dec4d538f7c87f4e083a52e6f258

SHA256
d652e9168ff4a6b341a3fce58bb7e2e2e7e6c392cb51466adc23b099bfb806e1

SHA512
d578f5e3897300e017233038a198dbf7467c61d08b45ee664fea0c6d7edfc9a8437cdb837d689dcfe9fc5a4ef7dbe79f9ad539306e052fe0664afae389d32d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54c694c7bc7c4fe457c98cb568635bea

SHA1
3a73baba09f8f129d4e6e738e1021201ef6ec184

SHA256
7bf82b037e733417ac34edabbd0fe78f007a8e0bae599dface68df990fe2421d

SHA512
e7aff521677cf074acda106cf52f039c57c394ee7225183c4d19a7641e6768ab50f0d13faf77a310bc2c0e6d9e9a2197ec2b298ab80190656d8817a5b94096a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
79495069ef687c4769e959fa4fdf078d

SHA1
0a31ce65f8dabe7e2bed46c75b593a2578b22379

SHA256
3679376005be7e6c1f58088e0afbb5754b3b575471492bcebe42dbf25864d7a2

SHA512
d026009365cf06a204be07ac48f92b00580c2a4f715be7c801bb4bf33d2429a707cc3ef5fa87dad2aff58ef2003f9ba49d3ca474d5dbceada56dbe8bbdbe9a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
373068474d03bc90aa8a2f8c0b8744a4

SHA1
608501f563c8444de542a53af5194f9de80c7c42

SHA256
19c6147282a79a4861a766e01a54eaa50306e2e03d0e60a2cac0b02db9e10a40

SHA512
5ced82be4643e73518421f6f48ae12164963bc03085d3461a1d5bc301e52c894054970dc7aac5b599891b8ea55ff6bf28a279385380e214da4ca81b8fb6f1dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19f1631371e8ca701cad57564a3b2ee7

SHA1
5873b9e2861a8f16a18864b5c42fc050bcb16d7d

SHA256
e68c86b0334613dc6effe8fe0d23f53e0173cfd081760d59b2778efe121c5822

SHA512
2e7406a6b3fda5aa61ed5f415b94aae0f90bfa75035998aaa18ce6323c7235f32bc7a58e61bf7586e43afa0f13478cb81a55b1eecb832651cb21a7d0a0f6f4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
10457819e383c19e1e8f383dfddc2971

SHA1
0a9a77c930f2907d5b1040cac835a3765c1baf41

SHA256
bbdbf258496e7ef1fc25fda51cebdec3c9671d394da6671011268579bad80df5

SHA512
eddb8f9646ac412dee765b3b47e9308583c0a397fbc5f646b7bc4e37b4a71c61d648e21b0398e82d9e51eb324c6339b215b65004aca543293f776ed1ae063024

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
32be3b6b5a0f0f7e8ddf8f1b53519335

SHA1
28c77ce2a2db29046d0ee161850727856e60c295

SHA256
681bf503b33f40d306284a75671bac0e5c4e841b55b5b88a0ec8d9d72c541c37

SHA512
7f577168533213d8b3214d9459f6650c173a9b090270339536b62634158a52bee61f88a2f9a876bb5a320d21594ae1f9c6ebd5a6a75750e557157e453df31338

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1ccbbc12b2f062f490e83e0b0aa6185a

SHA1
1d5a5786b6dc2866284f9d1dd26f98c37b0ea290

SHA256
59638e9fffbf6ca2aeb4d1bfcf9440a4b609403645fee6b529cef9b6887f684e

SHA512
6fe4d644e179e19a55de90aa49d222537c803b2f3d34075f06294b054015ce922d9031e14d35a6dd9e450f8d194216485ffcd3cec3db6338c2895efc7d228864

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\D3DCompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\FEB2010_X3DAudio_x64.inf

Filesize
815B

MD5
49460e9297b0faab5a5d73e7aa2caa67

SHA1
a7e211f3d4ae808f67a798924c4d3314183df873

SHA256
68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf

SHA512
92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\FEB2010_X3DAudio_x86.inf

Filesize
1KB

MD5
e84adf38d499ae39090ad60fd76d76e3

SHA1
6af4d58bc04aac2723e8b97649f1b35fb1aca84c

SHA256
d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a

SHA512
6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_D3DCompiler_43_x64.inf

Filesize
830B

MD5
6494a3b568760c8248b42d2b6e4df657

SHA1
700f27ee4c74e9b9914f80b067079e09ec7c6a7f

SHA256
3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216

SHA512
2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_D3DCompiler_43_x86.inf

Filesize
1KB

MD5
1a86443fc4e07e0945904da7efe2149d

SHA1
37a6627dbf3b43aca104eb55f9f37e14947838ce

SHA256
5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf

SHA512
c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_XAudio_x64.inf

Filesize
923B

MD5
dd987135dcbe7f21c973077787b1f4f8

SHA1
ed8c2426c46c4516e37b5f9aac30549916360f7e

SHA256
1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8

SHA512
f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_XAudio_x86.inf

Filesize
1KB

MD5
31d8732ac2f0a5c053b279adc025619f

SHA1
c8d6d2e88b13581b6638002e6f7f0c3a165fff3c

SHA256
d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da

SHA512
abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dcsx_43_x64.inf

Filesize
815B

MD5
e1f150f570b3fc5208f3020c815474c8

SHA1
7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c

SHA256
5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a

SHA512
a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dcsx_43_x86.inf

Filesize
1KB

MD5
cf70b3dd13a8c636db00bd4332996d1a

SHA1
48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7

SHA256
d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1

SHA512
ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx10_43_x64.inf

Filesize
815B

MD5
13c1907a2cd55e31b7d8fb03f48027ec

SHA1
ca37872b9372543f1dbe09b8aa4e0e211a8e2303

SHA256
a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377

SHA512
545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx10_43_x86.inf

Filesize
1KB

MD5
53a24faee760e18821ef0960c767ab04

SHA1
4548db4234dbacbfb726784b907d08d953496ff9

SHA256
4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862

SHA512
8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx11_43_x64.inf

Filesize
815B

MD5
590fe1ea1837b4bfb80dc8cb09e7815f

SHA1
792b5b0521c34c6b723a379dd6b3acf82f8afb1f

SHA256
2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b

SHA512
80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx11_43_x86.inf

Filesize
1KB

MD5
fb5d27c88b52dcbdbc226f66f0537573

SHA1
2cbf1012fbdcbbd17643f7466f986ecd3ce2688a

SHA256
3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0

SHA512
8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx9_43_x64.inf

Filesize
812B

MD5
ce097963fc345e9baa1c3b42f4bfa449

SHA1
e7624afc3a7718b02533b44edfe4f90d1afda62a

SHA256
272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f

SHA512
f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\JUN2010_d3dx9_43_x86.inf

Filesize
1KB

MD5
a11deb327119b65bacce49735edc4605

SHA1
0be2d7fa6254b138aa53d9146cda8fedbba93764

SHA256
6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b

SHA512
b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\X3DAudio1_7.dll

Filesize
21KB

MD5
c811e70c8804cfff719038250a43b464

SHA1
ec48da45888ccea388da1425d5322f5ee9285282

SHA256
288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3

SHA512
09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\XAPOFX1_5.dll

Filesize
72KB

MD5
8a4cebf34370d689e198e6673c1f2c40

SHA1
b7e3d60f62d8655a68e2faf26c0c04394c214f20

SHA256
becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197

SHA512
d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\XAudio2_7.dll

Filesize
514KB

MD5
81dfddfb401d663ba7e6ad1c80364216

SHA1
c32d682767df128cd8e819cb5571ed89ab734961

SHA256
d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69

SHA512
7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\apr2007_xinput_x64.inf

Filesize
860B

MD5
94563a3b9affb41d2bfd41a94b81e08d

SHA1
17cad981ef428e132aa1d571e0c77091e750e0dd

SHA256
0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

SHA512
53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\d3dcsx_43.dll

Filesize
1.8MB

MD5
83eba442f07aab8d6375d2eec945c46c

SHA1
c29c20da6bb30be7d9dda40241ca48f069123bd9

SHA256
b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca

SHA512
288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\d3dx10_43.dll

Filesize
459KB

MD5
20c835843fcec4dedfcd7bffa3b91641

SHA1
5dd1d5b42a0b58d708d112694394a9a23691c283

SHA256
56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf

SHA512
561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\d3dx11_43.dll

Filesize
242KB

MD5
8e0bb968ff41d80e5f2c747c04db79ae

SHA1
69b332d78020177a9b3f60cb672ec47578003c0d

SHA256
492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d

SHA512
7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\d3dx9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\dxupdate.dll

Filesize
168KB

MD5
94202f25810812f72953938552255fb8

SHA1
c1e88f196935d8affc1783ccf8b8954d7f2bfb62

SHA256
6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564

SHA512
65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\dxupdate.inf

Filesize
12KB

MD5
e6a74342f328afa559d5b0544e113571

SHA1
a08b053dfd061391942d359c70f9dd406a968b7d

SHA256
93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

SHA512
1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\infinst.exe

Filesize
81KB

MD5
a7ba8b723b327985ded1152113970819

SHA1
50be557a29f3d2d7300b71ab0ed4831669edd848

SHA256
8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff

SHA512
60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX7DC3.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6AE1.tmp\BgWorker.dll

Filesize
2KB

MD5
33ec04738007e665059cf40bc0f0c22b

SHA1
4196759a922e333d9b17bda5369f14c33cd5e3bc

SHA256
50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

SHA512
2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6AE1.tmp\NsLauncher.dll

Filesize
6.3MB

MD5
23a4401838f7e3de16e66d5cb208e523

SHA1
0b88de2bb8a6580f2cfa5158546550f1a7676fc9

SHA256
adf187fc4ffc983a59bdab112b14237908ef9436787d9a4d0e4190f6debff0de

SHA512
1fa921ed8491e09d7b7b2f2ec0fd1d3033a61459863ec7a66f6af04564f1feb6245f7a84ce597206baecc84193348b57ca8d113dab3dfeffa712286e8791df01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6AE1.tmp\System.dll

Filesize
11KB

MD5
a4dd044bcd94e9b3370ccf095b31f896

SHA1
17c78201323ab2095bc53184aa8267c9187d5173

SHA256
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

SHA512
87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6AE1.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\.ba1\Banner.bmp

Filesize
123KB

MD5
461fa4877514f318a0d5cbc602daf7df

SHA1
5d2ed3abc96bb1fb419828e3de3fc75a6292536a

SHA256
638d5bfc987b45d28a308e8a4d68bd7c0a82d21e615e534fbfaa3cd0ad53889e

SHA512
c4def63dfde38cb2e35d75c7e61428cb9df2429af799e3e0b29c7bc1d9c60e8e32f18cc0e7b55e177d95bdb333a7a0d1f4369b02f5c574b6688047e01e9f98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}\.ba1\LogoSide.png

Filesize
43KB

MD5
63c9775d703ec8bdc9703f80d52ffc24

SHA1
1a5f3fa1fc4ee2a7e08506f8178d769cdcd7ec62

SHA256
8f03c6e8ce5f4898cc230e04d485e0e0744eb7ee180a3d8bb154f2fc9c7a93e5

SHA512
b2d9d18a3d6a1df401ede41e35af7167c6f253f54c290d1db64db212b5a2e9a2534e86e031e1e5499b2ce11bb952afc6bcd8f85aca351d49867c77dd4edba458

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c045b7f-e561-4794-91f8-c6cda0893107}\.ba1\1055\license.rtf

Filesize
177KB

MD5
f1a281f74d3e91d16dd26d1f313cd8a9

SHA1
ddb2ca9032c5a9c091eac53b679f6ba428077b00

SHA256
f79108a254f876e0f6bbcb05a9effbe25dc252e7ea256bfe3fd28ceb79737f25

SHA512
484c5ca26275427e1fb74d3217a22a0e4aac409aba973e78d7ad68834e7ad1d86c7855d34b227925200f941d288dfc09477b2d7dfe0856810c6c847297b8d625

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c045b7f-e561-4794-91f8-c6cda0893107}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7474cd6e-76cc-4257-837e-5b9261e526af}\.ba1\1031\license.rtf

Filesize
137KB

MD5
3c9f6f7aa38511f964ffb18a9d96c95d

SHA1
f270e60ef78590e691b2619474a99844c1a5c396

SHA256
442ad9e5b34d2a0aee3cd0450af51c6638a23ebd9771914428794bb8d4396a4d

SHA512
47d29f8457038a2a1cd7506e20c4b2df3707d424045dbd1ff4ab55746dfd549309044ed951d91d5f92a809d90124f19780c70f842060789a9db9824eb1b0ef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7474cd6e-76cc-4257-837e-5b9261e526af}\.ba1\wixstdba.dll

Filesize
126KB

MD5
a973cfa4951d519e032f42dc98a198b0

SHA1
2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

SHA256
25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

SHA512
b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
8KB

MD5
e26e3256cee7267a66aa403b9daf8b8c

SHA1
421c8ceca29de4a20ca5e59696bec73145971f87

SHA256
afd06683ab73d8c6ef7c45fd2d01b4e499b94d3909ce226f08179d221ab0036a

SHA512
61f4a4d264356213e93eda63637be88111bff0ba341e6cdfc4257a0dff7938eef3eacfee995ccbec14891776067546a988c6c4f327222f2cab5aab98cf361c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
12KB

MD5
027a0162e0f1c5e8676953c8ba312782

SHA1
1a7d2e6098b0b5e1c73fa7e93e842e7f38cafe23

SHA256
0b37843e5a6a8c50c9e0e1b7f677d710e70569a93fc51bf5e9d4d38650258426

SHA512
2abcfd2938a8b52d66783b2bdfcbc1adfab19512eaa2487c1c5e6b9fdb38ddfe700ae8bb8fc1bbdcaddd58d2fae9917b26a8863917a86264a0f19523fcc09813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
123a8f87855fbe39d4c93ec60cbce3f2

SHA1
fadb027adefea589d67d61eb8e539ba77514f47f

SHA256
4432e0219b8f42a2290e522dd6dfa00aef1eae982285ee2cfb57d932abfeebd9

SHA512
923b3cb2d509297394b00b3e817fb877ba00694ed2e036bc1742731c88caa8da2d22b196aaac27712211eaa58b33968154c937507d9a27238c84f4193e3be6e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6c5bc6addd38e10741a761e947de6a0b

SHA1
d5ef54fcb25ad69a2aae0479d95ae57e3a529c10

SHA256
22e921578a5b24568c217d0db090de16c4d4a79cd2e89a0bc94101f4fdd6fa7b

SHA512
b260dacfe5d5d6abfc1e76197dd0bcd1711e0ca8c09727aa33cca3c77ef3fe2dfcadf9b71cfb5556f0f37968c02225ab0bf216968f4f9c1889648f7f2cfa1f66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
614dcb94b910699dcd04ad925e737074

SHA1
3d84ac0f0c70d690e7e5bd48e00089ab0e822a2a

SHA256
21e8a9f0ec8599f7adc1e83a55758adc8d65fba92b419f9a3688b6fbc2588f55

SHA512
afa5ee90fda2b911ea4a846942a3d481960391b92a69ebc5cef4bf7fc89fb4b8cf386e6a1f9bf2a80f04b338ac84be26dfe100000a0129c6333021a7de06afcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
a18c0da30e15c9d28f2fbd1126367b10

SHA1
15cafedcdc00e380b1a6ababcee0e92cb8fc08d3

SHA256
a584ace91b2b75505cf1020cbd6d87ebf1e59d95777b211e2be11164a3bb7414

SHA512
2f084216295549f8e23b19860560b79ac12c3008ec85744bcd10671b2880e7a0cca6fa6eef739016d53603c444c96a2b9a204b71d970cfb8e6af6337140b0836

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\080ab932-491e-494c-be2e-fdc0e10d0d0e

Filesize
982B

MD5
0de6c2ad52199400b036eaeaf7c25d78

SHA1
bf702f81569f86d84a1712424b81bb66f5bfad4d

SHA256
83c7f07b5468d79e5434dea0fc31e16afb22aaa7b72a3ee923969534736b979a

SHA512
0e8f94c1895fa90bedae5655831212f5728fa31ed3ddc777a13922aeace226dccb50d6d4ca65ef3aeb9c87bc2390d8a2b095b2f3fcb20e711efe8cdae5a6b7e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\925930f6-5cc2-45ec-89dc-b912c81d1fa5

Filesize
671B

MD5
8708c98ac2ea054065e1d2cca62fad2b

SHA1
805809671a9af10e6ff3e89b4ebc5cf786b49e8a

SHA256
7da3ec5a639809b5ada04667fa19b8707a706a87b0239e1bb46f3704573e2794

SHA512
b738623dd09eeda21a15dcb1c3ec633496a27c2fb338613d526bde9f27d64f977489690266a15862c26d1830b310c8823f62d9fe8b67694b27124e40fbc48492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\f4addace-65b3-447b-a696-2f0eb43c6bb9

Filesize
24KB

MD5
f87938d5bc6b249d7851815240bc5f75

SHA1
f0213acda956fddca1a50645761469acb22efed9

SHA256
db56ca071e3563a6f12f32f50c2e290708f25b90135cd5808250c4873e7188e6

SHA512
a402b8df922b439782cf48c25cb8d5fdc7cc658c6209cb3801c48aafb494945f1f90f609e906a83db80eed10bb859731118a67c210f9d3f0df195022198d685e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
11KB

MD5
e6e01e6232b313f946f0c0e0756a9a20

SHA1
851a6d41f6871233ca722e99625a48fee97ec21d

SHA256
28f9c2cbc31434f9826418402a5f9145803f70948d12d64fd3913c185d845731

SHA512
cba091ac3e15a72954f58a26b479e2a1a246049afa2e27126e74d6e94455fb95bffd7506f21c68f18da80031ab1c146b5144b65f6ea4d2b00e1641c2734644ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
3aa8b004fcee2318781a041fcb7fca0e

SHA1
c5de5cd6b96fc068953032f03f41dbdc04a13feb

SHA256
10e00543edc8ecae1a743a70d84015235adbeadcc76ad42a029ff8e945b4a12a

SHA512
6133b7226a8e612de21cd238c6f9f2bc2a12bdf8104691141d9bc68dbe752979c94519904cb458479463628c43675ab99b9682aae9780dc4d5e6ccd19862894d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
a5245aa82b7cc31763553d84674c45d4

SHA1
ccd26399914bcd54fe8d658d4ca37a45f20d3e19

SHA256
4eced746b828dc095bceae81e2e5bc3407424e4712a12948dc0d589994ce6a09

SHA512
6ede82e4621d99593a50a190b19d2109429fa9669f981185bbfc9b768589710ef957cc95568482826b9df73e6b04409cd9f3493d3695f55bb4ab19a94182bb77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
087b98963c112325b700b743a678271f

SHA1
8a21b43b0b656b09732694e66da86c38ea62d249

SHA256
81915ab74b86141ee92e87d08f9029d9d4c7bb34449ecc2d789601933eb3b6bf

SHA512
4a4584723ba63a163d3c90d3fa918321ccbd27c75321ddd62c73ddf5fca321bc55861d2d17042295a39c4afcb0fcbe5905142bbd861e90abfd7f81a32c5639e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7c2e29f01b55cd390eaed21fbd4179df

SHA1
3107306718b1131fa2d9851cfb489ac3d2bdd5bb

SHA256
ffc53c9ef590e0113620bfca833a9df5ff2a4f955bda4aad2e98c36c13d2774f

SHA512
64dfb0150d9b33be54a2fcf42275670bc479af8a2e0e74d215d405368097ec0957dd2bd468455c4e5194ebc20e7edba22d2a03d499b623f4dffccf906fdb5e88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
47cebb458023c4082623962da514d5a2

SHA1
ef7576ed4c996d015e5b629193b39540fb9649c9

SHA256
6249325dd6fa22067c0f6defc5b04bb26782021ce314eee8a7c5e30137de3dd0

SHA512
b8d22889d13a722289a44217356bb40cd619cab5664f74bd91d8705f5f8784ec5dbb79f659db05d6c1c68b9ffcf1b1148f2d14650ff4f714048888add68b8d53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
61ef62ff6209b17916e898157aadfe42

SHA1
e459f87acc8b24e47837021b555fbbef63205536

SHA256
4f363fd779af39bae46aab453b596d0c20bf71f280f371791e6c6ad6b727ba2e

SHA512
1dcc542ebd7efd2531dbac003564fa7c69a372fa33869f66d74038bc7d8826b0866d833d54ef848373a0da5c010ede4888040b172750f3396d57155094778a05

Download Submit
C:\Windows\Installer\MSI7C0E.tmp-\DXSETUP.exe

Filesize
524KB

MD5
ddce338bb173b32024679d61fb4f2ba6

SHA1
50e51f7c8802559dd9787b0aebc85f192b7e2563

SHA256
046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de

SHA512
7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4

Download Submit
C:\Windows\Installer\e5c781a.msi

Filesize
11.7MB

MD5
d701d2883a1040aaf0b72548ec21b93c

SHA1
433414b69580c5adc66babcc4a18cc380075ee3e

SHA256
05f2980c8460f6e673f9a29f97616bea9a1f0938e7b18852b6d722332863d998

SHA512
f5e6d55c2b7fe79ce376ec9ebf01b2750ba471250b2142bc910d48ac3a560f2f08d31b8281cf1eff48243182eb3a7b96dc0469587b35888777e90c0ad759ea45

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
13KB

MD5
3101b2d0e3e774ce23898beca471dcfd

SHA1
ce408732ef92663e8bb7d03035fdbee065866aad

SHA256
72572bb9f0b750f5cca974fa6a849ba82f0d61c6591885f9812903489171e4e4

SHA512
c0367a75ac6db6a11f14bb4189b5d3646d8cc997386a9b21265e554ed0717234fd123712bc7d528bef1c828e9500a660039d51054933f4ef253c79e16a0a636e

Download Submit
memory/4388-5868-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5864-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5860-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5859-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5869-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5858-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5870-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5867-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5866-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4388-5865-0x0000029A8ED60000-0x0000029A8ED61000-memory.dmp

Filesize
4KB

Download
memory/4708-2301-0x00000231C9C20000-0x00000231C9C50000-memory.dmp

Filesize
192KB

Download
memory/4708-2303-0x00000231C9C10000-0x00000231C9C16000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads