953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b

Analysis

max time kernel
140s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe
Size

23.9MB
MD5

24e4d1c9cc8a3e4b59d3cca3adf2693c
SHA1

f18cdcf6a5edb9af64c66a88ebcc9464644fc791
SHA256

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b
SHA512

953abe36e36350daa7671156432445ff779ff18f1059a3172dec1251c304ed82337d58a51ca65d123e5270729fb2ffb4074cc8d005a1720e0fd4d0fcf26ccadb
SSDEEP

393216:eSM0Dml0iSiRoAnmhIlHQtkCd+k6WxozOVJb7kCsecPP4m1EtFEUZ1iPFQh:BC0iSiRoAnmhIlTk648E97PduetFtL7

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

Loads dropped DLL 1 IoCs

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

pid process

4860 953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
548	4860	WerFault.exe	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe
64	4860	WerFault.exe	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe = "11001"	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

Processes:

msedgewebview2.exe

pid process

2760 msedgewebview2.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

pid process

4860 953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

pid process

4860 953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

pid	process
2760	msedgewebview2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

pid	process
4860	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe
4860	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exemsedgewebview2.exe

description	pid	process	target process
PID 4860 wrote to memory of 2760	4860	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe	msedgewebview2.exe
PID 4860 wrote to memory of 2760	4860	953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3896	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3896	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 1640	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 5112	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 5112	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe
PID 2760 wrote to memory of 3488	2760	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe
"C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe"
1⤵
- Checks whether UAC is enabled
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4860

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe --webview-exe-version=1.0.0.1 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=4860.228.9068427441876119039
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:2760

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffc86262e98,0x7ffc86262ea4,0x7ffc86262eb0
3⤵
PID:3896

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView" --webview-exe-name=953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe --webview-exe-version=1.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1796 --field-trial-handle=1800,i,4946485276477472431,4737137531223747385,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
3⤵
PID:1640

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView" --webview-exe-name=953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe --webview-exe-version=1.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2044 --field-trial-handle=1800,i,4946485276477472431,4737137531223747385,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
3⤵
PID:5112

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView" --webview-exe-name=953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe --webview-exe-version=1.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2336 --field-trial-handle=1800,i,4946485276477472431,4737137531223747385,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
3⤵
PID:3488

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView" --webview-exe-name=953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe --webview-exe-version=1.0.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3652 --field-trial-handle=1800,i,4946485276477472431,4737137531223747385,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
3⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 1552
2⤵
- Program crash
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 1552
2⤵
- Program crash
PID:64

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4860 -ip 4860
1⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4860 -ip 4860
1⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
abc4636a86019ccc2120994f7aea6b7c

SHA1
bc5a1da65bd7ea7c62db86a1c085e03c9c7cc103

SHA256
4040240ea4fac2f3f9ec8997d2740a4ad2c3b79009fc37bcb0271cd975d7aa20

SHA512
9681a243cc811e24c2a16512874f71bed19905c62dd0e352f2b2b870643c7a63882f5f1c70cb0699ec113d9aa1af47b566756b3c1da1a8e3a62660bb9b1ec029

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
7b7a6c7573de6f86ede8846380c532cb

SHA1
1bbbf319542663d11018eba0313c07a113cf1dc1

SHA256
c29f8e2d5bc8b6637f0e3a6eff92117068fa1fbdbf8953870b29d68dc4e01a07

SHA512
1095b72541ebd2a31b518fe722e32d9983039581d7434c1c0fca4b3baf533d126f4395905941b6262af055b8e6c976d34b15ae46a474e1773e69a994313116e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Local State
Filesize
2KB

MD5
7491664c37e9ba2934bd64954c71c95a

SHA1
4f03013183ccc0b017db9db2cb0277f512762562

SHA256
298ee11d477d0632feeb180c6e4576e3a3e59952790e5b0ea0ae19bae73956b2

SHA512
52491353c53b82ac3bb03e2d69fa5ecf3201446b438c911ae7459950c9ca5e1846e60a2ce43e652efecd31342d5768934ea14e40d2dafa6448629c6c295887f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Local State
Filesize
3KB

MD5
5f2cb2e5a13f60648229386ee15602bc

SHA1
6dcbf2cd963d4e7928c55a39c59d8eb5a7f830a3

SHA256
f3a26e54ec31dc193134d25508ce273d812a7b0382447d02c029c27ff690df1c

SHA512
ce39ecb4c51c05c4abc9ade303dea8b288cb94a732e1ac4218fcea8dce7560cf493bd534da73bfe0475da0c41c4044a78be68494aab1d27c4a89c923c1ed0840

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Local State
Filesize
3KB

MD5
f2c3fa311cbbca1c54c8e9e14d745b8c

SHA1
bfb411a0cefaaada27893cc3540950149b960e3f

SHA256
b5435b06b35732e168e161da682d291b20d8e35dede810d6cc0746188d42644f

SHA512
9e8f902eb7bc91abb2499d12212ea9bd270b8db0f5e98e7f2398cb12d88bc4bd270b4e9b1d414e46abdd8f317fd2c79a87abc6e7649b7ada4fe1d255c89e36b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\953845517c6b115e04e621590e44744270ad772dfb16ded47eda198938a54e1b.exe.WebView2\EBWebView\Local State~RFe583fe2.TMP
Filesize
1KB

MD5
3a5b9f3d5ad57ab1434e9cc6332200d5

SHA1
eab230ffae789d9c676597de6e8885a002010f06

SHA256
c6ee48517ad84dddaf02ffbd8a32f7c78309a138765989c3d58ae77138fdc660

SHA512
c47ed22b1bd8a3228ba8478e733b6a479264963d809672342ab9b29a786f8e33c297a128d961ad8831ab815fb1f730cb8cae70d295c1ff509637e8efeefa7275

Download Submit
C:\Users\Admin\AppData\Local\zhw_publish\zhw_com\miniblink_4949_x32.dll
Filesize
17.2MB

MD5
5cb8538715a0d28f82f15c1f7e3ee1ae

SHA1
bcdf0dd458f491f8ae940d5090b947dfc3dfe91c

SHA256
ce00c881be42a9d71ef94200bc7d4da48490970390496038f0bf9d1f99dd1d45

SHA512
f3465d76d8cdce1139cf2a59f85dcd1efee6f44d22ba994a628dfe1fe23bae465622f9ee1362b03f34cb440485b0fedee30610a84d9dac6550c7abcdcc0c8e15

Download Submit
\??\pipe\crashpad_2760_FJRWNSXNREIDXOWK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1640-70-0x00007FFCAB570000-0x00007FFCAB571000-memory.dmp

Filesize
4KB

Download
memory/3248-180-0x00007FFCAB570000-0x00007FFCAB571000-memory.dmp

Filesize
4KB

Download
memory/3488-90-0x00007FFCAB390000-0x00007FFCAB391000-memory.dmp

Filesize
4KB

Download
memory/3488-91-0x00007FFCAB940000-0x00007FFCAB941000-memory.dmp

Filesize
4KB

Download
memory/4860-43-0x0000000029100000-0x0000000029101000-memory.dmp

Filesize
4KB

Download
memory/4860-44-0x0000000005700000-0x0000000005701000-memory.dmp

Filesize
4KB

Download