agenttesla | hxxps://drive[.]google[.]com/file/d/1Wj07ngMff9_V0N6-76x4czf7APGZn0Bw/view?usp=sharing

Resubmissions

13-08-2024 00:24

240813-aqgpaszajk 6

08-08-2024 21:05

08-08-2024 21:04

08-08-2024 21:04

08-08-2024 21:00

08-08-2024 20:42

Analysis

max time kernel
34s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Wj07ngMff9_V0N6-76x4czf7APGZn0Bw/view?usp=sharing

Score

10^/10

agenttesla discovery keylogger pyinstaller spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/2020-128-0x00000000057B0000-0x00000000059C4000-memory.dmp	family_agenttesla

Executes dropped EXE 1 IoCs

pid	Process
2020	7zCon.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0008000000023562-177.dat	pyinstaller

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zCon.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	7zCon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	7zCon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	7zCon.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 398537.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
516	msedge.exe
516	msedge.exe
1936	identity_helper.exe
1936	identity_helper.exe
1572	msedge.exe
1572	msedge.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe
2020	7zCon.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2020	7zCon.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 4404	516	msedge.exe	84
PID 516 wrote to memory of 4404	516	msedge.exe	84
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 2424	516	msedge.exe	85
PID 516 wrote to memory of 3620	516	msedge.exe	86
PID 516 wrote to memory of 3620	516	msedge.exe	86
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87
PID 516 wrote to memory of 1456	516	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Wj07ngMff9_V0N6-76x4czf7APGZn0Bw/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b30046f8,0x7ff9b3004708,0x7ff9b3004718
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Users\Admin\Downloads\7zCon.exe
  "C:\Users\Admin\Downloads\7zCon.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,12542735340174820237,244729951673361560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:232

C:\Users\Admin\Downloads\xy_extractor_reworked.exe
"C:\Users\Admin\Downloads\xy_extractor_reworked.exe"
1⤵
PID:1724
- C:\Users\Admin\Downloads\xy_extractor_reworked.exe
  "C:\Users\Admin\Downloads\xy_extractor_reworked.exe"
  2⤵
  PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7810286587b80c23c674fdfdde54b140

SHA1
e3eb6d17c873025d8e9e99bf08ce364848349c08

SHA256
74132a0e6a69ece74f9602c5db5208930e9de28e4a575be04f4305bd375cac07

SHA512
ba3b36c65d6a44c5417d5c8f2eb35df844ec271d5cb1ca7f1a0c3c256eae90c87b490f124aa55231cbab7eed3cebf065389827b4b10aa920c70af0954dc307ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9c48ee5c0efaa7f1ecca1ef7225e04ec

SHA1
9e5593e06988415aa64269c4d32a169e20b12b87

SHA256
ba39e1acdc38c1d4003fc05ecdf479293d5bafcc3188ab68e95589fdd845da39

SHA512
bc1933891cb9d15a435f26ba7e0783f6d913953016dffe51422327a6ceaf26c4e44aee45f39e3a44d7b184244372f1a336e9caca860d8c0bfd3becc8f8c77fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
338f050790b7043bbf2e3a2cf99ffaaa

SHA1
0e92ee36fe6f4f381a7850b3b94c65bddb3b87fe

SHA256
b577c029e64a2bc0b0262ff96aa0631f830b9e46f32815d16d7bc78317362e95

SHA512
8a17d9cd5c61e6ddabca5e9868910291740ae5359b524e8aa9c4ad8ce65bdb2b72c3c5d62633d7b717fdaa6f408bbde63022df96f33702e056ce7dd6da56411a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fca2e0502da85ca0a4d33eb3688c021

SHA1
cda2d8a404a9310099e14afd0baf016bca1455b8

SHA256
e9a57542d135c269070d411314661dc18a1e84d185708df69106452a0c0aa4af

SHA512
e93df71b8f204ba47dc38a5969c78929a6338e11dd97bb2da39be3faf955519566a99ce545edf2bbe89c2f07a3a18a81aa3a2b5035c4873df87e3e4d4df7e30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
898bb9caac0e7b40af12de8ddd145169

SHA1
9408dfec13b1f431624ade48e1166bcc92ef8a20

SHA256
d653dd766fb35dcb2ea21bc1a7d4107cf0b06320a67b8c0c79e7b4ff7b0ae90b

SHA512
38b514c5132162527b4d1e869563abb5b24ed9e786a05c28c16a38475ac3588f8f7a2943ddbeb2169060ad43463373bc34d1fa7fb4ce68bd1a00b039150efffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f47be2bddf267068e96cb89fa57d4db2

SHA1
908cdf837af73d29d94e5ead446da2cf4ff57e9a

SHA256
0f8ce7339d5008be421f4a0826777d02d02982fb42a5ac5b28f049afcee3f027

SHA512
a86453e503e39e4565c6c15a59035b38e6aba9601088802fc90294208ecd3eb9a5f1aaa0f66d7031fb48d3da3477a9987ead4033ef26573e0053f60521f7bf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f921dc592e937037eee5e5d41943e02

SHA1
3237a33af28eadfc4ad509d44630459b5bd07697

SHA256
6f6bbc7eced860d0576e797cd1f6df142cc083d51587ed2f55d7deea7399197b

SHA512
bebd1313f7b0ef1f97c2e82eedc3ddb089e10a5ee24c30556ae89751f22337e8484215768e33716e15c96c352dd937a00cc1bf1ca374aed01da61faacb79a4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a6cd8f2fecb9b80a28f5ad321cdedc5

SHA1
c8f8a7c091d0f95f7dd9f722bdf34b393275492e

SHA256
d268906e6e7fdbb3703d469e17c062c9fb861a01f8c3c7dbe6f7af636d38047c

SHA512
2c11c0029420210c3c5c0e20cc8823ae001dfc311f9cc368c6a613c828d7217066ba7898e22f5270fe69afaba324a80acbe4ee4590c7b7d43e54cc64ce74d009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fef655ac25490cdbc9c8af59b5ac4e7

SHA1
b5ff67da370f9a8610d5ae9f683ca6ba2b6102fe

SHA256
b9e30873af2bf40174f01d7b9944f0b10f2429fba5f0833ee34a9353e6e06dfe

SHA512
aeeac847b6edba2ef7ef49bf41f08ee435ef423bb25a929a920541e16f4d53e315f66f5a01381f2b029c971c13a007bf5c30862f1238e0b2cade88884d9b9ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b650100de786da26a0f0f95dd3c6b4e

SHA1
6239b7b7dde8b670a8665ca414ccdae845aa4dff

SHA256
78a1765173c5fdbd52e356a86f8ff105b6c387887e9330c0bef704a652726896

SHA512
750b7c4dbadf77dfd71f1d99a15173f3a2bfd971bb67b792ac24087896a8dd49d091e8175e998f3040d61c831d83074d8252f0abb86d64e923b0b2ce9cfd4e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86f3bcc7e315f5411e082a03d78f401d

SHA1
63d979577010112195a3cd9fb3ef5a6f92f7d354

SHA256
60b3315e678c1ce04fbafbdeb62a54355513b2ffdef3634e48ce71dd3c97bfa1

SHA512
665eb280d29e11d30720a51ee95cdf3f05994dcca3f1ccffe4fffd308e8379d8e7001c0f135e580c384ed5a5527acc7cf177b60a508b4df40d952c67ec97ba27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\_hashlib.pyd

Filesize
64KB

MD5
7c69cb3cb3182a97e3e9a30d2241ebed

SHA1
1b8754ff57a14c32bcadc330d4880382c7fffc93

SHA256
12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20

SHA512
96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\_tkinter.pyd

Filesize
63KB

MD5
0b6ec42276cbbf7aafcde5b0f72211f4

SHA1
2f9d09ab988a269c44df080224851dd880371d78

SHA256
ac4262aaa4689a0e08f6f03af3928491d023c8b65fcfbf6a030dd884f3900150

SHA512
265317961130c9cbee5ee6982d21446bc3ed3fd2a57bd6f60909e082c39f26b44b8a974430b4f841cdfaba4217a559568a009b996308ba4173d7fbe1c3fe8c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\_uuid.pyd

Filesize
22KB

MD5
71ab50ef5e336b855e6289b0ac3e712d

SHA1
e06c3b0d482623393d2e2179de0ff56eb99c4240

SHA256
6f1cc2d6a770f1b441dc6371decae414ea1bd509b0e37b423faa33fc98a28b7e

SHA512
345b4d664f3bc29cfb743a95f78898651f8d3d1ac1365b89690068888202ee58f59f341466f26bb94bd568b67f2d3fcf2e5f022c9c25f2ca25d5baf0aa514682

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\base_library.zip

Filesize
1012KB

MD5
e169953fe63b9378d2a44aa3f2e8eba1

SHA1
a7bded8e856e98bcff16fd3ccd944adf34d6440b

SHA256
963bbfed30e603a0446d1036dd22dca21bde3a6936dfc60c8c19924287167f02

SHA512
c5d7e39da4dba84758a4b58e12e8baecd04d2d8188edcbffc9b615d2894e503e9550425cb33e47addc8f4c802c560a6cb821cc350163e6d823ed129d636a735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\python39.dll

Filesize
4.3MB

MD5
5cd203d356a77646856341a0c9135fc6

SHA1
a1f4ac5cc2f5ecb075b3d0129e620784814a48f7

SHA256
a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a

SHA512
390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl86t.dll

Filesize
1.6MB

MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl8\8.5\msgcat-1.6.1.tm

Filesize
33KB

MD5
db52847c625ea3290f81238595a915cd

SHA1
45a4ed9b74965e399430290bcdcd64aca5d29159

SHA256
4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55

SHA512
5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\auto.tcl

Filesize
20KB

MD5
5e9b3e874f8fbeaadef3a004a1b291b5

SHA1
b356286005efb4a3a46a1fdd53e4fcdc406569d0

SHA256
f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840

SHA512
482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\http1.0\pkgIndex.tcl

Filesize
735B

MD5
10ec7cd64ca949099c818646b6fae31c

SHA1
6001a58a0701dff225e2510a4aaee6489a537657

SHA256
420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c

SHA512
34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\init.tcl

Filesize
23KB

MD5
b900811a252be90c693e5e7ae365869d

SHA1
345752c46f7e8e67dadef7f6fd514bed4b708fc5

SHA256
bc492b19308bc011cfcd321f1e6e65e6239d4eeb620cc02f7e9bf89002511d4a

SHA512
36b8cdba61b9222f65b055c0c513801f3278a3851912215658bcf0ce10f80197c1f12a5ca3054d8604da005ce08da8dcd303b8544706b642140a49c4377dd6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\opt0.4\pkgIndex.tcl

Filesize
607B

MD5
92ff1e42cfc5fecce95068fc38d995b3

SHA1
b2e71842f14d5422a9093115d52f19bcca1bf881

SHA256
eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718

SHA512
608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\package.tcl

Filesize
22KB

MD5
55e2db5dcf8d49f8cd5b7d64fea640c7

SHA1
8fdc28822b0cc08fa3569a14a8c96edca03bfbbd

SHA256
47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad

SHA512
824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\tclIndex

Filesize
5KB

MD5
e127196e9174b429cc09c040158f6aab

SHA1
ff850f5d1bd8efc1a8cb765fe8221330f0c6c699

SHA256
abf7d9d1e86de931096c21820bfa4fd70db1f55005d2db4aa674d86200867806

SHA512
c4b98ebc65e25df41e6b9a93e16e608cf309fa0ae712578ee4974d84f7f33bcf2a6ed7626e88a343350e13da0c5c1a88e24a87fcbd44f7da5983bb3ef036a162

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tcl\tm.tcl

Filesize
11KB

MD5
f9ed2096eea0f998c6701db8309f95a6

SHA1
bcdb4f7e3db3e2d78d25ed4e9231297465b45db8

SHA256
6437bd7040206d3f2db734fa482b6e79c68bcc950fba80c544c7f390ba158f9b

SHA512
e4fb8f28dc72ea913f79cedf5776788a0310608236d6607adc441e7f3036d589fd2b31c446c187ef5827fd37dcaa26d9e94d802513e3bf3300e94dd939695b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk86t.dll

Filesize
1.4MB

MD5
fdc8a5d96f9576bd70aa1cadc2f21748

SHA1
bae145525a18ce7e5bc69c5f43c6044de7b6e004

SHA256
1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

SHA512
816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\button.tcl

Filesize
20KB

MD5
309ab5b70f664648774453bccbe5d3ce

SHA1
51bf685dedd21de3786fe97bc674ab85f34bd061

SHA256
0d95949cfacf0df135a851f7330acc9480b965dac7361151ac67a6c667c6276d

SHA512
d5139752bd7175747a5c912761916efb63b3c193dd133ad25d020a28883a1dea6b04310b751f5fcbe579f392a8f5f18ae556116283b3e137b4ea11a2c536ec6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\entry.tcl

Filesize
16KB

MD5
be28d16510ee78ecc048b2446ee9a11a

SHA1
4829d6e8ab8a283209fb4738134b03b7bd768bad

SHA256
8f57a23c5190b50fad00bdee9430a615ebebfc47843e702374ae21beb2ad8b06

SHA512
f56af7020531249bc26d88b977baffc612b6566146730a681a798ff40be9ebc04d7f80729bafe0b9d4fac5b0582b76f9530f3fe376d42a738c9bc4b3b442df1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\icons.tcl

Filesize
10KB

MD5
2652aad862e8fe06a4eedfb521e42b75

SHA1
ed22459ad3d192ab05a01a25af07247b89dc6440

SHA256
a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161

SHA512
6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\listbox.tcl

Filesize
14KB

MD5
c33963d3a512f2e728f722e584c21552

SHA1
75499cfa62f2da316915fada2580122dc3318bad

SHA256
39721233855e97bfa508959b6dd91e1924456e381d36fdfc845e589d82b1b0cc

SHA512
ea01d8cb36d446ace31c5d7e50dfae575576fd69fd5d413941eebba7ccc1075f6774af3c69469cd7baf6e1068aa5e5b4c560f550edd2a8679124e48c55c8e8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\menu.tcl

Filesize
37KB

MD5
181ed74919f081eeb34269500e228470

SHA1
953eb429f6d98562468327858ed0967bdc21b5ad

SHA256
564ac0040176cc5744e3860abc36b5ffbc648da20b26a710dc3414eae487299b

SHA512
220e496b464575115baf1dede838e70d5ddd6d199b5b8acc1763e66d66801021b2d7cd0e1e1846868782116ad8a1f127682073d6eacd7e73f91bced89f620109

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\panedwindow.tcl

Filesize
5KB

MD5
2da0a23cc9d6fd970fe00915ea39d8a2

SHA1
dfe3dc663c19e9a50526a513043d2393869d8f90

SHA256
4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29

SHA512
b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\pkgIndex.tcl

Filesize
363B

MD5
a6448af2c8fafc9a4f42eaca6bf6ab2e

SHA1
0b295b46b6df906e89f40a907022068bc6219302

SHA256
cd44ee7f76c37c0c522bd0cfca41c38cdeddc74392b2191a3af1a63d9d18888e

SHA512
5b1a8ca5b09b7281de55460d21d5195c4ee086bebdc35fa561001181490669ffc67d261f99eaa900467fe97e980eb733c5ffbf9d8c541ede18992bf4a435c749

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\scale.tcl

Filesize
7KB

MD5
1ce32cdaeb04c75bfceea5fb94b8a9f0

SHA1
cc7614c9eade999963ee78b422157b7b0739894c

SHA256
58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365

SHA512
1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\scrlbar.tcl

Filesize
12KB

MD5
4cbffc4e6b3f56a5890e3f7c31c6c378

SHA1
75db5205b311f55d1ca1d863b8688a628bf6012a

SHA256
6ba3e2d62bd4856d7d7ae87709fcaa23d81efc38c375c6c5d91639555a84c35d

SHA512
65df7ae09e06c200a8456748dc89095bb8417253e01ec4fdafb28a84483147ddc77aaf6b49be9e18a326a94972086a99044bee3ce5cf8026337dfc6972c92c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\spinbox.tcl

Filesize
15KB

MD5
9971530f110ac2fb7d7ec91789ea2364

SHA1
ab553213c092ef077524ed56fc37da29404c79a7

SHA256
5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a

SHA512
81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\text.tcl

Filesize
32KB

MD5
03cc27e28e0cfce1b003c3e936797ab0

SHA1
c7fe5ae7f35c86ec3724f6a111eaaf2c1a18abe9

SHA256
bccc1039f0eb331c4bb6bd5848051bb745f242016952723478c93b009f63d254

SHA512
5091b10ee8446e6853ef7060ec13ab8cada0d6448f9081febd07546c061f69fc273bbf23ba7af05d8359e618dd68a5c27f0453480fe3f26e744db19bfcd115c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\tk.tcl

Filesize
22KB

MD5
3250ec5b2efe5bbe4d3ec271f94e5359

SHA1
6a0fe910041c8df4f3cdc19871813792e8cc4e4c

SHA256
e1067a0668debb2d8e8ec3b7bc1aec3723627649832b20333f9369f28e4dfdbf

SHA512
f8e403f3d59d44333bce2aa7917e6d8115bec0fe5ae9a1306f215018b05056467643b7aa228154ddced176072bc903dfb556cb2638f5c55c1285c376079e8fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\ttk\fonts.tcl

Filesize
5KB

MD5
7017b5c1d53f341f703322a40c76c925

SHA1
57540c56c92cc86f94b47830a00c29f826def28e

SHA256
0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0

SHA512
fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17242\tk\ttk\ttk.tcl

Filesize
4KB

MD5
e38b399865c45e49419c01ff2addce75

SHA1
f8a79cbc97a32622922d4a3a5694bccb3f19decb

SHA256
61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6

SHA512
285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 398537.crdownload

Filesize
1.6MB

MD5
231aa8bca139b5221179350c75014b8c

SHA1
f3c3456257ebd16c548861c248dba385f4fb5120

SHA256
f36e764587ea0d9e11364210d1ab41911d93bdb1c14a9d9146b677a56e626c50

SHA512
01562410cb8bd4feacf8e38413b57161778689cbc9b20f6017700f3737de925d3fd21e95451701a135ad120606004a452bf9c0f59742437bea8b9ce94e3ede25

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 680795.crdownload

Filesize
8.3MB

MD5
d491bedc32612858c3b94df73e41d192

SHA1
2b6a7adfbd31ec1c7071073cf47e47989f203a31

SHA256
a8bfaf929e99a99e601bed89d6c31435304de846c50cce1f33a18a8ed9bdbb57

SHA512
5b8e218b6461ba34bec5efa53131dd7b8440ebefdf557367c3c150a7a7e77701405049164a40f06fd0706e1b627b38b5c8b9425aab45f460eb782c0570541993

Download Submit
memory/2020-130-0x0000000007A50000-0x0000000007AB6000-memory.dmp

Filesize
408KB

Download
memory/2020-129-0x0000000007450000-0x0000000007462000-memory.dmp

Filesize
72KB

Download
memory/2020-128-0x00000000057B0000-0x00000000059C4000-memory.dmp

Filesize
2.1MB

Download
memory/2020-127-0x0000000004EB0000-0x0000000004EBA000-memory.dmp

Filesize
40KB

Download
memory/2020-126-0x0000000004CF0000-0x0000000004D82000-memory.dmp

Filesize
584KB

Download
memory/2020-125-0x0000000005200000-0x00000000057A4000-memory.dmp

Filesize
5.6MB

Download
memory/2020-124-0x0000000000160000-0x00000000002F6000-memory.dmp

Filesize
1.6MB

Download
memory/2020-132-0x0000000007EA0000-0x0000000007EDC000-memory.dmp

Filesize
240KB

Download