f8a9ec0250ec7b6bc1ecb18fa1d39e70df2661a0187f4babfbcccf5065997fc6

Analysis

max time kernel
724s
max time network
729s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08-09-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RezWpf.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js
Size

2KB
MD5

f5c93c471485f4b9ab45260518c30267
SHA1

ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
SHA256

9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
SHA512

e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda

Score

7^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	rundll32.exe

Executes dropped EXE 3 IoCs

pid	Process
2016	main.exe
4908	main.exe
3712	main.exe

Loads dropped DLL 64 IoCs

pid	Process
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702754748374556"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{47E7AAD3-8055-4CF2-A629-3A432154FCF1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
3684	msedge.exe
3684	msedge.exe
1768	msedge.exe
1768	msedge.exe
3076	identity_helper.exe
3076	identity_helper.exe
2112	msedge.exe
2112	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
1360	msedge.exe
1360	msedge.exe
2016	main.exe
2016	main.exe
2016	main.exe
2016	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
4908	main.exe
3548	sdiagnhost.exe
3712	main.exe
3712	main.exe
3712	main.exe
3712	main.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeCreatePagefilePrivilege	920	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 256	920	chrome.exe	95
PID 920 wrote to memory of 256	920	chrome.exe	95
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 1032	920	chrome.exe	96
PID 920 wrote to memory of 392	920	chrome.exe	97
PID 920 wrote to memory of 392	920	chrome.exe	97
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98
PID 920 wrote to memory of 1480	920	chrome.exe	98

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\RezWpf.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.55\adblock_snippet.js"
1⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff5f62cc40,0x7fff5f62cc4c,0x7fff5f62cc58
  2⤵
  PID:256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1768 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=1184,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3252,i,14093924524748403952,5520687412835622883,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff706d46f8,0x7fff706d4708,0x7fff706d4718
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3612 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,17719084048070946289,563959019524176998,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3228

C:\Users\Admin\Downloads\RezWare\RezWpf.exe
"C:\Users\Admin\Downloads\RezWare\RezWpf.exe"
1⤵
PID:936

C:\Users\Admin\Downloads\RezWare\main.exe
"C:\Users\Admin\Downloads\RezWare\main.exe"
1⤵
PID:4948
- C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\main.exe
  C:\Users\Admin\Downloads\RezWare\main.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Users\Admin\Downloads\RezWare\RezWpf.exe
"C:\Users\Admin\Downloads\RezWare\RezWpf.exe"
1⤵
PID:4400

C:\Users\Admin\Downloads\RezWare\main.exe
"C:\Users\Admin\Downloads\RezWare\main.exe"
1⤵
PID:1388
- C:\Users\Admin\AppData\Local\Temp\onefile_1388_133702760811044205\main.exe
  C:\Users\Admin\Downloads\RezWare\main.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4908

C:\Users\Admin\Downloads\RezWare\RezWpf.exe
"C:\Users\Admin\Downloads\RezWare\RezWpf.exe"
1⤵
PID:852

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\RezWare\main.exe" ContextMenu
1⤵
PID:4328
- C:\Windows\System32\msdt.exe
  C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWD512.xml /skip TRUE
  2⤵
  PID:4744
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\RezWare\main.exe"
    3⤵
    - Checks computer location settings
    PID:3724
  - - C:\Users\Admin\Downloads\RezWare\main.exe
      "C:\Users\Admin\Downloads\RezWare\main.exe"
      4⤵
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\main.exe
        
        C:\Users\Admin\Downloads\RezWare\main.exe
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3712

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3548
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\blx3rcwx\blx3rcwx.cmdline"
  2⤵
  PID:3612
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD8E.tmp" "c:\Users\Admin\AppData\Local\Temp\blx3rcwx\CSCA81BBF5CCB034418BEA3B13795C3C5.TMP"
    3⤵
    PID:5064
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qf4xzlag\qf4xzlag.cmdline"
  2⤵
  PID:2768
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF15.tmp" "c:\Users\Admin\AppData\Local\Temp\qf4xzlag\CSCF54562584C5949C288FDA68F7543EBE9.TMP"
    3⤵
    PID:4760
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iznvukqr\iznvukqr.cmdline"
  2⤵
  PID:1444
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF2FA.tmp" "c:\Users\Admin\AppData\Local\Temp\iznvukqr\CSC2C8FA129446243B4871770FCF0815682.TMP"
    3⤵
    PID:3904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024090813.000\PCW.debugreport.xml

Filesize
3KB

MD5
d2e9fb7ac220e7d11176ed85765fd233

SHA1
f6c50dedf2b6f327975cba72585ef8ca7530382c

SHA256
c4b80f54378655368cea8e80abc98b1d42f9f7582932e5c03cc4b665c6860535

SHA512
f36278aeb717d22edc6834b1cd23a4f21ee6eef1790c75303f287e6b79b7adb08e187ece1b87dc62cb651212f362d4dbbf52322626e4d7bc0e120e52570470d5

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024090813.000\ResultReport.xml

Filesize
1KB

MD5
e4918445d7836565ab77073fad917fef

SHA1
48fb3ea6d49975b8af04596b69c8be57cc6237a7

SHA256
227a6908df3f7153e5644dcbcdbadab690d4d596e7c33915f87cd3ceb22c99db

SHA512
704d1f684e836663b956d36bac4951967c7d181b593742acd7303c327a4e173fa6ea2a8456941f610cb14e1ab36dbacb632e90a8646b07cd043d060abc774214

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024090813.000\results.xsl

Filesize
47KB

MD5
0f391db2d621c2e9ed8ea3119a3faeed

SHA1
ebe43c3a86c4c9437f38ca5274e7df21d371a3d7

SHA256
172e4422f0f3c7b2ba936dd5c5015d293943881ab3741ede7681c7cfe68adf80

SHA512
0e63edc48f1213f5586f3c972274ef4e7bc07b48e651cfb6e5fb9b62b7d2ce81e6088686a30f9382d852f7864e8bd451670122681a419aab82209b469d7dd36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
856b22da04aea643a2e13ce6a021c2fa

SHA1
b1acbe6593265a72a5305138e6d5d9b3a2a0029a

SHA256
f0ea96a777bd378544297b28c72db09da1606904cd12f6e83714203fc1cca359

SHA512
24ea5dda50224134ebb0ae95349e6f1daa00be705899f0f803280477363457f6a94a05802014cde118e4e4a76f8079bd0961d72a9bb68565757426d8bcab7278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
71f935f90b164030335cfe9810846107

SHA1
abfc7bcb190b2529858cef4b657f92fc4156ccad

SHA256
f4ce187fe273a24a1d420f483e560708dca70bcae640450dd0bc4f688e31946e

SHA512
bf0d9464a8ea04a50c9acb9a0a5ec8d983ea7b6192360a34ad8c1ae6d17d0e3ee5a807f283f8460872294a48f72a08c72d5acbee57317a006829deccf5f3226e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a3c388048121a5ec2c63a322cc6ede4c

SHA1
fef3adeb736122fdd170bd126e63f8e93fc95418

SHA256
72b7fed1d9430a7319dc6ceeafdc9a3e731db8eb403d3078154664c2b0a07950

SHA512
f8900c1444348a0c606bee48cb624660a40d3874d4d0dd45063a2c91fc55d1187755c180685436a200c300c09084eb5087877adbe79789e8dfeb7581ebf3e872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
041c54e229a1d73a2e302cf65b6dab45

SHA1
d2e527e7246f0c82235dcce9211f7496639deaec

SHA256
3469d8c21cadc296255a10de194435e605c9a5c3c90fcea92e16fb8dc97a98d5

SHA512
375cefc0490b4d4051df39eb75c2c834d14487420a116f3c20682f539dd3b56856a21d27447e89efd32d6ccc3c3c499161391d1fedf625ebe0be9791da4d95e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
22482707ad9708e608500f8d3cfc6e58

SHA1
7ed6867a22ce566b35ccf22305aa0adf4b1153b3

SHA256
202a7d6d697f739fd79aed036c70d569e9b1349efe9ccbab06839f67bf530c44

SHA512
dc43abb602cee301e705ac24f311b5db49a175e9a7f280c8959d70b4dcb79e4b3601c9c1045d630c59c3569fc737dda91f6212cc7e1554d817a4d3d2cb938497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4c9603d0faacbf650fc49a7dd31b98ca

SHA1
0433d439032069d01d40e40e1e5a7709a9b3a3f7

SHA256
32d1ba6a44f02dd40fcb1fcc1804451f35728163672b4df90655a9bffc184af3

SHA512
74d41bce23d0eff771a579014bb8f32d26ba3e2d7b4cab5b12603c2bd1d532edbff9b3e58f0810e95895912dc438048dfb6d7d56220beb4b4627b5b9378b08f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da51fc716aaf7f48742d97cebad99814

SHA1
79da715d5aadc3758d3340b9802db5059906427e

SHA256
bce303b8f0caff5f1c8e6524fa28dac3b9afb6ab77acda39d934145c56b633e6

SHA512
2a4cf67bae30d9d5d37af98fdff5c36255ed270990ae78a52a54f4e25a1e390f6d2ad0522c5bffc28d274a055ca325fa4181d436970d9a4d9439d3b911f155fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
532621dffecffe418bdb4ddcbc340897

SHA1
000f356675b31d05ec72a9bbb4833675d4cd4a02

SHA256
130e00155d63e9fda39a4bcc6ad060d83431512c06223c7a502b1bc11931444f

SHA512
b09ccaef441d8ac041cd2813ab675b45798f075550d10edd80f668b9ae49b678bf56fd05c4fc55c676b924cc13d4b86b8829c913de63d9fd4c283481df626bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6ec6adf5e7af6f4f032edbf9381adc9

SHA1
4b8fd7d72dd4b17a76101dd85c08573ea8584d89

SHA256
e5f624ae69b9c0eb26532b1ffcfa2b86cbf0c500e00e3499d90646f41fd0fba4

SHA512
d8c2e3f070c83049496650eb34bb992adae472b33d0904b3c8fe480979424e38c263657d96f06726e7132ddb31334906b1d3ccd0f8feb4b4a7ac2449330e272a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
688f0e9e9b79300a31c1353092ca8be3

SHA1
75d74e2ae14dcd57e536ad4740502bf246fdf7b3

SHA256
e3f82101d2cad8f2dc9d1b40f2fe3252e75a825f0506444d37eab5573f1fab6b

SHA512
3aa7dd66e01db13f32a594cc08e4d986389ec5ed77b836b83d0a2088cda3f79760c6f609c5a609ce97db0909dd49c3d4d2e81064210892e1f8112dcd213b78f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81045e0ca53944b64a3a730483a381b9

SHA1
ddfaaa41db5ceefdf797aabd46a626c0479252a0

SHA256
915015caa15563efb01fbc34d203bb0210ed7f6a6224878b3187ab4b525fb9bd

SHA512
cd1fd00c8a2560309b918254d79f3e27969b42ad90bd9ea94800e43217e4cbce415fde99a99ce55f4786fcc979c7f6507991ec109623b430b54f3adc52cb86b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43f398e2736088c0d9b267b123f756c4

SHA1
dfa301d39f0527525684f3bbbfa72db6e1cb3d6e

SHA256
2136a010f06d83319b7c2fb3f2b4d00a5b47164851eed1ec768dc1297d261a68

SHA512
a819cf33aaa2d50a46648919b4418acb452639041bf26862ade072de695570551a4450881db5f7401a59d61529ab3ca737a590e606de34735e6b03caaf8967cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab94bff20b608116c73f7ffe054493de

SHA1
7089b3b83f1780099a3eb8dea3b3e1f7ef93c4d3

SHA256
337e3b1eaf2d7ac2b13b3949fd07b31268a127bce4c1aa4b1550182f1a43dad2

SHA512
d4c63488926c9b67f2edb8135dc424bb1b2ebb8468d49bbb14ac6671ab9b47f50374b9bb80675a4593d2805c1145e2d1ba5d3a857467318bee5fbc0be0564918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dc464e39f42a44303673ead7e938a2f

SHA1
965e09848dac20fabdcfb6bc5a019ce6a22b0206

SHA256
ea97c128b1289b0bf6e1298ae769430b3de13ad056cbc3f1db67e3595123e1c0

SHA512
2e2f379995c4b28ee0bc1cb43f0530ac1329790f91cde02d78903cba0409ecedfdb8dfad787b11cb06559390a3287cf50df9539ac63d18573073393932dccc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3706bdf8ba7153590e6c83847125ea22

SHA1
c1412ac47f877213b42a341a5b6d81eaff97c59b

SHA256
eab58875fe16d9106326bec9dd1f54e75da523c6ad14828d7761047ad880ce14

SHA512
ebb2818b7b0b98185548c675b1964b35ae28cdb7c817a5e7d0bd4b6236995c6af3e0df4f3e32a87b7ed68844ca455261788c76aa80ee17c26fe45708b2d830d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5058a6e691598f97db4cf4fe54ec3bd

SHA1
9fd7de1c568830e4530eedf80a5aaa01b31238d4

SHA256
327c885d97b9acb9cfd88f5dd89cf26bed569585a9b9f77d30261392f0f4c648

SHA512
f6f4d76a25f6d58231562a01dd0907d311dc785fee73f8542ed0f46a7e5fcd89d045681031e73a91c06a4f63ca1854b2221faa5081a1434c6e06c13ecbb2452d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
71cba36dd9e206f1346d7867791e93ee

SHA1
e2b14dae721ca6cc728c739e19f548c597ec9414

SHA256
d4992498d27023b9aa5a3ff0677b6c5ca729a28356dda8e2c8e21018504632dc

SHA512
0e481ccb88b8c8fa97fd3d7eb580c19c89f3e3031c64bb1585a69a8242cc50d4f39a21fa0e7609833ea39497d9f5caf74e17ec31934b14a950c92966865dff28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
a42ccf02e5e061a0af37346ad3c3e705

SHA1
db6c0d850abc0494a0ccc44613d4952e94c398da

SHA256
2683f6dbfb48f0c444291ab515251683279717792c0a6ac5d1ecabeb3e3112a3

SHA512
fbc98d88bb59c66a6afdf6283d86b2bec3731e170f0f9310ff1a84a3e18d7f1f0794ad270539beb439c94302e962307cfbbe600253de6d3ad8156732b9e4723a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
4c5ee1ee952ff1c9d23ce95a9618e168

SHA1
373979c5f0d011df3523ae66df1ee8704dc0720f

SHA256
016a26ae2e1738ffb1b931150cf1005be7b3664071e3839e76fe10e21eddebdc

SHA512
50a12a4daf30aa7724df370dab649ed9b8a0c2dfd8045dbdedf18e579a77149578aaab6ba51457a0a4efb3b5e4eb9fbc220dcc84bd8dea8081b39111104da2f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
ce44a603b322381d803e371d7f1df53a

SHA1
cc7698932d51d8d22a40200d5a586af51e0004b0

SHA256
ea5c7aa9a17e00b6541d4240ddca1cb9544d1116d9675636f94ceff7e03dde6f

SHA512
677d66bd1740dedca876d84357ed63943cf4130945afa1d423af53d01840557fd307781419f07ec0c6193caab7ae2f94558d00351dabb635a75c2123c0582972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6fad9ed5bc5837f23c0d70edd8f2da3d

SHA1
d3c1e1028512e80d92255c8a0cfa50e3fd43278b

SHA256
04b6c871f72fb1d0946a9a830cc828374896411db0d53ffb351e227b4ecc4bcc

SHA512
a78d04c2ada51241bb3eab50be74a2a4be257455062c9f6adb5b482d5d8d7c0ebd539960f22c4a1256d6e8125b4c5b44d0ea0a41a7dd75e0c9e71e5214db22bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
54ab7882085a32f5cd524f2d2b2fc3a9

SHA1
53f6361c4164915ffe0280f5e5ce8493b4d8a2a7

SHA256
acfd68f910c785cd62015bed7c3fb922fdc9431329a429691a15078b8ce8b03f

SHA512
1d6980b6e1e62bc24ad4cb95e06eb2309097d6eb5154f80bcd43af26a0e4e12d8099f8602136e2f9cc8cfbd42ad6044c5ecbff2146bf60cf9312d2c8df6262f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
25KB

MD5
662a8eacbe2122448dac469755a70e37

SHA1
d921fb71699a405b09da754a733f672a54ab8bf2

SHA256
c8a9584f6a79694cf3f94984f89fc9c86ccbac676a563b821912b95b0ca578f8

SHA512
e53f54be9806e3b960e1697275b32c43679492fed694fcb6845f8bc301f5fc135e67473ebc2f6f49e7dd7509ec14a6485ddc6f538f8c76e7aaecafffcbb8776a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
155f779261b192c299da399d68ce6c74

SHA1
b62e2ebb592492690963dc3f64da47dda37708e2

SHA256
80f743c1606d977deb3f61095434fea708571a56d0fef17203df7408d1fa97a1

SHA512
4554cde186dff5a942818c742f9a90901912821d2e460f38cc9f831f0275b5aacc70b439565c242891baa919bc8c27d9e54c8def9f1942d56b739936e89b9d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
746029786764195979d123bc9038faf1

SHA1
ea1cbac2b9eaed94fb567d9e24a8b4151fc8c99f

SHA256
e31db79be7709680b795750b3076987619b3221423dd11513e6d15c27198119d

SHA512
d8e2a0a60ad4624f0e00ca763054966a9078abf0a2f56a45945bff19bfa656c4d8efe021a28cb0ba4e7efd70ba6fc2a5ef3df979d19b57c7882d18395febd1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
19597e344ae1f86efb227c1b52816714

SHA1
361b816b6f44ea666d1f492dd7006022451d480d

SHA256
6891262d4ba96842e33f6f2c6951930e8dc4ae6712c23702d88007e4187395f7

SHA512
8690715106316658ce9297b297e032b1759be6dd2fa1ac512615551fb2706b5ec9725850ea453a2a4779e1649eba5a83da3a89e7206daf31f4d16669347ae8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
919B

MD5
d36bdaf8c3c8dc35c278251609aff091

SHA1
03a8eeba24ae1d01776d44ab5acf7c593b4d79eb

SHA256
1ea657f35beee4e10746c4e8d58fb49116421da68072f88d0d01285c39c16509

SHA512
adee196aee5bec850372cda352ba5f79923e11c74b299cb7da71a1a719277dd6d5d7d89a110d1d05acda78321ac733e6fe19d353283d591ade3c394b382e78b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4e31f68c679a6b10283be0e020046746

SHA1
b38eaa5fa9e3ed8095158cebd4abbdd875afe0bc

SHA256
08b5dc191eef366e3909052214e360124f1c5165b7b50726caba1b3519008ab2

SHA512
429e5168878729cb14f9a9589dddde9b5a47dbe3d0bbce04d7ae7cacf5021332010e2e854b82be541a5c13ef4a17af9a0dd40a6770514808a92d687147110055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7d4ae5eeb7fdfa5e676c428249ba2cfa

SHA1
201b8cbecbe472ff3eadb25ba86273f37381e1e3

SHA256
e30038d5ee4b7c828d2ba83789f67b798dc2d4fa896395e88f024bb7fe96d47a

SHA512
1896fc3b8ca499d76b13fc239f963e082f2c2e2353f0749058ea320fb36ded2b28c69d3ff7f77ab8c12c14b7c17ec3a7f089965a681b6b21e4834177316eca74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
886B

MD5
fd798db7a5fa21e34996781e3d4d2581

SHA1
a117f942980e6b165d4850d844e51f48d94bc17f

SHA256
55e2013e54a20aad0e33d439c2fb90e5176dfe8f35291bc4ff74069c99e899fd

SHA512
ce94ae4f63faffa77d22fc8c8667fc41addf5078b6a11dc9aaa2612c7713171a951b9ae06e445fc264a06bf9718b421a9f3fb8c7261fe7ecbe52a5c7ab6a0f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
550B

MD5
3cfafbcfe6701aca45aeffc928361f93

SHA1
d9b44dd668dec80aa1d8d18b35baa6fdd7f1f46e

SHA256
cf67d2955931a5781c6d9fcf19b3ba62ebeaa233f36c501bcd4c1340b1c68a63

SHA512
e866c4fc72c4118da9dfd49c541c714279b64cefecf1e98a7f5032e05ec12d4ca7dc759cd5e8421bc301f8f06cdc23718cdcf4a5e5704db5fa133611278c0020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
550B

MD5
404d50d115f77fc079eb9d20f521af1a

SHA1
a9a42e7240835ab0b23c07862922fb0ca45e5b36

SHA256
d1266d65d9dd818a29808bad386d01a623079e048c7841bae6ad4094a4498297

SHA512
05a77b642bb7f2aab7f547a712ee7c228840324b481f48ddca8c844a3a459f126888bcb294c47dc895a5845fe348c833efead540d19567a078e77f0d66c719c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b06bbe729ecfdb1c3b0aa8ffd6f5b01d

SHA1
095919a83a42bb72ff876f131435ea9d0dbfcc34

SHA256
d689c2ad86ee1a03de62bd4b5c5ebb014750858d0d0536631c8142d80bd84019

SHA512
5f0321a7eaeeada2fdae08ac7a0dec37571a8b8bdd8163a2111edb3b152d42d7a5b4d7674239d0774e329bb9b9a11f33e525147fed8e73564dfc781844a062a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
886B

MD5
10c998684a3e427a733c5d97a6833898

SHA1
08c8203d1bedf8c1052bc0d1ed975cb5b3b12286

SHA256
739c8001a06e8661395ebb2e29d64bc5e361cf41306c7b02cba548b4b39f8a3d

SHA512
1993d332b05c499765696f0c0994a0361980bdcebdfdf61087aaa13cbd6cabc9bde6f4e8565b7de42d708cf9b814c36e92195b54d83a022a2558c24ed6419033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7eba7a364347e64be984423d3f990495

SHA1
2692fef9d5f721cc5cdfb8250d618e6ec21355e3

SHA256
e853354428ab9434d31fa3749786206d512074159b2e6677463dac8bbf00d533

SHA512
d65a0598fc441b315f1669022fdbcacf010490059bf7936ef07af03d0a9c3291895eadb9b4c007fb9d1daa7496c2576843c234cae0f12244a7007efb5b9eeeb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00a026f646f2eab077cf888e7bace084

SHA1
7cf329ec503d1e1bd8203e0ce8cad3f52017be22

SHA256
eebd88b86e80820d8302660e8793a85c0ff0d8d5de8fdd85e91b20e5f95f2d26

SHA512
50284331f63acc014e28765cfcbebcfb71f05dda629d0a76c1e744238419e460e75700195cd2164ed7bfd903a91d6cbedfe054a25c2103895fb80511a8aaea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67e4d3340d5fbdc1e847b259d68f3f01

SHA1
838474d1974c57ba046f9f923ce6dce6b5d13f33

SHA256
c43450ab1e5e78515b2e9c2cda9f8ecb310994e314f10a11af29391b3ad7c132

SHA512
9df1009a2f24df3dcf6e6a5c4a7948862ffd0e15e2107db728694e0ca37c24eb0b245e470a8283cea2cf348c687522768d986d9f3096064a275df0c060252df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0bfcb858e3b07ff4ae775d15302f3cc2

SHA1
ff980de71bbf8970778e261c90572e51cbed2fa5

SHA256
318aa1aea6f08c6f979f843371b643976b789bafc446ad282fc6ebf659d04b2b

SHA512
18bb92288c3f637b9da1f8f0b4a0050087c616281cc116645b0719ef4d8417decbb9ab7a86c39d4272a2ff181b496e12ac0d74f805ee9fee7db41704514f7e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9045d36c8cefe00b2fce5a08db9894a0

SHA1
9fda275701444bbacf3e89a2f6b9e31fdf75304f

SHA256
7e10638d4c7ffa38d4b558f2a3f301fe358747f9702fa7cc2e5e371b5c1e006e

SHA512
0f28ef6df7934bf1bf1981d219535480475b0ad0a98a78bdd7e69b86ee5f3e706f60c38e014d6d02c937bed2ae786ab5f955fbb3e3d2a2c27ef6934874a65bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5160d6bef544ec6e3816f827d402bead

SHA1
07faf2cecc5d8af4b657eef06c43628b84cbbd5b

SHA256
fcfe24ed6daf743a79deec934901c9ec8708215c113a8c13c7a279133437d959

SHA512
7856dd4abe876147c440b5adc6e60f6b1f2a9d9a631907a84463f05ad0f166b350ddd6b7cd7246f698fe0190b094d876b2c55a99e43aa3eb5cbac986059ffaf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b696647dce9070706dba0e27aeebf76

SHA1
db02ec4b74d559ce9a0b91c7e5357ddd457fad9b

SHA256
2feaae55526b327486599ead8465748786f5155f595489a8323a2f3775c86dd1

SHA512
94e52483e78a563dc9b2bdd5f71cf926ef57a430e0b21d6025eb5a7bb5c39b7caa991c7651cb305182df27ac61de6738db7ced9fe37a0aa13042d7e37eee3a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67afac0321f1a5b62d093546569f3d18

SHA1
0be87be8e95cd927d07f9a8b1ceb8c97aa8f93d4

SHA256
3ddab79e810fb2137ee181b9cf8b0205e21499128102569ef49e44b0815c1f91

SHA512
6f1d68aaa2bbda0abe61fb3b10eb91673e82eb90cecb3f1c7e71675922501214ef8827f53d225aa57b6716f6b492ea24ea63fa1a3992cf1607161e48c46909c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bcc26e780346b490ca3b4ee61bc9fa08

SHA1
54e9e681df494155103f525efde009634192ea19

SHA256
ebff8ca1fd9e8d3cc1592bf554295d260956a98a09c7b2338aa565449cb4e8ec

SHA512
4b4eda93a889e9132910ac42d3a667561e1b5881be2eca2f20db3965a880d1777f5dd08410f968e117dd94df6e5c189b0f1711540a90f70d01f36473fd9d4702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f55848e5a51bc67942d4611ae8ca8d5d

SHA1
14572a7f8884088b848cd13b7c77bb098a91e7cf

SHA256
fe905640d42c84d4e575a228e452399c6480e6bba7cf4c35847daaf0be7becee

SHA512
2ece6c403f086b4d35aac229a330520435eebd7a8dbcc2a64e0c9c3c38c746abcb1f2b7392968d32acaf519901a45665346e948220109467c46461fc4e349c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a20e31f96ceb47ef551858ea2d823bc4

SHA1
851a8a6dea4ba064b6ab4e0a8ffa6a19630603fb

SHA256
856d2fea1d415d98232af6a63ebfc10db124d573580a2cc431564940cfbbe2b2

SHA512
2f78f2fcaa2e334f79cf3b5a5c02c8bfecab6de9b38bb0a2d53cd06efa39497cae0930dbb5d2cff74ba12aefbe73cb3cf5eeb4d7d4f6d51db15dff9195f3d46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af0a94b0921495589827e49c44027802

SHA1
4933a961fbc4e81b0f1250c654130a9311aec98e

SHA256
2fecfc63bc1b62577ba6c3f13b6294dd770e191baab4929d77d60b54b072df35

SHA512
0ca8626668712afaa91f6919977f6f99b2e12fe66c32c4344c8bb01e6a762e89cbb9a0e7ca5592550d8ac695570bc20ec1b7af5c245b9507aa7e540b740bc347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
da730b05f6478e76647509981d988183

SHA1
f26407952f41d4e84d659f804cfcb1c4f80f7c79

SHA256
b92506dc3e7bbd93107ce3021d744f236ac3b24d9d147310866d96ca0246e7b1

SHA512
f1a87332cf6226c5d1cf7fc1ab74b45a7072cb28a894ace73c1c30fa9d8cb6cbf74cb4f5f1bc8a0f0dc5d98264a0efcb1bce83efc7a1d4fa50aaaf413821e3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
4324144285382ff0cba5023d665cbae1

SHA1
1e4bdad18638c967fb0facd7a89c6b35a242b1a5

SHA256
b69b36636728b96f63f7ae76d991ba359c79f1ffcbe1dbd8a8a22592dc2b59a7

SHA512
081f06ef4086968f35e19d76079e929ccf52b25d5ccd8f96e8a6e5e7dbf92632666598dca6184e8c88e662a59566bb450745b1d297814196b9b8cbb44bd30f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
883a0e4203e470e39268ee7d04663df0

SHA1
2463bd5fa6ef4571bfc6bc3708de02f0185b73f8

SHA256
6104ae5f4ff9ef3497fdc346dffbd2a47209b443afaed5c3ae028819a99f8d65

SHA512
6267784f4be10e09a68f8253b90a0b602b54a289b1512aec8939e21bdcc3bbe1353ad537c4ec1b5e83567bc949fd0dc863f78c5fbc8067b19e88693dae5efbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
6834c216bc5c39946505548096eab82f

SHA1
788fdbe69bc0de334437b7ebad0d8a978da6e25c

SHA256
027b1734d4f74fa81f9ed08ce59ee1bbe1bfd9fd8f25a8378681526d69315aef

SHA512
8e812a94e5df9dd7ef7ec00b06e86d3e053f2044b2b61774e4f69b756aa8b3da71d6c75c43ff70e9711c9568c48adafb207bb875046fb0a3d25bc1ac3a4c9b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b0319.TMP

Filesize
538B

MD5
2836d12e2c0f1a5a278bc04369ca1291

SHA1
b87aa37529a1b286ae699ab3b454a942bd5d2cf1

SHA256
221f6bb736611205c6620723219062db52a2ee2f99758d0a10d1d7ebda5a772a

SHA512
69dcdffd9e8998a31c3bb0da73f52cbd0a58d50d4a478b5c69d485f68df544f67b3fc210bcbd535b4069a3c9c886dfaf9ea9a293e260f14c76dca5e05dbeeba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8fbcc93f48f8f480158fc684a7ceb716

SHA1
943a9ff30cb9d90b65230d07023ab21dd989dd25

SHA256
588ed39ba2a0972c5ea44ac33e6cdb01e8a60cccc1a1ed655ce08662ec39bdc3

SHA512
027bc1215a845fca5de351a5e4921470387239c9da2a3e93166e3e0b93474a3d1d42162b0b7d4643ca8d0f7256b4dcdc80319094623ea85f0a02252eb97452e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5e94e9ef2af02d067d9a69c5958c8ca

SHA1
f763546a6124e7092cbf10230990a7ffc516d63f

SHA256
edea5f60aa34894615403780e53fb0feccb434cf320eee4d302e6d436fe19750

SHA512
3890059233b745745dde0094d6030dcbbad97ed7b3fb5aabee3f89c9a25bc3f699278b6f09a3155a45869c592b7563031297b3bbd19d73c4a4508b2602f2bdfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
289b447656df45b5f2d626cf9c966ecd

SHA1
8e017558d2e3ffbde655e650dba30f07a8cac3d3

SHA256
40bcf5f1461a1c242b97e0a365d0a1f4f83a0a64e60c3faac758dc767cd00500

SHA512
e62523b84af7f7602d31bc22484da7f5c46888dece75344463651e5ebec9001b9ef21fd6aef9101083397e5265808ab7cd25e11d31851c1defa5d795fa3e5d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87f7051a89db02d13bc3dfa4c3122aba

SHA1
b0ce10c0695615012df665715eefb3fd5ee2a8af

SHA256
31774204b7e61951591bde7602bedae5e69dd4be2b28873e6b067784becc83b5

SHA512
dc20922f8eb4c622a0667dc0d6f562efa5bcc53363ec799852ac4209099465b4ae374c14648d36bb990a9dbc8ab8d28f9b0d3ee4aa63cdb6ac5927bc5c6b4b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_hashlib.pyd

Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd

Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

Filesize
174KB

MD5
5b9b3f978d07e5a9d701f832463fc29d

SHA1
0fcd7342772ad0797c9cb891bf17e6a10c2b155b

SHA256
d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa

SHA512
e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jhcsk0f2.vjt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\PIL\_imagingcms.pyd

Filesize
256KB

MD5
6a141b845c2b4144ed0dbc7f53ff6803

SHA1
60b665279b562741d0289aa07b735d7af8f2b173

SHA256
a0bb33298dcc52da966f7a934c4838e32e20438eb8db929d4ad12fd042fd0922

SHA512
99f992f09adbb3d6be9446a709c068faf5514bcfe05490c86d5c220974c8c0d06b2ed76ef055e997c755a9e916e1411fc4083a7f5c8d520cf2a46ec84cca5aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\PIL\_imagingft.pyd

Filesize
1.7MB

MD5
5fc0e5da57115cb24dd939d339676814

SHA1
f837b094781ccd14295deb3feace3a16522ed624

SHA256
bf914fe4affbaa43aa81e20e5c050a8082ed81ff36413aa6d7b28c1f17a36b6f

SHA512
f9b31695a95165b82e4de0fa409154d42b05f8802a74677f8707a9b5552d124ccae73db0ec1d2fd6cb5fe66caf20cf27f91ae813a5ea4419bbd3d96718caabb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\PIL\_imagingmath.pyd

Filesize
23KB

MD5
3ff6dd84e279e61656db569e9a7689fa

SHA1
58e828aee13d698fe99bbf2e45dc87b0aef41267

SHA256
7f3530e6ce99582cb275be15bbc7be5e0bc3c1aeeabf1b6c3af09f9668f65284

SHA512
f433a7d58eef67ab2805b542c559a97736c3bcc67a2760efabb2eef80577ba4bd3cc5076294e5dbd219d1728d6293a0bb4e0a1b9ae4f8bb359835a41ffc09b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\PIL\_webp.pyd

Filesize
398KB

MD5
89fb0bcc6336a7f70371f6780676c78d

SHA1
7448018e565afb73b4c8da63815526df23945c05

SHA256
d35b0433b128e9dbf900cac0f8f73e78735de717b46c8ca3bd15a94da135620d

SHA512
e2498fa3a306a1a541d124471d2e776b8671441d71cb83a8ad5812e74f9342a25e2f67ea4ddb86ea48601db2dae8ff4ee0ed8ae44b16de0efdd30ae6745040ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\_cffi_backend.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\_elementtree.pyd

Filesize
130KB

MD5
b479ed301e990690a30fc855e6b45f94

SHA1
177b508a602c5662350dae853b5e9db1475908a7

SHA256
0c488e6883a70cd54a71a9e28796f87ef6cc0d288260a965cbb24bf1d7309a20

SHA512
d410355bfe39a7666e7297d3654b0b8dd3919d4ae3bbf7d258acdf76276ecc3ba3718f09ba708e3103d367ea6d352e98b6de265e3746b973b421e0a68b8d37a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\_win32sysloader.pyd

Filesize
14KB

MD5
7cff63d632a7024e62db2a2bce9a1b24

SHA1
6a0bc8add112cc66ee4fd1c907f2f7e49b6bd1cf

SHA256
df8ba0c5b50ca3b5c0b3857f926118efbeb9744b8f382809858ba426bf4a2268

SHA512
3fc02cb3bbd71b75bdc492dc2c89c9d59839aa484cfaff3fd6537ae8bb3427969cd9ef90978f5cb25a87af8d2cae96e2184fdc59115e947a05aa9e0378807227

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\httptools\parser\parser.pyd

Filesize
81KB

MD5
197a20d55b9e4e581d30b80e063313f0

SHA1
2ec6246cf938af720bd297a79acf96e869c48bf9

SHA256
45cf440b9f42ef54944ef77282574b44668f259a2d356f7ad53b6dfd61ac7d4b

SHA512
6ef2cb8f2a2c2b133b62c7695c38d40b5e66b3988f330599e2d5909b316fd62426db55f9e5c4543c40758657085b9d8690d29d54150d02c556c200f1aa9db041

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\httptools\parser\url_parser.pyd

Filesize
36KB

MD5
60ce3acbf7943e051c8e5e44f95daecc

SHA1
a70aa3a7a34bb6b5183b7b756328591eaefcb7dc

SHA256
de0940893905c0d957b4d66f05c2a6f1a6e167577098cb16aef52d7d008bc71c

SHA512
572ab441179214fbae9a9c22f217ece224563f639793ae41a5fc14f9452990182bd342eaf56ff227ff65ec29eb30b1ae16b440c2d0afa0f6cb878cf1c8b86762

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\pyexpat.pyd

Filesize
196KB

MD5
5e911ca0010d5c9dce50c58b703e0d80

SHA1
89be290bebab337417c41bab06f43effb4799671

SHA256
4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b

SHA512
e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\pythoncom312.dll

Filesize
655KB

MD5
a2cc25338a9bb825237ef1653511a36a

SHA1
433ded40bab01ded8758141045e3e6658d435685

SHA256
698b9b005243163c245bfa22357b383e107a1d21a8c420d2ef458662e410422f

SHA512
8d55d3f908e2407662e101238dacdbd84ae197e6e951618171deeac9cfb3f4cb12425212dbfd691a0b930da43e1a344c5004de7e89d3aec47e9063a5312fa74b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\websockets\speedups.pyd

Filesize
11KB

MD5
aeed28bc093d2134425b4547a4420bce

SHA1
4b73cd31ba8aa7ca4b9b69987ef9df9c749121d3

SHA256
51a536d4ac626826b1536bc2f522d0410829acd47a0284babc849d501a25a330

SHA512
92ab3fd601be9386e11d4a50b11616871426ec5dda957ac5510373b0d457dfe614d12195e1ac6499ebfa7f3330bbcec4017b802e401ecd8853c42932e0b55b4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\win32evtlog.pyd

Filesize
71KB

MD5
e789d89b5dbdb33d2022cd7fb11c2b90

SHA1
0839ee5cdf5b24264fb65ccbd32005ec683d81a9

SHA256
7caa0a481e17cff16e1129628fef036101fedc06c843b9a39ee062c7c88d5b5d

SHA512
6a0ee3015a2825a75c92e285cd3346a657f57055e05bc40b961712e2ec1674e5bb9720ce48b957044d62483d39618612a757c23aa3f5a8680fc8e6fe2785f5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\yaml\_yaml.pyd

Filesize
217KB

MD5
55b11a967b77c25af37bd020db5fb3fe

SHA1
9449ace86d400d031833db471b6cf3a641de6457

SHA256
087881df55b9fe1d90bd11f89b6c9516dfd20ac330e40f97dbcc188b0cb034e6

SHA512
7bba1567792899108a26913c0e2114ee0ac92f88a4b821b9cedad6be47518fdea1e1999a25049f18869b0fed28fcdd8e69a11e865c16557509e4e2101930fcd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1888_133702761353127396\zstandard\_cffi.pyd

Filesize
635KB

MD5
afa2b9e9c7153750794acfdf4bd0e416

SHA1
19c521d35dcf6bc1546e11ece12904043be16fdb

SHA256
14db1d573f7ba8f41563bbc7cda6f1a46e5f86c1b7096d298593971a0b1c6c60

SHA512
38e2ec7f45c6ac7cbc0d5ab7ca94ddf47fc72067507d699fa32f42aa8a4187579724645e45042929140c832c83457011ef83914e397d6f8713a6e018b2823c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\_wmi.pyd

Filesize
35KB

MD5
7ec3fc12c75268972078b1c50c133e9b

SHA1
73f9cf237fe773178a997ad8ec6cd3ac0757c71e

SHA256
1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f

SHA512
441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\select.pyd

Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4948_133702760585447698\vcruntime140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9cb76883b9f5e47f287ecacea749efeb

SHA1
a5078320e09b344fa988d8c6c2424a583a64f142

SHA256
d352ff59c8996029f01465cf4a4995e80843f7ad9ef170f674c36d4820d38c06

SHA512
0061d4383dd74592afd0d3d3294e1f642f7e1389630fa608b8ef3c5b715bcff9c58e4241dec0e7a398db373424e9f8bb53590eb6be1a4080b1315bf4b3ca5ee3

Download Submit
C:\Windows\Temp\SDIAG_7bb3e14c-b9a1-4eb6-a711-c6b49033e2c9\DiagPackage.dll

Filesize
65KB

MD5
79134a74dd0f019af67d9498192f5652

SHA1
90235b521e92e600d189d75f7f733c4bda02c027

SHA256
9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e

SHA512
1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3

Download Submit
C:\Windows\Temp\SDIAG_7bb3e14c-b9a1-4eb6-a711-c6b49033e2c9\es-ES\DiagPackage.dll.mui

Filesize
12KB

MD5
8f934d7b57fd5b3b53fa1ea7846e022c

SHA1
d8b326037699730ba9edaf22555d8ef6e6e52263

SHA256
da1a83b1dd466b4173d9e25a7ae9e28f27b8b1f4016efcc86db39cb5a9b561c5

SHA512
ce3b2e6b877af3790cddfaf6afef469b642708004ecb7fbda1166c11ef4aba8cb51cb1ae23e7dc802a95e4469cf6be56f1f562aa4d5a14d76d4720e2d6259d1f

Download Submit
memory/2016-1404-0x00007FFF6AE50000-0x00007FFF6AE7A000-memory.dmp

Filesize
168KB

Download
memory/2016-1403-0x00007FFF6AE50000-0x00007FFF6AE7A000-memory.dmp

Filesize
168KB

Download
memory/3548-1645-0x000001F1E22C0000-0x000001F1E22CA000-memory.dmp

Filesize
40KB

Download
memory/3548-1662-0x000001F1E24D0000-0x000001F1E24D8000-memory.dmp

Filesize
32KB

Download
memory/3548-1653-0x000001F1E2330000-0x000001F1E2338000-memory.dmp

Filesize
32KB

Download
memory/3548-1681-0x000001F1E2550000-0x000001F1E2558000-memory.dmp

Filesize
32KB

Download
memory/3548-1644-0x000001F1E22B0000-0x000001F1E22BA000-memory.dmp

Filesize
40KB

Download
memory/3548-1643-0x000001F1E22E0000-0x000001F1E2302000-memory.dmp

Filesize
136KB

Download
memory/3548-1642-0x000001F1E25E0000-0x000001F1E26E2000-memory.dmp

Filesize
1.0MB

Download
memory/3548-1632-0x000001F1E2340000-0x000001F1E23C2000-memory.dmp

Filesize
520KB

Download
memory/3548-1664-0x000001F1E2500000-0x000001F1E2514000-memory.dmp

Filesize
80KB

Download
memory/3712-1747-0x00007FFF60A30000-0x00007FFF60A5A000-memory.dmp

Filesize
168KB

Download
memory/3712-1748-0x00007FFF60A30000-0x00007FFF60A5A000-memory.dmp

Filesize
168KB

Download
memory/4908-1484-0x00007FFF6F360000-0x00007FFF6F38A000-memory.dmp

Filesize
168KB

Download