hxxps://drive[.]google[.]com/file/d/1yk6xHzPWVRhZ0LOzoB2XZefULReTbhC2/view

Analysis

max time kernel
194s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1yk6xHzPWVRhZ0LOzoB2XZefULReTbhC2/view

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1196	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
1684	Real-ESRGAN Upscaler GUI.exe
5832	realesrgan.exe

Loads dropped DLL 33 IoCs

pid	Process
1196	Real-ESRGAN Upscaler GUI Installer.exe
1196	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
5	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtQuick\qsgimagenode.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtPositioning\qgeopolygon.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qrect.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5_sip-12.15.0.dist-info\RECORD	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\Imagine\Dial.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtXmlPatterns\qxmlname.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\designer\MaterialSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qmargins.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtDesigner\abstractformbuilder.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\images\page-icon16.png	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\Qt\test\qtestroot\plugins.qmltypes	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtNetwork\qhostaddress.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\ControlSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\TableView.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtDesigner\qpydesignerpropertysheetextension.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\Materials\AluminumAnodizedEmissiveMaterial.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\Universal\ScrollIndicator.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\RadioDelegate.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\Styles\Desktop\MenuBarStyle.qmlc	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\Private\Control.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtWidgets\qabstractitemview.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtQuickWidgets\qquickwidget.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtHelp\qcompressedhelpinfo.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtGui\qpdfwriter.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\QtNfc.pyd	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Extras\Private\PieMenuIcon.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\Imagine\ItemDelegate.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Extras\designer\CircularGaugeSpecifics.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtQml\qqmlexpression.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtGui\qimageiohandler.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\Materials\designer\CustomMaterialSpecifics.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\images\checkbox-icon16.png	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qsocketnotifier.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtGui\qbackingstore.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qtlocation_bg.qm	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qtserialport_pl.qm	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Dialogs\Private\plugins.qmltypes	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtNfc\qnearfieldsharemanager.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtNfc\QtNfcmod.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtLocation\qgeoroutesegment.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qmessageauthenticationcode.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qt_es.qm	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\Imagine\Tumbler.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\Private\TreeViewItemDelegateLoader.qmlc	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Particles.2\particlesplugin.dll	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\Styles\Desktop\FocusFrameStyle.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtWidgets\qdatetimeedit.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtMultimedia\qradiodata.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qvariant.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\Materials\designer\AluminumBrushedMaterialSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\Effects\designer\SCurveTonemapSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\designer\images\scene16.png	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtLocation\qplacemanager.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qtransposeproxymodel.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qtmultimedia_hu.qm	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\designer\AreaLightSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick3D\designer\PassSection.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls.2\Imagine\StackView.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\StackViewTransition.qml	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Controls\Styles\Base\images\button.png	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtPositioning\qgeorectangle.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\bindings\QtCore\qlogging.sip	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qt_zh_TW.qm	Real-ESRGAN Upscaler GUI Installer.exe
File created	C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\qml\QtQuick\Extras\Private\Handle.qmlc	Real-ESRGAN Upscaler GUI Installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0007000000023d2b-2882.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Real-ESRGAN Upscaler GUI Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Real-ESRGAN Upscaler GUI Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 7a003100000000005359a17910005245414c2d457e310000620009000400efbe53599a795359a1792e0000002a3d02000000080000000000000000000000000000000030be005200650061006c002d00450053005200470041004e002000550070007300630061006c00650072002000470055004900000018000000	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Real-ESRGAN Upscaler GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Real-ESRGAN Upscaler GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Real-ESRGAN Upscaler GUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = ffffffff	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Real-ESRGAN Upscaler GUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	Real-ESRGAN Upscaler GUI.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Real-ESRGAN Upscaler GUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 522860.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1684	Real-ESRGAN Upscaler GUI.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
2836	msedge.exe
2836	msedge.exe
2564	identity_helper.exe
2564	identity_helper.exe
6068	msedge.exe
6068	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
6128	msedge.exe
6128	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1684	Real-ESRGAN Upscaler GUI.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1196	Real-ESRGAN Upscaler GUI Installer.exe
5260	Real-ESRGAN Upscaler GUI Installer.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
6128	msedge.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe
1684	Real-ESRGAN Upscaler GUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 4548	2836	msedge.exe	85
PID 2836 wrote to memory of 4548	2836	msedge.exe	85
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1964	2836	msedge.exe	86
PID 2836 wrote to memory of 1076	2836	msedge.exe	87
PID 2836 wrote to memory of 1076	2836	msedge.exe	87
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88
PID 2836 wrote to memory of 372	2836	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1yk6xHzPWVRhZ0LOzoB2XZefULReTbhC2/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b7646f8,0x7ffa8b764708,0x7ffa8b764718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6068
- C:\Users\Admin\Downloads\Real-ESRGAN Upscaler GUI Installer.exe
  "C:\Users\Admin\Downloads\Real-ESRGAN Upscaler GUI Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1196
- C:\Users\Admin\Downloads\Real-ESRGAN Upscaler GUI Installer.exe
  "C:\Users\Admin\Downloads\Real-ESRGAN Upscaler GUI Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5260
- - C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\Real-ESRGAN Upscaler GUI.exe
    "C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\Real-ESRGAN Upscaler GUI.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "_internal\realesrgan-windows\realesrgan.exe -i "C:\Users\Admin\Downloads\R.jpg" -o "C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\output.png" -s 2 -n "realesrgan-x4plus""
      4⤵
      PID:988
    - - C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\realesrgan-windows\realesrgan.exe
        
        _internal\realesrgan-windows\realesrgan.exe -i "C:\Users\Admin\Downloads\R.jpg" -o "C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\output.png" -s 2 -n "realesrgan-x4plus"
        5⤵
        Executes dropped EXE
        
        PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7244 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,383500555671089359,11512448468168648808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\Real-ESRGAN Upscaler GUI.exe

Filesize
1.5MB

MD5
64e7d1aef9a83db4ed4c86deb0ae07e5

SHA1
15a1be51f810917740ad0e42452cadaeb148fd87

SHA256
a19a6e630edaf2bcd08e0991c321bc286c2644f1e6ac78d1710a8600e41f4b0d

SHA512
e1ad941fc5c071917dd1b15f9d2db5d51cc44f14456576faa70bc2a567e3caf6d13a892437bc52d81c50d2be7989a02f2e7bf2b6d5109c1c3089fa0b196ec1d8

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\bin\MSVCP140.dll

Filesize
576KB

MD5
01b946a2edc5cc166de018dbb754b69c

SHA1
dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46

SHA256
88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5

SHA512
65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\bin\Qt5Core.dll

Filesize
5.7MB

MD5
817520432a42efa345b2d97f5c24510e

SHA1
fea7b9c61569d7e76af5effd726b7ff6147961e5

SHA256
8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

SHA512
8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\bin\Qt5Widgets.dll

Filesize
5.2MB

MD5
4cd1f8fdcd617932db131c3688845ea8

SHA1
b090ed884b07d2d98747141aefd25590b8b254f9

SHA256
3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

SHA512
7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\bin\msvcp140_1.dll

Filesize
30KB

MD5
0fe6d52eb94c848fe258dc0ec9ff4c11

SHA1
95cc74c64ab80785f3893d61a73b8a958d24da29

SHA256
446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f

SHA512
c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\bin\vcruntime140_1.dll

Filesize
43KB

MD5
6bc084255a5e9eb8df2bcd75b4cd0777

SHA1
cf071ad4e512cd934028f005cabe06384a3954b6

SHA256
1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460

SHA512
b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\Qt5\translations\qtmultimedia_en.qm

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\QtCore.pyd

Filesize
2.4MB

MD5
678fa1496ffdea3a530fa146dedcdbcc

SHA1
c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8

SHA256
d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37

SHA512
8d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\QtWidgets.pyd

Filesize
4.9MB

MD5
e8c3bfbc19378e541f5f569e2023b7aa

SHA1
aca007030c1cee45cbc692adcb8bcb29665792ba

SHA256
a1e97a2ab434c6ae5e56491c60172e59cdcce42960734e8bdf5d851b79361071

SHA512
9134c2ead00c2d19dec499e60f91e978858766744965ead655d2349ff92834ab267ac8026038e576a7e207d3bbd4a87cd5f2e2846a703c7f481a406130530eb0

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\PyQt5\sip.cp310-win_amd64.pyd

Filesize
120KB

MD5
083ff96d3f66a30d4205c7115a1b59a9

SHA1
09404f03a4a4e042232dd346467c14d6f7db0d3b

SHA256
785f06ff89e57eb78c3f73a265e43cb2883cfe87dbe1d348af63f91f93a61f4c

SHA512
ecbb345bc77338f030b8067f173dbf1614d07c06a09ce46552c34436bfb1b80d655292ee1e4912995a1e599602a4fa537d5ded9c952669ed99441e48f342793a

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\VCOMP140.DLL

Filesize
178KB

MD5
8061b3d628cff67791eae97034ebcb70

SHA1
efe84594bf4f2f2632c08ad05bf904422ff2e5b5

SHA256
8f72ef2e483465444b2059fc6744d6cb22cd8d8a27f6fa56befd2a42dcd0f78b

SHA512
286677687e38f7b1a4c365b589f98671f54ac536907f33e230814a166b78acadf6824e237627b729a17ba588c6c0aa21d8a0f275633e908400ab911fb161ae46

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_bz2.pyd

Filesize
81KB

MD5
a4b636201605067b676cc43784ae5570

SHA1
e9f49d0fc75f25743d04ce23c496eb5f89e72a9a

SHA256
f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c

SHA512
02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_decimal.pyd

Filesize
244KB

MD5
10f7b96c666f332ec512edade873eecb

SHA1
4f511c030d4517552979105a8bb8cccf3a56fcea

SHA256
6314c99a3efa15307e7bdbe18c0b49bc841c734f42923a0b44aab42ed7d4a62d

SHA512
cfe5538e3becbc3aa5540c627af7bf13ad8f5c160b581a304d1510e0cb2876d49801df76916dcda6b7e0654ce145bb66d6e31bd6174524ae681d5f2b49088419

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_elementtree.pyd

Filesize
124KB

MD5
b9537ebd7efc39c77f0505d9ffb84cdd

SHA1
a7c977acf0185cfb1bbe38136e97699f0a54af40

SHA256
940d360744414399037257431492853565b17f83d7d7d25fb0209ef6f7c260c2

SHA512
4efe42206b17061b0f2e6249e2668b7017ca9af54457931839db59a4a752b053de08884f7b13c6637ff9736c57193c3c8a5ab0cee28b52aa64a58972d9d5aeb2

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_hashlib.pyd

Filesize
60KB

MD5
49ce7a28e1c0eb65a9a583a6ba44fa3b

SHA1
dcfbee380e7d6c88128a807f381a831b6a752f10

SHA256
1be5cfd06a782b2ae8e4629d9d035cbc487074e8f63b9773c85e317be29c0430

SHA512
cf1f96d6d61ecb2997bb541e9eda7082ef4a445d3dd411ce6fd71b0dfe672f4dfaddf36ae0fb7d5f6d1345fbd90c19961a8f35328332cdaa232f322c0bf9a1f9

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_lzma.pyd

Filesize
154KB

MD5
b5fbc034ad7c70a2ad1eb34d08b36cf8

SHA1
4efe3f21be36095673d949cceac928e11522b29c

SHA256
80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6

SHA512
e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_socket.pyd

Filesize
75KB

MD5
e137df498c120d6ac64ea1281bcab600

SHA1
b515e09868e9023d43991a05c113b2b662183cfe

SHA256
8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a

SHA512
cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\_ssl.pyd

Filesize
155KB

MD5
35f66ad429cd636bcad858238c596828

SHA1
ad4534a266f77a9cdce7b97818531ce20364cb65

SHA256
58b772b53bfe898513c0eb264ae4fa47ed3d8f256bc8f70202356d20f9ecb6dc

SHA512
1cca8e6c3a21a8b05cc7518bd62c4e3f57937910f2a310e00f13f60f6a94728ef2004a2f4a3d133755139c3a45b252e6db76987b6b78bc8269a21ad5890356ad

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\base_library.zip

Filesize
859KB

MD5
436534ed05ce8cbc83bd13ce55c113fc

SHA1
cd7693bbc853a4d57bfca029865638aec2f73149

SHA256
3730771e566f43b215a037c8a96fa0adb55aed7fa84e3d591d32d2744254496c

SHA512
19162f9cff246089db0655101dd8050c8bc6c7278869fede86a1e354843b32615daebe15067ab82ec11ac8474643764c8eaffe2a94ea48350dddc253167a749b

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\icon.jpg

Filesize
561KB

MD5
0074b133cbb52dd70f74050c78c19ea0

SHA1
c124a4d0f054bc6d8808df7b2b3878c26c5038db

SHA256
52ea0a08b03b66be0b7361148cd8d264b7155645394fe8e3f6483c8c8939ce81

SHA512
83883b5cc7e9ff426c130199a80d24ca607a331cf0efa54e891abe79aaf5733c4d6cabd223aa59b0e70f8d54c650b51d1e486151ebd1380611c38e2686a76b9e

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\pyexpat.pyd

Filesize
193KB

MD5
6bc89ebc4014a8db39e468f54aaafa5e

SHA1
68d04e760365f18b20f50a78c60ccfde52f7fcd8

SHA256
dbe6e7be3a7418811bd5987b0766d8d660190d867cd42f8ed79e70d868e8aa43

SHA512
b7a6a383eb131deb83eee7cc134307f8545fb7d043130777a8a9a37311b64342e5a774898edd73d80230ab871c4d0aa0b776187fa4edec0ccde5b9486dbaa626

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\python3.dll

Filesize
63KB

MD5
07bd9f1e651ad2409fd0b7d706be6071

SHA1
dfeb2221527474a681d6d8b16a5c378847c59d33

SHA256
5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5

SHA512
def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\select.pyd

Filesize
28KB

MD5
adc412384b7e1254d11e62e451def8e9

SHA1
04e6dff4a65234406b9bc9d9f2dcfe8e30481829

SHA256
68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1

SHA512
f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07

Download Submit
C:\Program Files (x86)\Real-ESRGAN Upscaler GUI\_internal\unicodedata.pyd

Filesize
1.1MB

MD5
102bbbb1f33ce7c007aac08fe0a1a97e

SHA1
9a8601bea3e7d4c2fa6394611611cda4fc76e219

SHA256
2cf6c5dea30bb0584991b2065c052c22d258b6e15384447dcea193fdcac5f758

SHA512
a07731f314e73f7a9ea73576a89ccb8a0e55e53f9b5b82f53121b97b1814d905b17a2da9bd2eda9f9354fc3f15e3dea7a613d7c9bc98c36bba653743b24dfc32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\625f43fd-2406-42bb-b43a-0113f5a5db75.tmp

Filesize
5KB

MD5
fc8da34a934e14c2f67f077c99dbc140

SHA1
222c10e490ea4a2e3faf2c5e8c4273e0c7e290af

SHA256
aa798eaa4c1ccf0484952162bb3607882acd84da97a020a531864adc5e0dcde8

SHA512
0505ccadf76392301a906aeae3ca13f3a034eebd29f756604ab20b66f883b9bbf75bdbc9a5225e85ea48307eb0577f773a080fe90bcc198668dd592d09766cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
6cdb7a083c26e6b526fd735f0b65ac53

SHA1
d1966131cea729dc38aa4ffa8caa741a56d5240b

SHA256
dcac34efa6e1073ddc11a289b1fd9c3133ece05debeaf26baa83c1c882143303

SHA512
7e987b4b778ea9cad2f86d2878f12c4f92fbc7ead566f16108854032020cfe626712e52ccdcc5d155f30ad09a862e40cc209d5389ad74ded0d0ea77cb9d161a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5114784cd9a626d481018053e36f3a76

SHA1
f8ba193abbc7c80411ec61fe9bcaf5b3b715a0d1

SHA256
6a5807d6396bdb8801cb00a1235fa1da2fb870fb9148c77f3b6ed52aa2976829

SHA512
440ccff7bd4ac6c68a544f04ab49b1902887e684ee1d0e55e53f212751b11d0170ec550bcf98834a0d8dacdb1b59ed977b4728aca63e44682060ece03ae2c68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
03f8ae6e020dad488b97bb4bb70f21f9

SHA1
03dd3723b3cdc63ec449ff520f8f06c6dae18d04

SHA256
343c36f3d1641ae14d7c17e3f1e895819c83b0df6f90280d0fe2e7742fb864f2

SHA512
354391498b10154de3f86afdb158237496bd99ab035b55ae674d8764bb65a49953ef0564c80001991d5849ff7b32dc82a42faade8e6523f3ff321a1c17b5a7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1a0fe941fe70b7833a6f6c938d856446

SHA1
3dfa285a5f302f9d5ee6254cae46867f17eb06bf

SHA256
26add4f7a17357d247044b9240133ea477c69daff309bec73bd860e85eadcd0b

SHA512
ccdb7aad31f7ad1f552848c892600700ab8a22b29fc65acf5163d51776e3a7b120ffc3dd287495f312c8ffd467732a3dfc373786397d8072ee63d41dd9fee9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38cbc382ef4400499977ada265330bd6

SHA1
26d32a589751de81784d741caa48275e28c72160

SHA256
11718b094e53cd1e7f87512fa86ab0cba8ac91413e7b8793e2c056ce99b0dd24

SHA512
b5f93aa1e176c2bb2950ecf9d7866f579a39b559e28c5d46aecd3b3357751042c701077eb2f3dc74d085eedc204125bf4e255cbda083cbccf245f11bd5d0add2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b47e5119759a5ed37922ab6ffd9b890

SHA1
d995f4d0a353a22f62681eec4456c64213b611cf

SHA256
1ca348be58c304392c14b1f431d293ffd788e69eda8e07a69faac29afe906ea2

SHA512
3c73355079834a4be11a608d370f30f1ea46f0cabcca84f2dd3d9e9462c488389edb7c2e06ad8607cc1edaf1c92ce503c983616cb526893f43d07db7d52a5f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f768bce9767d18e74a7715824310cdd8

SHA1
1ac359d8a71948b9419a7722568044fb1be024fb

SHA256
3489e34cc69d36544fea59dc177076d9c1b878f6dd59675e5b0f5f9583bf52a5

SHA512
d4a0d07644a63c6d153e74e3fdac3a19b964aad504d3beee66f433bc8e59eca25f8b489f2dd7b1414cc36cf5ad125803d2527e07dfbccf517f3bd4c0fa090a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbdb4bf507855561cc9397804151aa9c

SHA1
03ce5d4e675cd2168b2880153e82daa616deebf7

SHA256
f701528c8294e9c2aa490722585ba638b2d905cd0b6d053660fd1afbc7dd7c90

SHA512
bea585a500425f3de8b3ab6139c85a8e05619b3cef8acc2a13e3dc206dbdfac7c8037127fac80d52c1617a422e3c22f0c4989ae9ba38babf3e4e3c47bb2743b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be34b50a1e78e62a5d1cfc311edff5f9

SHA1
f840200e38cfab4d2a62c9df150d1a2df9d8ac82

SHA256
4800d8c7d661a1feb279351818076eb563fb5fff273053070c61232c954ae887

SHA512
8d7f3520b0a2f09740c514c900a9ccc9fed9c48edae44ac44655341b7c367b699a7547119336a1d953b5f586800e848a307584a105d5c30f84a3785a82744c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b0578ba626a6d29cf2b3e537e29dc7c0

SHA1
a8909c5cbed2da05333a220627befa52f807a12a

SHA256
22ac854b99d4659e7b096bddc5828361d6613d153449141ee240f8d819ff3657

SHA512
92b7f11fbd36dbe61423d30cc9abac37b14bc1b007de6bc437c8a8f19282cd7f957cd3adac5dc8f1811ee25a21b9062e8bf512525db881bf09d418a9f17b5fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eae9399e75d0e8552f182caa0045ca6c

SHA1
7e47c68db4dabd2f047b59899688932880c7be89

SHA256
9963725bb392c1598396f4762ecb1c594a57987b869d2f978e3a12921d855ab0

SHA512
708da4900c41a25d2e9706af8fe4491dfa8e1fcdf017b2d61d7de4a6bcf3cc6ddda452d571910db019950cc8be22d0ebff5315c9be05054c5e6a69fab3d0018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f5bb11b38f57f3f33a86e3f8df68973

SHA1
22b9d3634e1c2c16313e57385efef0ecc8d7a5d1

SHA256
afff8c178c5817d7c9557dc3f2941da3a72972bac3e78bfb3e049bc09433c0b4

SHA512
16bd8386aaa24fec13e129b72f64481ef4dd8c9c009cc43ea6832b94056b6014f10bc3f50a8079ee86ff1c9f4223ef73b6a8b2cf6bf133dc2fa42b06a7217072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9b7b667a6bc33f6e66b026ad014434d

SHA1
c866c378e4f963e8f19ca4fd99c23ace45568d25

SHA256
601f3c18039ef919aa6e623e42172110e86442d300056bcfed97279352a4096b

SHA512
9e3d8a2125f9144a0514c9e19e4a270d240591559fa49a524c0479b6ff3dd4065788ac609fa6e96e78240aa305e041770c091de88d10a5a2a28278b61b32a553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ec6c2229f21462d0d7d6791b1b97f2e

SHA1
724fbe33c56d850b9b947fcda485fbbccb343057

SHA256
2339445db7d1893b020d53d8fb3dd3a7689f6713f7416ae98d03ba4751b383e6

SHA512
09fdc1e5d86bf85973e49a40e451264b964a6b454bf3efb899341db4a7894a3b6787aca487a3adaae2f7149aadfc728c81fd74b7042246a5f7cc01a0d50c1b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593723.TMP

Filesize
874B

MD5
30fd541e8d0a00f59ad9251e410d4228

SHA1
0264dbfe6ba45a2345736f330214c57dd0880680

SHA256
77d682ea266268191324a7f4ebc12259e29f2859972f5c70c7c1f3f767190210

SHA512
086d74ae5fc7cd4cad56b5f7fd4834c026f1ecd20e9752c7ba049907ee3f5288baab3718885599f35a38110b400fe5e89d3c85ab485af8e5213ebb4cbdf127cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b08ccf69-8afa-4d4a-ae5c-d296a9202235.tmp

Filesize
7KB

MD5
4386643b71e8a4facf07a6cbea3c739a

SHA1
da583fce0c02c0f571b8050ba6b73382dca480a0

SHA256
8d289b3747fed17c216c3b14a65adcde429b498dffb22ef000fc66b1bec6a212

SHA512
546faf1be01d332c433f1586497c0087c645f29191a2092fe476799e0670d387195f9433a47beb7340c26158c1e538e60809de2073e63aee960350142144ad33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
53eb1d9b20bd9863db60cb9091f5d4d6

SHA1
a888bddb206c87a7ca71aa3b83989d0831ce355c

SHA256
54d9a577cce9467667d1ba2290ae64d981bc334dff468200cbb16b86fffd8b5a

SHA512
02f4a90980cb444f2aeecbc513cb426be3668cbc5da817048bd537950805531fb7f13016a2d99050e107e709d039e63c39e489ef957a808a9f77d2bd30fa8b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f4fcd558476b712ac5309e7607bf9e9

SHA1
25d512fed80050c417b3a215e069f768331d9452

SHA256
a1880d3f22c4491a4575dc08d12ebc49e3ad2f7318f21d606464c8e9d7842829

SHA512
4fb2b351ab42c98b6565fa46b2fbc11709cca99de615305afa52c695e280064fb0d321843fbf046f1c07b2aff6f0a1b55a476dcb8655c2aea49ba8c674d046f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e3a481d0db8f9d96d043bed3c429bff

SHA1
83c1cf2fb44e89d2c9b4c833ae84f09991cddc90

SHA256
fb6be4d73298ea72a667ae6808cb06d813c5b01ce72c1cbd53611df7e57ca1dd

SHA512
ce7de4a885a2d4548dfc4c506cb1a46dd9ce52c9d830e4b2767108c73b0987d027c9345463a26f074aa454c4149355bc0e463967e724311bd38cf40982b7953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3fd50a9f251b1d554cad91011cad1624

SHA1
6b0bf1d2b96b1e5b4a585556ddb582fa98a9a1a7

SHA256
546bb72181ca232795eb6cab6ba609a32830a81714aeec6fd1213dc130dc6d78

SHA512
b4fa783d775c3b67509ad3a11a20ea9c9e537bff0c801b0d428ba80d965fcac6eec17de7983228f91dd68a8f2cedd6335a47af25e23ce9c14385c3a27641f52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5BB8.tmp\InstallOptions.dll

Filesize
15KB

MD5
d1eefb07abc2577dfb92eb2e95a975e4

SHA1
0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2

SHA256
89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a

SHA512
eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5BB8.tmp\ioSpecial.ini

Filesize
1KB

MD5
7a8d237d1d967c79dfb4d150da9ca4ab

SHA1
203c0bde4d67d6aa0278d411243c19a03441876d

SHA256
255636ae539bf98b12e039073cdc3fb349a96179956f7d75f2f28e4d129c6907

SHA512
d83cb6a9da897b30bb8276e74b21513fb15dad0e4083eae09093edd0dbbc9aa57cd77765d9828fd02e6adebad586d3c6e4f237c47925905130160dbd942b8317

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\StartMenu.dll

Filesize
7KB

MD5
dc91f181f9cb870fff0c58bc0ea63eda

SHA1
cc37e24f6071dea801d0eb59bcc2a9221cf1c74b

SHA256
e74f442771f034a24b77d3a849b343551bdef69ef151c622cb9fd5f34dccda81

SHA512
714605cad60dca30da96172b5ca1a1d8838d27f0a9979aa0db125d373cd3e015ae6b39c7b7d2b3fc9a4b5433ff1d7d2427caf3a2b5d1ae321e218d3c8fe8f9a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\ioSpecial.ini

Filesize
1KB

MD5
a4eaa87adb3a63eca750611447e6e22a

SHA1
d3b3331a068a6af17492f42d6919964226e1c613

SHA256
8a1d3074f81ce8e841e39d5a629adfc1a7b923f9d2855cf8ee1e9ef99adccac3

SHA512
b2f865d28a328e743298656c1dabfcf98f5fe35f9edb14ba385471e578096ba16300f0cff42af8ec17243310403b28c783459e5adffeff570c0e37c55cb7447f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\ioSpecial.ini

Filesize
1KB

MD5
42d5b5e0c596f8a0f063017d9cbfc673

SHA1
c3f6a0f3517ec8e6b71c672667d3f06a2b26e27c

SHA256
8d9810c9d3748c6c1d9519e44d5478f3d41e933ef92369e740b997116427e5b0

SHA512
9a1481bf82fc2bec77965ff481e4c9d0617ab7f4ac33acba236b6f1c9df014de4308ded31c2cb03a8d25169f0e687cba5e8f587796f787226f48ec13fa84a958

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\ioSpecial.ini

Filesize
1KB

MD5
28bb4c9d5fe955c988023f697a8da6f7

SHA1
dbbd1261639584d12698a2aabaf5b5f4e4ce5615

SHA256
c4382a7d6cd148758fc6752f097603b2b1f608ecf198b154bc20bbb8d057c393

SHA512
a78e4616c75a426b2ea30356f2806e7641dc0e00964c2f7828fe78be1e666252601ae93c7d6e7045cb4afc4d7c1e4624ddca78388d486cc6444408a046a8a44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz5D5E.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\Downloads\5bc7bbda-099f-4995-9130-3227c9de081b.tmp

Filesize
398KB

MD5
26e04fd57b93429e328b96a843269123

SHA1
030bd3c2a2dfa43dff014f721434cfaf73244a81

SHA256
c90be98e35bf2ce6a94ac14f02273b4887307b6008c76609723dea14af80a7c0

SHA512
bd1a802a2dc0d0a173eb35ab02b6eb914cc5c6803ff7f6bb813b5049be548a5e098c81046ede83bf8325a0f8fd2b0c802ede5fb89d86aed1e773c999469813e3

Download Submit
memory/1684-3050-0x00007FFA77820000-0x00007FFA77A83000-memory.dmp

Filesize
2.4MB

Download
memory/1684-3062-0x00007FFA76CC0000-0x00007FFA771AC000-memory.dmp

Filesize
4.9MB

Download
memory/1684-3576-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3610-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3612-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3072-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3624-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3625-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3627-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download
memory/1684-3063-0x00007FFA76770000-0x00007FFA76CB1000-memory.dmp

Filesize
5.3MB

Download
memory/1684-3064-0x00007FFA75E40000-0x00007FFA760A5000-memory.dmp

Filesize
2.4MB

Download
memory/1684-3065-0x000001EC064E0000-0x000001EC06AA6000-memory.dmp

Filesize
5.8MB

Download