hxxps://pixeldrain[.]com/u/uVqbTrb1

Analysis

max time kernel
125s
max time network
253s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/u/uVqbTrb1

Score

7^/10

discovery execution pyinstaller

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	RIP Tweaks Ultimate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	RIP Tweaks Ultimate.exe

Executes dropped EXE 7 IoCs

pid	Process
1532	emu.exe
4404	emu.exe
4752	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
4268	RIP Tweaks Ultimate.exe
3736	RIP Tweaks Ultimate.exe
3428	RIP Tweaks Ultimate.exe

Loads dropped DLL 46 IoCs

pid	Process
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4404	emu.exe
4752	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
4268	RIP Tweaks Ultimate.exe
3736	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
3052	RIP Tweaks Ultimate.exe
3428	RIP Tweaks Ultimate.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 29 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1044	powershell.exe
744	powershell.exe
1872	powershell.exe
2940	powershell.exe
2144	powershell.exe
5092	powershell.exe
628	powershell.exe
5820	powershell.exe
3848	powershell.exe
4108	powershell.exe
1072	powershell.exe
4684	powershell.exe
5704	powershell.exe
4232	powershell.exe
1960	powershell.exe
4956	powershell.exe
4484	powershell.exe
2144	powershell.exe
5776	powershell.exe
5756	powershell.exe
1416	powershell.exe
2604	powershell.exe
3276	powershell.exe
5004	powershell.exe
1112	powershell.exe
736	powershell.exe
5712	powershell.exe
5764	powershell.exe
5740	powershell.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000300000000070f-19652.dat	pyinstaller

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	RIP Tweaks Ultimate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	RIP Tweaks Ultimate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	RIP Tweaks Ultimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	RIP Tweaks Ultimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	RIP Tweaks Ultimate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	RIP Tweaks Ultimate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	RIP Tweaks Ultimate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	RIP Tweaks Ultimate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	RIP Tweaks Ultimate.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	RIP Tweaks Ultimate.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
4076	msedge.exe
4076	msedge.exe
1616	identity_helper.exe
1616	identity_helper.exe
4796	msedge.exe
4796	msedge.exe
3848	powershell.exe
3848	powershell.exe
3848	powershell.exe
4108	powershell.exe
4108	powershell.exe
1416	powershell.exe
1416	powershell.exe
4232	powershell.exe
4232	powershell.exe
1416	powershell.exe
4108	powershell.exe
4232	powershell.exe
2940	powershell.exe
2940	powershell.exe
2940	powershell.exe
1960	powershell.exe
1960	powershell.exe
2144	powershell.exe
2144	powershell.exe
1960	powershell.exe
2144	powershell.exe
2604	powershell.exe
2604	powershell.exe
2604	powershell.exe
1044	powershell.exe
1044	powershell.exe
3276	powershell.exe
3276	powershell.exe
4684	powershell.exe
4684	powershell.exe
1044	powershell.exe
4956	powershell.exe
4956	powershell.exe
4484	powershell.exe
4484	powershell.exe
5092	powershell.exe
5092	powershell.exe
5004	powershell.exe
5004	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2756	7zG.exe
Token: 35	2756	7zG.exe
Token: SeSecurityPrivilege	2756	7zG.exe
Token: SeSecurityPrivilege	2756	7zG.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeDebugPrivilege	3848	powershell.exe
Token: SeDebugPrivilege	4108	powershell.exe
Token: SeDebugPrivilege	1416	powershell.exe
Token: SeDebugPrivilege	4232	powershell.exe
Token: SeShutdownPrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeCreatePagefilePrivilege	4752	RIP Tweaks Ultimate.exe
Token: SeIncreaseQuotaPrivilege	4232	powershell.exe
Token: SeSecurityPrivilege	4232	powershell.exe
Token: SeTakeOwnershipPrivilege	4232	powershell.exe
Token: SeLoadDriverPrivilege	4232	powershell.exe
Token: SeSystemProfilePrivilege	4232	powershell.exe
Token: SeSystemtimePrivilege	4232	powershell.exe
Token: SeProfSingleProcessPrivilege	4232	powershell.exe
Token: SeIncBasePriorityPrivilege	4232	powershell.exe
Token: SeCreatePagefilePrivilege	4232	powershell.exe
Token: SeBackupPrivilege	4232	powershell.exe
Token: SeIncreaseQuotaPrivilege	4108	powershell.exe
Token: SeRestorePrivilege	4232	powershell.exe
Token: SeSecurityPrivilege	4108	powershell.exe
Token: SeShutdownPrivilege	4232	powershell.exe
Token: SeTakeOwnershipPrivilege	4108	powershell.exe
Token: SeDebugPrivilege	4232	powershell.exe
Token: SeLoadDriverPrivilege	4108	powershell.exe
Token: SeSystemEnvironmentPrivilege	4232	powershell.exe
Token: SeSystemProfilePrivilege	4108	powershell.exe
Token: SeRemoteShutdownPrivilege	4232	powershell.exe
Token: SeSystemtimePrivilege	4108	powershell.exe
Token: SeUndockPrivilege	4232	powershell.exe
Token: SeProfSingleProcessPrivilege	4108	powershell.exe
Token: SeManageVolumePrivilege	4232	powershell.exe
Token: SeIncBasePriorityPrivilege	4108	powershell.exe
Token: 33	4232	powershell.exe
Token: SeCreatePagefilePrivilege	4108	powershell.exe
Token: 34	4232	powershell.exe
Token: SeBackupPrivilege	4108	powershell.exe
Token: 35	4232	powershell.exe
Token: SeRestorePrivilege	4108	powershell.exe
Token: 36	4232	powershell.exe
Token: SeShutdownPrivilege	4108	powershell.exe
Token: SeDebugPrivilege	4108	powershell.exe
Token: SeSystemEnvironmentPrivilege	4108	powershell.exe
Token: SeRemoteShutdownPrivilege	4108	powershell.exe
Token: SeUndockPrivilege	4108	powershell.exe
Token: SeManageVolumePrivilege	4108	powershell.exe
Token: 33	4108	powershell.exe
Token: 34	4108	powershell.exe
Token: 35	4108	powershell.exe
Token: 36	4108	powershell.exe
Token: SeIncreaseQuotaPrivilege	1416	powershell.exe
Token: SeSecurityPrivilege	1416	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 4128	4076	msedge.exe	83
PID 4076 wrote to memory of 4128	4076	msedge.exe	83
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 1868	4076	msedge.exe	84
PID 4076 wrote to memory of 2304	4076	msedge.exe	85
PID 4076 wrote to memory of 2304	4076	msedge.exe	85
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86
PID 4076 wrote to memory of 3240	4076	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pixeldrain.com/u/uVqbTrb1
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff997246f8,0x7fff99724708,0x7fff99724718
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,7550412992142803097,6335011564694985670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1468

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RIP Tweaks Ultimate\" -spe -an -ai#7zMap11051:100:7zEvent4512
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Users\Admin\Downloads\RIP Tweaks Ultimate\emu.exe
"C:\Users\Admin\Downloads\RIP Tweaks Ultimate\emu.exe"
1⤵
- Executes dropped EXE
PID:1532
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\emu.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\emu.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4404

C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
"C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:4752
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1688,i,15012128160592267899,1810185598534017755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3052
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1908 --field-trial-handle=1688,i,15012128160592267899,1810185598534017755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4268
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app" --no-sandbox --no-zygote --disable-blink-features=Auxclick --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2344 --field-trial-handle=1688,i,15012128160592267899,1810185598534017755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --storePath=C:||Users||Admin||AppData||Roaming||RIP-Tweaks-Ultimate /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:3736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:4184
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:2488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet"
    3⤵
    PID:4952
  - - C:\Windows\system32\reg.exe
      reg query "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0" /v FeatureSet
      4⤵
      Checks processor information in registry
      PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "(Get-WmiObject Win32_UserAccount | Where-Object {$_.Name -eq $env:USERNAME}).SID""
    3⤵
    PID:4916
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "(Get-WmiObject Win32_UserAccount | Where-Object {$_.Name -eq $env:USERNAME}).SID"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3848
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4232
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1416
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4108
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "WHERE smartctl 2>nul"
    3⤵
    PID:2460
  - - C:\Windows\system32\where.exe
      WHERE smartctl
      4⤵
      PID:1300
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2144
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1960
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2604
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4684
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4484
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5004
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:4956
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:5092
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3276
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:628
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1872
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:744
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:736
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2144
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1072
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2604
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1112
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5712
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5740
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5764
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5756
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5776
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cop\downloads.cmd
    3⤵
    PID:4884
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d "0" /f
      4⤵
      PID:5648
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_NOTIFICATION_SOUND" /t REG_DWORD /d "0" /f
      4⤵
      PID:5576
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_CRITICAL_TOASTS_ABOVE_LOCK" /t REG_DWORD /d "0" /f
      4⤵
      PID:6656
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\QuietHours" /v "Enabled" /t REG_DWORD /d "0" /f
      4⤵
      PID:1400
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" /v "Enabled" /t REG_DWORD /d "0" /f
      4⤵
      PID:5172
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.AutoPlay" /v "Enabled" /t REG_DWORD /d "0" /f
      4⤵
      PID:576
  - - C:\Windows\system32\reg.exe
      Reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.LowDisk" /v "Enabled" /t REG_DWORD /d "0" /f
      4⤵
      PID:2592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\cop\downloads.cmd
    3⤵
    PID:1528
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3356 --field-trial-handle=1688,i,15012128160592267899,1810185598534017755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3428
- C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe
  "C:\Users\Admin\Downloads\RIP Tweaks Ultimate\RIP Tweaks Ultimate.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=924 --field-trial-handle=1688,i,15012128160592267899,1810185598534017755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:5220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x4f8
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c0bdda8a5b370a097739cd9520ca46aa

SHA1
6ab8d29bdf2275c3d1672e97c88bba3c81be7484

SHA256
c7d73dfed7bded032f30e96bd7b4122b3ee907aa21d3903341722f8728d46325

SHA512
0f1fc36f5d00bd61ef235f100ab395fb224bf56b71cdc5cb223320c18c670d69ec35dd3f9b217ede859d41266a480e4117cc0808cf886113bd07bf72dac71f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
9eb9d67f919ae153884991ffc5223fdb

SHA1
8ebbb1a763b529cc9bf2839b13f0564f10d10046

SHA256
08e4c57ce93d9bce050befa4e516d8aca239010d22692f90ea30a39ba91a1d40

SHA512
9aad23e77ff458c7b49381fec4e0c650172314e46cdae969744d948f67eabb8ee25e2d04f6d81d43bc97f2d704fabc43b4b63ece97a14f09fde78c59132a003b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c64ed40f809edc66236ab05a0985011d

SHA1
3a983c44fe12ba90d68a7140301b39dfce6b6579

SHA256
fffd5438890de5a24e90fe34a1fa37eab84cd0979da799d08e1859e3cb8544b8

SHA512
e2e8c192b1599adad8cb8546ecfbcc53f6271a2f1783d715681df01ac002a814837260a6948d3a5d1591119d707bfa79f2224d21cb9cd1874163e625077cc04b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5e588d075c5736b2aa764112c2d29d8

SHA1
f9a792ba64e966c17c30b733f335cd67fa3962e5

SHA256
cadb5f8105cd0e84e5559fe68f1689fab84fe357e22a0d87da95f84594c733cc

SHA512
7badf3c715a221c3c8e8f989c8b659e7d0a5201f4fe055fef3857a57736af9535350127d53763298cbf87e45853c7310ba1c79bccec05886bab79e50e9116514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46c161f0eb9e2ac881e4c64905eec9a6

SHA1
99e5d7e9a36972a5bb734930a2f88555d45a9e51

SHA256
d0d01acc3b5c35ee6f3e7a4f4ac89a631149cf148661f134367a93961157933d

SHA512
c091ac6e55a8419917f5b536de39f08317e02933550ff30f6f99f63e53096f9f12c5d8fc96f62f9712b483bd0cc897e65eef0d9c2adc9ec8928d64ab64b8a571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8927d98bf527099c90680db874fe40e8

SHA1
8c6ff3b79ac9e18078e70b1ba9b8aa5cd4ea1459

SHA256
c3d4b916727cef53ec58735a625ef89296ac9d2601f27373c70e2dd71a877bc2

SHA512
cf05ef078dcf0f2557a0415e62919ebd6c5ea1456d90395f92e807bc1e719c424fbbe0a825ca6eba7f1f6ba544fda3096c97838868c027659875b377290c3884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e0068dcb7342bdfb848c77f2f7eeef1

SHA1
f77f247f9b6e198b64868bedca07416067659367

SHA256
6dc9f626dbdb0219861637ad7533e213afd185835fecc7426a77f6e72e5a1ad9

SHA512
ca6a6a838e32360545903b610c5da7320720770d9fe415b91c781f7260e0321ec2ad97bd055c1ae2945135794ce8d4e58c2ac22939fb5095c6246201c46b5485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c41c032bab987c53ed8622ec596c6690

SHA1
8030e7d57f702cdd491095b3027696c2af1b0e39

SHA256
7a700b0ec65845297c11697bbe5e3e2288f9ad6c5c9e6b60f73d37888c4b6ef9

SHA512
3b857d5d4d459431a448b0a239b3fb5660388e9495f01cb1d69876ea37f6ea2777bc2c1f2b218f197e1b9d15a6f6ccc91e07b1de053ecbbd85927f0d8a95fc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
80bb1e0e06acaf03a0b1d4ef30d14be7

SHA1
b20cac0d2f3cd803d98a2e8a25fbf65884b0b619

SHA256
5d1c2c60c4e571b88f27d4ae7d22494bed57d5ec91939e5716afa3ea7f6871f6

SHA512
2a13ab6715b818ad62267ab51e55cd54714aebf21ec9ea61c2aefd56017dc84a6b360d024f8682a2e105582b9c5fe892ecebd2bef8a492279b19ffd84bc83fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\VCRUNTIME140_1.dll

Filesize
48KB

MD5
68156f41ae9a04d89bb6625a5cd222d4

SHA1
3be29d5c53808186eba3a024be377ee6f267c983

SHA256
82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd

SHA512
f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_asyncio.pyd

Filesize
71KB

MD5
142e957ae9fe9dd8514e1781c9a35c2b

SHA1
66d587f8b3a9f8cf237fc682c6e6d3d0929f1df9

SHA256
4c6d6690e91974804c1eaf77827ea63882711689baff0718a246796ff40b2a23

SHA512
874a827a6183bfe9898c80c25db4336eb58273a0ec701bc5f497364afe3084d6634bf6db7f9dc02ef593c6a751e678be419e9af050bd51c4bbb89d98f53c5f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_bz2.pyd

Filesize
83KB

MD5
c17dcb7fc227601471a641ec90e6237f

SHA1
c93a8c2430e844f40f1d9c880aa74612409ffbb9

SHA256
55894b2b98d01f37b9a8cf4daf926d0161ff23c2fb31c56f9dbbac3a61932712

SHA512
38851cbd234a51394673a7514110eb43037b4e19d2a6fb79471cc7d01dbcf2695e70df4ba2727c69f1fed56fc7980e3ca37fddff73cc3294a2ea44facdeb0fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_cffi_backend.cp313-win_amd64.pyd

Filesize
175KB

MD5
5cba92e7c00d09a55f5cbadc8d16cd26

SHA1
0300c6b62cd9db98562fdd3de32096ab194da4c8

SHA256
0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85

SHA512
7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_ctypes.pyd

Filesize
129KB

MD5
2bd5dabbb35398a506e3406bc01eba26

SHA1
af3ab9d8467e25367d03cb7479a3e4324917f8d0

SHA256
5c4c489ac052795c27af063c96bc4db5ab250144d4839050cfa9bb3836b87c32

SHA512
c07860d86ae0d900e44945da77e3b620005667304c0715985f06000f3d410fffb7e38e1bc84e4e6d24889d46b9dac6bf18861c95b2b09e760012edc5406b3838

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_decimal.pyd

Filesize
274KB

MD5
ad4324e5cc794d626ffccda544a5a833

SHA1
ef925e000383b6cad9361430fc38264540d434a5

SHA256
040f361f63204b55c17a100c260c7ddfadd00866cc055fbd641b83a6747547d5

SHA512
0a002b79418242112600b9246da66a5c04651aecb2e245f0220b2544d7b7df67a20139f45ddf2d4e7759ce8cc3d6b4be7f98b0a221c756449eb1b6d7af602325

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_hashlib.pyd

Filesize
63KB

MD5
422e214ca76421e794b99f99a374b077

SHA1
58b24448ab889948303cdefe28a7c697687b7ebc

SHA256
78223aef72777efc93c739f5308a3fc5de28b7d10e6975b8947552a62592772b

SHA512
03fcccc5a300cc029bef06c601915fa38604d955995b127b5b121cb55fb81752a8a1eec4b1b263ba12c51538080335dabaef9e2b8259b4bf02af84a680552fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_lzma.pyd

Filesize
155KB

MD5
66a9028efd1bb12047dafce391fd6198

SHA1
e0b61ce28ea940f1f0d5247d40abe61ae2b91293

SHA256
e44dea262a24df69fd9b50b08d09ae6f8b051137ce0834640c977091a6f9fca8

SHA512
3c2a4e2539933cbeb1d0b3c8ef14f0563675fd53b6ef487c7a5371dfe2ee1932255f91db598a61aaadacd8dc2fe2486a91f586542c52dfc054b22ad843831d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_multiprocessing.pyd

Filesize
35KB

MD5
22d20bd3946419ecf0882315ae1f96de

SHA1
f3c07bef75fa372a6905e971ca8350d1e3e48058

SHA256
9da721822a592f8c4e9a96ebaa4517c45768d7737582e0e5b933066f453a2e5e

SHA512
a3bec1f99240b9e9d823405eecc1c511c46f11c7d844229a0dad7e23edb69df365874c184fe9b2637f12a94132e44acecc3a434810d0ff5c819f8207f1ddde9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_overlapped.pyd

Filesize
55KB

MD5
4df3728d404e0b1607a80b32c6c93bcc

SHA1
d6ebd687de4d5fd8037f0775d6ea88b84f6a8287

SHA256
c8a0e2c0d7f82cedb839d2c0b827cf139113faa4aba05f2345c80e2cf3335b8a

SHA512
f9f51ac1f82e2fa799249336a927a84b0a44055ada0a136e318d9073633c2595445a933fbc74b0b3c16cbad6c253d1df76cad031389d89daf9a789de1526e265

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_queue.pyd

Filesize
34KB

MD5
955b197c38ea5bd537ce9c7cb2109802

SHA1
8feffcb11740ddafc4479fc008cc06c6b570a8bc

SHA256
73cade82ee139459fe5841e5631274fc9caf7f579418b613f278125435653539

SHA512
cab0d8d10fb3bff72d20b287901ccd9be685796142cd2e45e4712cd6f4551dec69180490c2fdfad262c6927a3c7f4fefe68187f64c066731fe17012f78a0ed69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_socket.pyd

Filesize
82KB

MD5
abf998769f3cba685e90fa06e0ec8326

SHA1
daa66047cf22b6be608127f8824e59b30c9026bf

SHA256
62d0493ced6ca33e2fd8141649dd9889c23b2e9afc5fdf56edb4f888c88fb823

SHA512
08c6b3573c596a15accf4936533567415198a0daab5b6e9824b820fd1f078233bbc3791fde6971489e70155f7c33c1242b0b0a3a17fe2ec95b9fadae555ed483

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_ssl.pyd

Filesize
178KB

MD5
cf541cc288ac0bec9b682a2e0011d1ff

SHA1
ef0dd009fdad14b3f6063619112dcdfafb17186d

SHA256
e94f0195363c5c9babfc4c17ec6fb1aa8bbabf59e377db66ce6a79c4c58bbd07

SHA512
f97e7fc644356bebe7e3deaa46b7de61118b13af99c9e91d0fbcbe3caea0c941265bcb28fee31a22fc3031c6428517c5202c1425654f3c2cd234979c9e3c04b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_uuid.pyd

Filesize
27KB

MD5
b5f2d9353f758e1a60e67dac33debdd2

SHA1
edae6378d70b76846329fa609483de89531bcf16

SHA256
cde836ef0bde1c15c1c3750de54b50d2285864c512abbfc9e2c94f0ff5aa5ca2

SHA512
9d780a8ec760c6bae3b53079c9a0670c7cbf2af6aababda0234ee71c5e0546b501cbe9666d973eaa28fb7fb7285814ecfece98d20cf4a86d3aea9a61a8120397

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\_wmi.pyd

Filesize
39KB

MD5
c629ce084fc76ac60b7a77479cb2225c

SHA1
fe80955f217162ce9d4910202bbe30f7601d254a

SHA256
afad80f9e62a57814779cf3e48352b583c1a0697b11a23cc9db3f4e43f7f8664

SHA512
9863767981508f458c61553e5a50b6c5d70956676fee92e15b5ab08b1770ba0f640392fa12feddd6ab1eac5a418f3f8cd057c608e33653a2825ca36edded78b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\base_library.zip

Filesize
1.3MB

MD5
18c3f8bf07b4764d340df1d612d28fad

SHA1
fc0e09078527c13597c37dbea39551f72bbe9ae8

SHA256
6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175

SHA512
135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\markupsafe\_speedups.cp313-win_amd64.pyd

Filesize
13KB

MD5
3311c1cce9be5d81fc8fe0f1b4743398

SHA1
c21776ca96d6c6bf42f1356222aa0d0f4a0f4f96

SHA256
ecc035da3d1a52249e369172fbdf21fe93d2aa00a92de45a720a7723e8f4d18a

SHA512
249ee7917e6864b463349fd9132af046410c12c2bcb532da1c8ac5fd03490f3a3e1847a7c9cbf43de92d8f2f5c20b9a07c6a332f2b4776bc034bcd8ba465d7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\pyexpat.pyd

Filesize
197KB

MD5
03493d1441671abe9339af942253dac3

SHA1
0d8800be2733bb56fb2909a6f9389c00eb00f612

SHA256
3a4830342ab562e41ab93b4bc2dc45fe0ab760815e7c3ec4a7fddc914ec99982

SHA512
1b092a9e2e9e64533e7436c239961cee4ffde0fa6fed4c6e0ca2a9f72fc72065d457968dc92e74f4e052cd2557f6d380a86046117b6a450306a16ac6e885a036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\python313.dll

Filesize
5.8MB

MD5
3aad23292404a7038eb07ce5a6348256

SHA1
35cac5479699b28549ebe36c1d064bfb703f0857

SHA256
78b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25

SHA512
f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\select.pyd

Filesize
31KB

MD5
62fe3761d24b53d98cc9b0cbbd0feb7c

SHA1
317344c9edf2fcfa2b9bc248a18f6e6acedafffb

SHA256
81f124b01a85882e362a42e94a13c0eff2f4ccd72d461821dc5457a789554413

SHA512
a1d3da17937087af4e5980d908ed645d4ea1b5f3ebfab5c572417df064707cae1372b331c7096cc8e2e041db9315172806d3bc4bb425c6bb4d2fa55e00524881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Filesize
1KB

MD5
4ce7501f6608f6ce4011d627979e1ae4

SHA1
78363672264d9cd3f72d5c1d3665e1657b1a5071

SHA256
37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b

SHA512
a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15322\unicodedata.pyd

Filesize
695KB

MD5
43b8b61debbc6dd93124a00ddd922d8c

SHA1
5dee63d250ac6233aac7e462eee65c5326224f01

SHA256
3f462ee6e7743a87e5791181936539642e3761c55de3de980a125f91fe21f123

SHA512
dd4791045cf887e6722feae4442c38e641f19ec994a8eaf7667e9df9ea84378d6d718caf3390f92443f6bbf39840c150121bb6fa896c4badd3f78f1ffe4de19d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0hz5oi1o.x5t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate\Network\Network Persistent State

Filesize
296B

MD5
6a8603af58b38ef799447882bb57d513

SHA1
40df9d39835299dd8b52859728388d14c41b852e

SHA256
d94a7a3c4d45dc9f9f57a415c0604d4ed537268fe25039dd24a020a0072c052d

SHA512
6d97a695721a458d119057cbe45b1777f300af1519940a78e68e7de47b85137f8a228c253aafeafcfa3824e4d99c4d0b54633e06940dfb72ca592cdd3df14f98

Download Submit
C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate\Network\Network Persistent State~RFe5ab74b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\RIP-Tweaks-Ultimate\Preferences~RFe59a109.TMP

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\emu.exe

Filesize
13.4MB

MD5
40658866eeeac7e1c8e776d2c6ba0ae9

SHA1
45fada1f257fff42739944fc942d329e37231ad2

SHA256
5ac197fa5770a2d98e63a176f818db4946eb6513f8f755155062a63547996468

SHA512
66ae7f859259ffdfe82ee5dce8190d31401e85aeb949488f4206d4a7cbe98c11479f16a9f0c63f15a207b81f9388d359c703e1da9b6b4a9a4d1202dc15a72b4d

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@babel\core\LICENSE

Filesize
1KB

MD5
b1d0cd283a346e919abb3beeb018279d

SHA1
578785efdec6fa01dae357fb1e7675ccac00861e

SHA256
117da2af0d4ce0fe1c8e19b5cff9dcd806adf973d328d27b11d4448c4ff24f76

SHA512
29844c3773154ee8b2e579050c77793e74261da427b77cf5ea7b010de3f167d60d9aaec8165b25a41065477508fb3be56c47a6ce8c0e61e2a297d6b4664398c5

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@jridgewell\set-array\LICENSE

Filesize
1KB

MD5
f0c81fe85cfa33f1c0f55d01a0024842

SHA1
e091d6ff39a03ffe3217b8839a3e0011dfa379ff

SHA256
e58e4f6d4f57ab1e4a503a523d1c4e34ed03eee292a0237a898ac158c1b7bc69

SHA512
faade6c812273526ba862517b7f7fac2e0cd5f3bf87d91e5c330909288de7d00f373ca097b6ef2d990e0b6ca258c98905b2292ce4baebbcc3f926275880cf1c6

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@svgr\babel-plugin-remove-jsx-empty-expression\LICENSE

Filesize
1KB

MD5
fe5c0fdf28719d80667caf9bb5e39994

SHA1
1889caa6a34b86831944a6da3677ddd7e168c894

SHA256
7bc7d9d513d14b0951dfd29718d6bdc434545c11621bead0909f625f0e135326

SHA512
06a8c694dd34d8685dc9e506d08db879a607a533d0cbd561e52b95a93011fbb47662968649396b88209b7a92b341283a070eef4beeeb5b2cafae0e966a826cd5

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@wdio\logger\node_modules\has-flag\license

Filesize
1KB

MD5
915042b5df33c31a6db2b37eadaa00e3

SHA1
5aaf48196ddd4d007a3067aa7f30303ca8e4b29c

SHA256
48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0

SHA512
9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@wdio\protocols\LICENSE-MIT

Filesize
1KB

MD5
4aee1c0042f3f3d6fbec12d620079343

SHA1
11d940bd533846edec4184d0ce5acb75465c73b5

SHA256
6d4087d81607eef3c2d976c7311e8c1b250ee346e28c2669166e78cb7fe86fbd

SHA512
436404155cdc15b219c3c38b7a9edfae97d9b54cacdabb1f3b36c30feba6056684f121d8a908ce383121800a11e5f762a38e89167ace1b74fd2098a00c8c8462

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\@wdio\protocols\build\commands\chromium.js

Filesize
77B

MD5
8963201168a2449f79025884824955f2

SHA1
b66edae489b6e4147ce7e1ec65a107e297219771

SHA256
d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230

SHA512
7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\async\reduce.js

Filesize
4KB

MD5
74ed211406662c274f10f5a53b5cd80f

SHA1
89ae4aecf6ed1d8885006741ce09fe8529969371

SHA256
10b14dad293b4375bd513917550b40fffa8be396d39b75f62832d5607d9dc131

SHA512
a066ace6b647a8c5b73e2f5e7f04bb8a63641814caedb47dac9a389fb0e69248b13fcfa98503bc75da4c8b65d970f5f54cb74ca6010159baaad965cff215d4b1

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\babel-plugin-polyfill-corejs3\LICENSE

Filesize
1KB

MD5
a03af4c718ad9e9aa3b00f07fa0ba3ce

SHA1
b3a742a9656fe20bdc88e960ae1c8b58f5cec1ad

SHA256
43571857d624621d9c1f5933339bdb3a31832919bed8143494acf1ae2fa46dc5

SHA512
b198f30b65115000b04e79cfef048d50c7c42680dee254d56f8c81d9c94a617e4c6e5018c4f7f37d4e234b452a57ca1d5c95afc252c863f34f4df2e0f4040da4

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\chrome-launcher\node_modules\escape-string-regexp\license

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\csso\node_modules\css-tree\cjs\version.cjs

Filesize
91B

MD5
f5b8d069dad5ae28144268c7f39b39f9

SHA1
97938a7a430b962d29c3678a13bdd2fecc74976a

SHA256
06eed2bcc508a6cb24fccc45634007e32242d9eb13c8f019db0468a8d42215a8

SHA512
7d7df0f0f23b651e40ddeef983d9f1fb31028efbc9e53ee53ddb352c8acb552a4e999380229e6b021563ba5fc4babcf81bae5837ad3844278a8c16a9e2669918

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\csso\node_modules\css-tree\lib\syntax\atrule\page.js

Filesize
232B

MD5
8c52ac618bcf4297387a1cf71d87fc43

SHA1
a7a81ce5b1192130984aada46ea73e318d248283

SHA256
ee141ed45c843703242e32b9988bb7620f72caeae06c15fd14293bd8279973a8

SHA512
4a30738357e4b6a436a51df09769a412c2020508cfaed6a9ce15169d14511aee0544c596aa4b666a0955f250ccd827da0f59ec1128270920bf6246ada9a96818

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\csso\node_modules\css-tree\lib\version.js

Filesize
145B

MD5
fa42251e8d7eb80e99b656b911006de4

SHA1
10fb5e9b9311f83a6a227b9cb9ccb98b25ff6fbf

SHA256
a47f7641c7856c1683dca31f7d94e92b7f7110104c63fbd6245b24126f1c658f

SHA512
4100b6729af07ce01934193dcf4e649054370c67e7ac69bdd846b6b4f55c40dfb919a977388d08da3ed2f242c0c8e46815e11b6e83cbcf5274d2481fe3561d8d

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\domelementtype\LICENSE

Filesize
1KB

MD5
d5b9cb3bc7f6ffd7bea8661f30447c11

SHA1
a4b5765e26b195e972e961e2c241a54eff51dafb

SHA256
cb992345949ccd6e8394b2cd6c465f7b897c864f845937dbf64e8997f389e164

SHA512
ea3679d79a1a7161ff68dd4265d7e89b9ee2bfff4f32d8da4802692d6fdc5c1706ff9edd5dce36ad4e88f7aa5f76061cf4cc8794a010efbf39b5bcb1ef08a550

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\domelementtype\lib\esm\package.json

Filesize
18B

MD5
0209924a20de23601919c26068b8cfd1

SHA1
0a2227579902ccb1badcede472b041ff577268fb

SHA256
1239d4d885dcad42201a27ed9324f8f0f760b78700d8db9ced39a511cffe7eae

SHA512
c896b0f4c5177442d59b3ef3dd2615a766e56249726b79cbde953a0e798f70ce6b0d7783dba7cb9f131c0775a6bc043f52af70a0030d2d362f611bffde6e93f1

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\ejs\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\es-get-iterator\.nycrc

Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\function-bind\.nycrc

Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\has-bigints\LICENSE

Filesize
1KB

MD5
375dc7ca936a14e9c29418d5263bd066

SHA1
75cdd9c8d795941f851f43b18fc7dae46e8a59fc

SHA256
cfc3f455254c0af0655cc3ff46a41ed644b67599f6043346169d285bf2b3cf3b

SHA512
7767e362be74a7c40a8ea0b4aa11f99d6bf7b2002c2871e2730f75915ccb3c2679e1ca4f211c3ccc993e9e7e3963aabfc89fd3ff17712bbef304bb80bc582656

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\http2-wrapper\LICENSE

Filesize
1KB

MD5
78fd36a7284eb85369521bcb6e863186

SHA1
8ab3afa5af90b0fa4421252da279bf563b3c47b9

SHA256
0194571d45a06ea2a22ceb51f981e3be92525966d28847dbc0d9982603bf90de

SHA512
265c0b9cb7e34ea63851a6bf0da02cd3da5beb2839b79bdec72607b26a5aeb0f34a812f37941d77c692f9f9799a706de704f41c9e0f360b8d40dbb9d0b416481

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\internal-slot\.editorconfig

Filesize
286B

MD5
6e089132bbc839003220249f345aaf01

SHA1
b613101963356bfaf6118fc55cf67bd5f5567303

SHA256
0a73be687a86b6f0e5494b1be555fcfbb886108794948837170c28f18820aae2

SHA512
803de242d802ed98054bdee9c99a91d053e330dc9101f6adf1d8a96d22f6f22889e81d4c3f974378361e1273f9b18313cfcc21408937139be5b64da473224911

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\internal-slot\.eslintignore

Filesize
10B

MD5
0549babc2213b12c788bfeb5c47cab97

SHA1
8525adbdf9ac9a497e638cc69cedd64804151830

SHA256
5c5daf48fdf4db42e16c29b5b3de54984bafe0c2ff367a186ca97f1d4ed48290

SHA512
54b84472aba9dc81d7b5924fb74ed962803d24d463cb58e153f354e35630e04f2613279aff3fba6f0e612f796108ed3da638bd134047d90dda0d775cde2f7306

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\is-date-object\LICENSE

Filesize
1KB

MD5
5db8fa3e421a3211e6a3dc68544da455

SHA1
e5501ab14484eafb1c649f01fa7455182ae66d13

SHA256
c61652db3d2808f667b48af0a358f0d85fd07ad4a0d0b1a50882dec3b764c522

SHA512
09645df36c2b7bc1360fdc1f353c2b382c612ec754ee86ed413738a68106b75b9393ddcc108d905b4d6c5c82deb6a311828629e0420a41934734242b00b3858f

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\is-number-object\.nycrc

Filesize
159B

MD5
f93d2eed3a74977c1f6adf203bc00a95

SHA1
15f2a319ce01b12d6831f739c70b362508b58c7c

SHA256
a4766e182e1ce45be9f6f1658281846c3abc8684c1cf90d6c7ae1940c5dfe8bc

SHA512
68bc4dec433bbee246137bdccfc0ac428c3e46e691ded8595931eea64ca4cfff1639751df1ac97e60a11c4f7b73029d9d1554392e124f140649373687517cc3a

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\is-weakmap\LICENSE

Filesize
1KB

MD5
c18cc44449ec61c93b216bf74e6c4fa4

SHA1
34fad6bdc82467a2a539617be699980a07c34913

SHA256
5a26e47b9d7020848f061bcad66f8e73cab95f529dab5c02588b21e57c4f876c

SHA512
3210b6a2e53061b6f8e49788257d1de142f09ad637a0e162dfa442d1ea2224241785d748d4ad945f415ffbfb5d370da02f3989a85642b9e829107fb5d20a1f0c

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\isarray\LICENSE

Filesize
1KB

MD5
a5df515ef062cc3affd8c0ae59c059ec

SHA1
433c2b9c71bad0957f4831068c2f5d973cef98a9

SHA256
68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14

SHA512
0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\jake\node_modules\color-convert\LICENSE

Filesize
1KB

MD5
9bdadfc9fbb3ab8d5a6d591bdbd52811

SHA1
2cb896d3773acc17b0f87dbb47759dfde011841b

SHA256
693866fc419c6f61c8570438ec00659d156ec2b4d4a4d04091711f5f11a365d4

SHA512
449fbdf7888a5b9088b5f84aa6d1a42cf951782a062079f63fe5e1e797e709ed4737c3e19300d0a98a01013431e73652c5b81438913ba952ff1fb63bce460e5b

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\jake\node_modules\color-name\LICENSE

Filesize
1KB

MD5
d301869b39e08b33665b7c4f16b8e41d

SHA1
e8bc789b6dc24e4c3fc4d208364dd6b029a81eb1

SHA256
c064f7a3e353bc1bc977f3c897941c75ef763f44f41677e0a15370ca0853d6e2

SHA512
fc1d65352c114c7594c9bedf5be432ba39d426feaf50bf8f7c52d32781323c84bfc9a68531aefb558c97ebe46e712e1d35d860ba1e1a6ab48b4a79b894092540

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\jake\node_modules\color-name\index.js

Filesize
4KB

MD5
405840ec3052209f357288fe4c0f4414

SHA1
db20105dc898fa8aa6706492502431c680c0dc94

SHA256
97dabd7ebb70c33c19ccfa6956377fc722d9769924903f42a3bede30d83a8592

SHA512
9de93ee7b458a9d6b97664022909ad25a7cb89c2cfdd8ee19aa2e126566b7a7a930b24143a2a76f83dbff19f1a67b0a71de93e8ab248720c2ee243396e869451

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\lazystream\node_modules\isarray\index.js

Filesize
132B

MD5
e32b2424bf3f56c47ac6a2a08478dce9

SHA1
5c3d1f3ad38be1bded1ec4e065f9463c9bbe359d

SHA256
9b8c691372802da788c9c5f4e1ca2f1ed0b88ab8722176c2aea15e38ec86d249

SHA512
0bba1c44572a14717efb494e8f00d67ea9ff40cc49d9cddb26da62094588edd0f57e25ad53b2b8b798fff06d81689bb50a87bde8771b07778a856ef515cb76af

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\lodash.defaults\LICENSE

Filesize
1KB

MD5
a3b2b7770df62392c164de4001b59f8f

SHA1
fc4de79d3e95696f11dbec64b0f99d421deadd30

SHA256
ffd8b33b354585f4ce119f19c53728281e48a97b074491eb6bf6d5c5ff305272

SHA512
b7f602a93a363a6d01b8713f0be0bf1e70c431b6c573e230ec7759e66dfe231bfa780154607b9a59f0e03322f7cedf57d2abd7a083c0f2ef2aabc8bc215bdb32

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\lodash\fp\property.js

Filesize
35B

MD5
ebb08110bff348df334274bd1d79e025

SHA1
563c5eb1769785a3350bfd1cb2b4e090a650c994

SHA256
af3533640c8af8f6804e9df53cabeac7767cddf1a619236e7226a784a2e9101a

SHA512
5f613471f700f4d36a3847f694774f9db9b7ebafd5037c00268af6edbf762bdad13a713dda2f93ab5f02bb01e8cdde2d6919f33a1bd1d74899bf1bf130b3fc73

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\lodash\valueOf.js

Filesize
44B

MD5
3b889e721c9c14f7a5cd312bb476f2a6

SHA1
dcaa02fb24d8915128f62a50e2782e30d7d4fe8e

SHA256
469f0f647beaf4eeca8d316133bcd0a0b3f5e55a4c1a391da1f10baba824ca9d

SHA512
3590cd3433b362223d3256d29a851a056c09d0fc0f4414d194cf39b64d166841dffd59f3029c352991682e9ee8e06fc97855fa1cefeb209098428dc5c2c7f953

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\lru-cache\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\object-is\LICENSE

Filesize
1KB

MD5
d22b3eb619d81197fd4f3ca47c2c1ea5

SHA1
cecc49e000ac69f8dc602f6967a3d9df155285cf

SHA256
dc0fe5a22d9336f345ee984f9bf56f11f22877a3aa5fd16a1db9a8ca0e23a5d1

SHA512
54069fc3a9f8378d57bc0b11fa7fa211daf4cd320435af21ca6514b4b19166d340133aca36ec253dd1bfe175532bc6e08e138ba72dac391269fd0aa8a512be62

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\object-keys\.editorconfig

Filesize
276B

MD5
21da6a90c8609948afe0be1430baa42d

SHA1
41dcc6e5dcfee2cc601b47fdcc716306ccf8f0c4

SHA256
ede54e8b6b96147c61efd0ddc56d3683508a26066a8baabd63673d2779a06f23

SHA512
a77e4ed2536be5bf0085ae0dd5d9ecfd9cb7fab57564bc7a7df49572b95447313e5b7cdbaf2bb406443ab6219e4a0a76e3c9cff7867151af22066b69d687199e

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\react-is\LICENSE

Filesize
1KB

MD5
901f6cd9846257b3a9c69dbd0a49caf1

SHA1
1506731a652bba9abdf804ba3c95651ec5a68bdc

SHA256
52412d7bc7ce4157ea628bbaacb8829e0a9cb3c58f57f99176126bc8cf2bfc85

SHA512
547627636339a25d7bf811b98143032ab2c43e0ccc5fe236656a98b98a009312a9abf2f05ab7a898695bbf0d09e727640385c3d7368d1545f13625215696019b

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\react-router-dom\LICENSE.md

Filesize
1KB

MD5
41daac9b7d40f18be4dcee49baa640af

SHA1
1d4f02e75ad308fc21bb0ab0d712020d8ade532b

SHA256
f8028d6599b4b781d151ba12c534ff23a9fce4f3bb3f417778302ed8970306e2

SHA512
95f964008a28fc29a19acf53208cd0065b5e23f46496ba32f1224189939087423744117ec5a0965369128630b650a74dc48f2643871e91ad7a822d057b96f483

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\readable-stream\CONTRIBUTING.md

Filesize
1KB

MD5
08365b138b43284489ecfbf6efd44a25

SHA1
1b97e91ac67fcbbd711dedd3b5c388c08489eeaa

SHA256
56e4e12a6934a2c4d36c7bf893f4d8aefa6c96f9ffcec357dfa6476e36c4f1f5

SHA512
85494ca6582db6aa3679f532c540f2075516628c02abd6fc827369cf8ec1f2ac66092ff815406d4670c7a33cadc62f34c2c478136953656ce85a7d5755f8c31e

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\readable-stream\GOVERNANCE.md

Filesize
5KB

MD5
70b44945cec4643ca805d87f673fbd34

SHA1
f30fd9ba0fa4f12c900d1b7bb248aa568a72cc3c

SHA256
7a521e462d1c6f3b599c44637fb337bbf969dda311510a87236ec539a415331d

SHA512
586f0f2a46ae29e8dc0b5931e144d3b7536057cb0a6d2ecfc72544c5048a1fc9417d14fbdb45f33e21eef99a2a0e302a3c74d2f8e360573544c8328593053daa

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\readable-stream\LICENSE

Filesize
2KB

MD5
a67a7926e54316d90c14f74f71080977

SHA1
d3622fac093fe1cbcb4d8e8d35801600b681fc45

SHA256
ec62dc96da0099b87f4511736c87309335527fb7031639493e06c95728dc8c54

SHA512
e61de704d5a76afd66b5d9b1c78f0a5afe9a846686ca2fb28c814a4a60dbe82a190ed4a6a2f31e09bf6d695b8ec178ebea9804593029c58c1b1bedd793324d13

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\readable-stream\lib\internal\streams\stream-browser.js

Filesize
49B

MD5
df20453c19af8406babdf987facd76d9

SHA1
0167a0dc72daab83989846563aae870f37549151

SHA256
72d46a15491627d8fb1489a47d03583cfe5c21902918016ab532b53e615e5a9a

SHA512
8004aca5efc10cf89bf41ecbb6586f9acd707ef3b789cc714043c48c0d47b6479d9d2c2fd9894aedc683edcb88fad8b28517d329417d6e2d0e2b639d964956d9

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\readable-stream\lib\internal\streams\stream.js

Filesize
36B

MD5
76bae0aaca4d9c61a71995751b67448b

SHA1
90b89ec87417d1301e7615a3ba50b04626c2796c

SHA256
1e7903927df33aadb3659ecce55266c9c851da65ce6c8b723a60a305c1c5422c

SHA512
9be70625af9c47a3772622031cdc4ada6e009d9ddf71f7409109ef6b6adfb444414630897eab07f77bd268f66c9462d199cb72934e0bb4fdbbe614f16bb3de24

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\regenerate-unicode-properties\LICENSE-MIT.txt

Filesize
1KB

MD5
ee9bd8b835cfcd512dd644540dd96987

SHA1
d7384cd3ed0c9614f87dde0f86568017f369814c

SHA256
483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a

SHA512
7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\regexp.prototype.flags\auto.js

Filesize
36B

MD5
8b97469ea6822068a9513049f9e514df

SHA1
7409f35c698ef36006006fb553fbca5c3bd4c6ff

SHA256
8a28142fdc864763727d7cfe6a19b5dbcdf5e1861207bd2c122082336a6c3221

SHA512
f10dc89b97000a2205acc9b1bcb9c99c0f125ce8c0775921fd1d1420356712b0c3d565252480eb35f68e70807aaed8c05cd86afce74bd77ef824cfd070027555

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\safe-buffer\LICENSE

Filesize
1KB

MD5
badd5e91c737e7ffdf10b40c1f907761

SHA1
07d9563f6153658de124707787ff43f0458ab24a

SHA256
c7cc929b57080f4b9d0c6cf57669f0463fc5b39906344dfc8d3bc43426b30eac

SHA512
ef233f8db609b7025e2e027355ee0b5e7b65b537506412ca1a4d95e74f2be2fe284c3a3fa36cb9d85dbd1a35fe650fe14de5b4d93ab071f2024c1fc8cf40730e

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\simple-update-notifier\node_modules\semver\range.bnf

Filesize
619B

MD5
76d83b46734a4604da9df9998fe7d19e

SHA1
5c6f063e0ec60f2d04686f73a12ba5f389988a2b

SHA256
ed628fdaff64be366d07f6cc4559eae4de109826f743ea7f5e1588c370bca49a

SHA512
40559a2c4890535b3f265ac188e40c0e38e43cf99c82b576117419dfdf05f3075b1accee5609a4a890bfc8f279cc40d718ab2016d791527a4623811de132e71b

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\string_decoder\LICENSE

Filesize
2KB

MD5
14af51f8c0a6c6e400b53e18c6e5f85c

SHA1
36791ee8e28518f9fb92b51ad9e4247708be9c55

SHA256
11f2aafb37d06b3ee5bdaf06e9811141d0da05263c316f3d627f45c20d43261b

SHA512
a7ffef419c24a9420ce268a6f3c7cca136bb47d2a33da37d08bd5ea213a3f58e9e28375ed3bb457ecf7c0c1b3f1434366da4e8bef219482fcf599d804575e5fb

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\string_decoder\lib\string_decoder.js

Filesize
9KB

MD5
0d4d70ba095a2af4afd7069a295d2f6c

SHA1
440bd1828612d1e583e33a4ec304673a11c782af

SHA256
f1d36d47b2c579063392c1a68963467f2d4f51a069af09eb068d974c63ee3b37

SHA512
f527fcaa28387a43a4df21c3c2e43e001b036a179383a61c58e194a33f67ac3ce445ef692d21e8f79139374f4a0749d1cebd2cdb59a4d9b4d2ec71bffd8b3be2

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\supports-color\browser.js

Filesize
67B

MD5
eb4c64679962222ba7791179667eef6f

SHA1
9800d972941ea5bf3e0838f8686dbe9ff97ba98b

SHA256
03b3defae5a0801f91bc78f5f3ff2b13dec13df4cef4c0a94554b2d1183da1d1

SHA512
5fa11ad79ad227c77d1f57c7ec9f736073f2919b8acfdd23ec743b500bdb335f97c1c1ffe721f0eff116502455f31f99a4344a0d9ca97c5bb5c7e2ebd54108bb

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\supports-preserve-symlinks-flag\LICENSE

Filesize
1KB

MD5
d237eac07663bde2409de740ba75ec97

SHA1
74cee463c60de7e0bfd342362e2a4ddf5f1883d9

SHA256
0f0ca96f50793990031ebc488a38f7292ff70bce8ab6a8e5eeda674abc32ccdf

SHA512
d7a2f0dac429abc40834b1887cbffec6487330328aefed4a84ed2da8fcd687a489c7e25c981b99ef0ec5c0b71efbf6c30489d8204f295045afaa488dd98d644e

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\tar-fs\LICENSE

Filesize
1KB

MD5
9befe7026bf915886cd566a98117c80e

SHA1
a95ab3a4b0e4bd978897f09b3b430a449da20a08

SHA256
3fe8d55a98dbf260eace67c00cf9bc53edb46234e840098a0b93df3096b97fb6

SHA512
b52ba143042812d6dd1031a12946afddb6e8f8ebbc7169c59c138d16aafc5e261aae92fe6b1ea94a3d80e39d2415c4b219710ef46939a2df135db24a0cf712fb

Download Submit
C:\Users\Admin\Downloads\RIP Tweaks Ultimate\resources\app\node_modules\zip-stream\LICENSE

Filesize
1KB

MD5
51478cb9e7ab40d3d3616c3794ded96b

SHA1
97caa58bbe0c8dcd3bd857dca51ab034344a71c1

SHA256
79bad9f51738814f83251ae89460326b2ff2ea19ff5f71ab8f7636b2e17bb231

SHA512
e0eb64b4b3e53390e54487234f5dd7555e9a5871e9d1e901f5c0bdf8d9670b220731d2bf58c80e57a6e28e93fc7574ece6b4d449a13c51c05619bfa0bf2774e3

Download Submit
memory/1416-19901-0x000002177D8F0000-0x000002177D934000-memory.dmp

Filesize
272KB

Download
memory/1416-19902-0x000002177DE60000-0x000002177DED6000-memory.dmp

Filesize
472KB

Download
memory/3052-19812-0x00007FFFB5290000-0x00007FFFB5291000-memory.dmp

Filesize
4KB

Download
memory/3052-19930-0x000002D4C0D50000-0x000002D4C0D7B000-memory.dmp

Filesize
172KB

Download
memory/3428-20105-0x00000284D9ED0000-0x00000284D9EFB000-memory.dmp

Filesize
172KB

Download
memory/3848-19860-0x000001E934EA0000-0x000001E934EC2000-memory.dmp

Filesize
136KB

Download
memory/4232-19906-0x0000021376440000-0x000002137646A000-memory.dmp

Filesize
168KB

Download
memory/4232-19907-0x0000021376440000-0x0000021376464000-memory.dmp

Filesize
144KB

Download
memory/5220-20354-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20356-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20355-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20366-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20365-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20364-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20363-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20362-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20361-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download
memory/5220-20360-0x000001AE9FB20000-0x000001AE9FB21000-memory.dmp

Filesize
4KB

Download