c60e8d31d641c7a37ff1e7c7d0b1bafdd5847495e6973b466356e40fe48154ee

Analysis

max time kernel
841s
max time network
448s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
04/04/2025, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ui.exe
Size

15.8MB
MD5

7821f6e1ae3239e1f8250fd2e2b2272d
SHA1

92d9aadd08d05b6c778b9f4ee628f315999b18e0
SHA256

495fa56ca85a4e68837f4d2b0628e903a254540b8cef14caeeb7500137e747a1
SHA512

4410fdd83d2ade40d9fd92d4b33a40c59b291f29fa7a2f4c0b1eb912261b10ecde541651bf7c83b41aed8b686e91aa5488ecfd8f2c23968167d02cf4abb6744d
SSDEEP

98304:aPPbD4xnuPaRJRx74o09lHXnUhKRe7IZSMhpFyV7cxPrwqQ2jJ6cefe2vtjlprk/:aPWRt49TiKgwFK0VjJe99IXWNdU3

Score

6^/10

defense_evasion discovery trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ui.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Part-RU	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-uk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Part-ES	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Part-IT	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\crs.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1885792861\crl-set	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-el.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-or.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_251430732\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-af.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-la.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Part-DE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Part-ZH	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1885792861\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\adblock_snippet.js	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-be.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_942982068\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_942982068\manifest.json	msedgewebview2.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-es.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_358926814\protocols.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-as.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-it.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_942982068\_platform_specific\win_x64\widevinecdm.dll	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1311212764\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_24991952\keys.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\kp_pinslist.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_358926814\manifest.json	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133882057168718471"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1760	msedgewebview2.exe
1760	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
2156	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4332	ui.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 2156	4332	ui.exe	78
PID 4332 wrote to memory of 2156	4332	ui.exe	78
PID 2156 wrote to memory of 1988	2156	msedgewebview2.exe	79
PID 2156 wrote to memory of 1988	2156	msedgewebview2.exe	79
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 1352	2156	msedgewebview2.exe	80
PID 2156 wrote to memory of 3472	2156	msedgewebview2.exe	81
PID 2156 wrote to memory of 3472	2156	msedgewebview2.exe	81
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82
PID 2156 wrote to memory of 3888	2156	msedgewebview2.exe	82

C:\Users\Admin\AppData\Local\Temp\ui.exe
"C:\Users\Admin\AppData\Local\Temp\ui.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4332.780.12392603673026838711
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x168,0x16c,0x170,0x144,0x120,0x7fffe329b078,0x7fffe329b084,0x7fffe329b090
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1704,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1700 /prefetch:2
    3⤵
    PID:1352
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2012,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:11
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2292,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:13
    3⤵
    PID:3888
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3492,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4532,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:14
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=756,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:14
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2236,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:14
    3⤵
    PID:3340
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4648,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:10
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1760
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4432,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:14
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=3988,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:14
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=952,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:14
    3⤵
    PID:2768
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4080,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:14
    3⤵
    PID:2824
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4696,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:14
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView" --webview-exe-name=ui.exe --webview-exe-version=0.0.26 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4660,i,3318267260161218727,477877982079209914,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:14
    3⤵
    PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
38a03c8a77d901efe24407a44a974dc5

SHA1
41c11d8905c557aa559faf5d31acfc64995abe48

SHA256
439a43f43f5712d193b2762cf42b27f5bb6ee8549953376f9f352bc6711a599a

SHA512
e8136e7350980a601f88e7c0260075aa465b8b2b9ae38c054dc1d481cd9d419bb323d80080ff2c304d06726137cbafa5885d156cf0af0b7426c829f1cb6e4c0f

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
056628cf7f21ed2733d03e43a5090d2a

SHA1
e7290c3f8d470b4b9ff57a23a6787e0cf78872ca

SHA256
cf8b65e5f10c1d1a6e0487ce29dffde4068562e4310103a185828fbc29284da9

SHA512
6f6b59c3cc8f77f3ad956598732e5e63ec6eb892ccdc01f86bd1b100acb8dba3a4d87cf581cab33cfff3cfd6dff8dddc87e08723f3a841b64b3c6a9c975cb2c9

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
814f215fdae513cda706cb48548a43d0

SHA1
054bcc8cfc58fd5c3064608e0de57d5e96dfcd20

SHA256
cf0f0e147e7022fc7eda48b4fec7779842212a27dfa6bd1630233c18fa766aa1

SHA512
353669b83da6750dbce2e948f72049b1d480fb8dabea326ce6d69a955e5bc589c34384de23ed8bb51326d9f8a2bc5665c9223ef43b24d77044967a6ed2d2a3af

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1cb9bbdf2f46fb9dfe4e25e6cf662c38

SHA1
83a4581c464f3f35a50d41e7d07880657b1ec770

SHA256
16a9e624ff3e087c7d68f54918d91af89297eebe67bebd841f738022650f31bf

SHA512
777879e55b42574468bfba77a99cac2320d534856ba1dbec0519704a90e443a872e8b42250f993dc992f4aa3130b1a8d22ad44cb9b72e6cacc6d3d963bf56bb2

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\Network Persistent State

Filesize
812B

MD5
39bd38efa020448054b89b112606c0bd

SHA1
6114093663154210a40e7eda228828d27a1bfc18

SHA256
36748fe59a66ad92828ce1504d2632c40c95eb66ce6235a330e9b48a26b84879

SHA512
5f0a4b3b350f61325377dec01a0c3b700ce556ff59979a31362abcf4f4b8533cff50da7131b379254574b6833c9bde5593b2c635e322d8d43a188c84ce8808e2

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\Network Persistent State~RFe588a49.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Preferences

Filesize
6KB

MD5
64c94266aa15d72482246d8d5f693ab7

SHA1
6cfbac4d8c99dcbadf165ae4751e2d700e81e9ff

SHA256
5a330c8f74708fe32630f606bd88efaa0971f41ecc75ab634ff80d927747af57

SHA512
88c327b2abe5cbf877f3b5e924b8c0b3fc6892f69e66f7b0061d0e59be0252326a7efbe33292f5a82c3af3d6f46dbcb60bc3cf81e356fbfe6f9a834502b09c4d

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Default\c7013633-1adc-4709-896b-ee205ffe8279.tmp

Filesize
6KB

MD5
e845d957bc4223e1355bee8365d9f573

SHA1
33336668ee63804907d79e2e0f70dc158af85d9e

SHA256
e5d6ccf4f72aaf936d7b17287ceafab2bf66bdbbeb086ef87da8081bb0cf6a33

SHA512
2d7bdf4e6edb3079880bfff8defcd9f23bae4465036ecd8f58bf79249452862721ffaa2ee4aae4839616318637686b0282840d0c5afd8c78d051550936914b92

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
1KB

MD5
03a1ee886a3cea4608185468de21675c

SHA1
15cfbc94be59b1328047ba1dac8b1ae4404355a1

SHA256
ac9779e13138098c391e8f8fffbf5cfaaef2705f2e13cbe904a494876fe4f201

SHA512
eeebba96ffed240e548a59ba419edacde40acbc2c5aa85d21a0ef7aa2ef5d9b80434fbb0be2aee93b08201ec4ea5b3dc02156d91f801471036dd1ae843c471fd

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
2KB

MD5
89052534c2e8a7e4b4a28031849df2ed

SHA1
5501b8c596562581254ceff1b53cf1b0cb2577e5

SHA256
0088f6a45ce7e6f9c29beff78745e0a5e36f1feb5180f28d3a07fc39425e9228

SHA512
42a4aa70783dacab4f50475b698c3cb82005a96fd0772425c689aafbefc27d3d251e3d82d031efacdb6bf2c1a16fd9671a1fcf0f8a19d41db0d2621f45868bfe

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
3KB

MD5
95bacd237b2ea9dd5a8b3f54c6af23b2

SHA1
b2c8a307d515d6c1fdacaa06de6b7c006faa7d80

SHA256
2d5d19e2932581f54b361fd7fea4166b34df7d4698e9f149b28e085a233c60b2

SHA512
33059d70e3db59e85dca11a0abe92906f5e9879688282a30526c7e4961f8e3c630579465d6f8a3c3c5f3e9c1dafa6745626e9b8874c8fbf567cb1b935f9f1c68

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
16KB

MD5
4a5790a75dbddbd70ef9dcda8b160bc3

SHA1
eda0a9c27f916982c2f37dd267a4cee2e703c92e

SHA256
c6787da80a363631b4aecd2d1c62d2eb3ac2ab7df657e65e656c93f03dd89d50

SHA512
1444ac4e794c87110863f3fd34e28f0ea8062125e4f8415ba32a48c9347ef0d4697a6dcf96c2d23168439b6337825696b81be6f13f20e85b176a91b88bfc769f

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State

Filesize
16KB

MD5
dc1f5f812adc982a9b9983c61580054f

SHA1
6b26d4f85ba212b735a3158dcb35fb1459e81ba9

SHA256
1ff4494663ed549984a93f93ca55166744bebfb32548b53d05e441a6e704738a

SHA512
997ecfc7a42b47f60f2570391b416ec0e75d25dff25a4c232d7c42f11571ed4d9ba69c1bee63df0ea8e3fcc88b7113d0d58c813b6bed953ae6c9c2ae373a9e15

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Local State~RFe577280.TMP

Filesize
1KB

MD5
227e7c51d6fe3fe23ad35dd897345f55

SHA1
b9816fcdf4b851cef417eff0867895cc004b61e6

SHA256
6ca35b144b38858e756dad1798c9409cd0b60dd138af76f1eb8bba82143d091b

SHA512
83cd6b20289b88baa03f97fc697515405e632125db14ee8c652330ae2ddf8398950ea4882d3975194ea0ca26ead0bc2ea5c8bddd228f18bc79de63b2819b3c5a

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\com.awp.dev\EBWebView\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1311212764\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1664085845\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1802882239\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1885792861\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_1885792861\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_24991952\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_251430732\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_759768487\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2156_942982068\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
memory/1352-26-0x00007FF802D70000-0x00007FF802D71000-memory.dmp

Filesize
4KB

Download
memory/1760-333-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-339-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-331-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-341-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-340-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-342-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-332-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-337-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-343-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1760-338-0x000002A529B60000-0x000002A529B61000-memory.dmp

Filesize
4KB

Download
memory/1908-149-0x00007FF802D70000-0x00007FF802D71000-memory.dmp

Filesize
4KB

Download