6f289ffa4269df96c1947af8a870f89f4bd993ffe88a81d7e096012291db2695

Analysis

max time kernel
76s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 01:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Injector.exe
Size

13.8MB
MD5

79e1dcf85a8a269f9aa13b1e1b42d1bf
SHA1

b6b645373b75a926538bb21797a6eb9d91e8e42e
SHA256

6f289ffa4269df96c1947af8a870f89f4bd993ffe88a81d7e096012291db2695
SHA512

9a0eb33ab08df13574dfa8a52534556f61110eed532a9660df46b0f5fabacf7b7d67a05b8588a9df351434b62c36c35fe540588e2beabfdc47d191ab87ffad2d
SSDEEP

393216:xZbuDd+TWQETX+uxZbFbVvJdOqEldCRdZ:xYJ+aQED+uxZhEL

Score

7^/10

ransomware

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation	cmd.exe

Loads dropped DLL 50 IoCs

pid	Process
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe
3812	Injector.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Downloads\\background.png"	Injector.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "137"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
7024	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
1320	msedge.exe
1320	msedge.exe
1352	msedge.exe
1352	msedge.exe
5720	msedge.exe
5720	msedge.exe
5728	msedge.exe
5728	msedge.exe
1508	msedge.exe
1508	msedge.exe
5804	identity_helper.exe
5804	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5808	shutdown.exe
Token: SeRemoteShutdownPrivilege	5808	shutdown.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5368	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 3812	4452	Injector.exe	87
PID 4452 wrote to memory of 3812	4452	Injector.exe	87
PID 3812 wrote to memory of 1352	3812	Injector.exe	100
PID 3812 wrote to memory of 1352	3812	Injector.exe	100
PID 1352 wrote to memory of 3220	1352	msedge.exe	101
PID 1352 wrote to memory of 3220	1352	msedge.exe	101
PID 3812 wrote to memory of 1344	3812	Injector.exe	102
PID 3812 wrote to memory of 1344	3812	Injector.exe	102
PID 1344 wrote to memory of 1484	1344	msedge.exe	103
PID 1344 wrote to memory of 1484	1344	msedge.exe	103
PID 3812 wrote to memory of 1096	3812	Injector.exe	104
PID 3812 wrote to memory of 1096	3812	Injector.exe	104
PID 1096 wrote to memory of 2092	1096	msedge.exe	105
PID 1096 wrote to memory of 2092	1096	msedge.exe	105
PID 3812 wrote to memory of 3888	3812	Injector.exe	106
PID 3812 wrote to memory of 3888	3812	Injector.exe	106
PID 3888 wrote to memory of 4708	3888	msedge.exe	107
PID 3888 wrote to memory of 4708	3888	msedge.exe	107
PID 3812 wrote to memory of 1692	3812	Injector.exe	108
PID 3812 wrote to memory of 1692	3812	Injector.exe	108
PID 1692 wrote to memory of 2908	1692	msedge.exe	109
PID 1692 wrote to memory of 2908	1692	msedge.exe	109
PID 3812 wrote to memory of 3740	3812	Injector.exe	110
PID 3812 wrote to memory of 3740	3812	Injector.exe	110
PID 3740 wrote to memory of 4024	3740	msedge.exe	111
PID 3740 wrote to memory of 4024	3740	msedge.exe	111
PID 3812 wrote to memory of 2944	3812	Injector.exe	112
PID 3812 wrote to memory of 2944	3812	Injector.exe	112
PID 2944 wrote to memory of 4072	2944	msedge.exe	113
PID 2944 wrote to memory of 4072	2944	msedge.exe	113
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118
PID 1352 wrote to memory of 380	1352	msedge.exe	118

C:\Users\Admin\AppData\Local\Temp\Injector.exe
"C:\Users\Admin\AppData\Local\Temp\Injector.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Users\Admin\AppData\Local\Temp\Injector.exe
  "C:\Users\Admin\AppData\Local\Temp\Injector.exe"
  2⤵
  - Loads dropped DLL
  - Sets desktop wallpaper using registry
  - Suspicious use of WriteProcessMemory
  PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:3220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
      4⤵
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
      4⤵
      PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
      4⤵
      PID:6080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
      4⤵
      PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
      4⤵
      PID:6224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
      4⤵
      PID:6332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
      4⤵
      PID:6484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
      4⤵
      PID:6640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
      4⤵
      PID:6692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
      4⤵
      PID:6804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
      4⤵
      PID:6496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
      4⤵
      PID:6160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
      4⤵
      PID:6148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
      4⤵
      PID:5932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
      4⤵
      PID:7156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
      4⤵
      PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15518192766169006568,3433177008521148744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
      4⤵
      PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:1484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,5661123970577905059,2430921531803281047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,5661123970577905059,2430921531803281047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:2092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11915314550721320684,5236440526359123240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13044162333233406022,13184341211788112747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:2908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,10300163729991335756,565704573458952833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
      4⤵
      PID:5844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1159689908282204180/1161075224868048987/image_17.png?ex=6536fa91&is=65248591&hm=29b0a4ece341bfd2b3e3362cd6ff71d23ce73568ec00709b670e7addf52437e5&
    3⤵
    PID:5792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start "C:\Users\Admin\Downloads\Image (1).png""
    3⤵
    PID:6204
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start goodbye.txt"
    3⤵
    - Checks computer location settings
    - Modifies registry class
    PID:6988
  - - C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\goodbye.txt
      4⤵
      Opens file in notepad (likely ransom note)
      PID:7024
- - C:\Windows\SYSTEM32\shutdown.exe
    shutdown /s /t 5
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd8a46f8,0x7ff8bd8a4708,0x7ff8bd8a4718
1⤵
PID:6176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6428

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3969055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8249dcdc23cc093699029b1edad17e29

SHA1
fa340eb75c5cb07946d08348fb49368bc08143f5

SHA256
c6105ac4fca2a904c7f2188c63921864b4ea3ab4941f79809e91b75f2af5bb7e

SHA512
e846e2a7a94f339ffdae5f0622cfce9b6f4e6f22cf0c41730c3e61e3642b7e164a87bc2fd29dcc5642cc91b1e9f292f7a5501c2f975b4589e1d8312fa307dc32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c1cf041facfde779274acb5a0b953f0

SHA1
4caefdfb47430306a0de077728311b5f871ba114

SHA256
dff4da5f45a05f3d8f8bc187020ef830b1d58128ce8bf1d87a3f15235dc22390

SHA512
1e291f9d9da7bdbf6e68ccfe0f1d6b171d6f508bc078c525f85a8d4ae201cf124124e97e388b32fdbbccddd9bbef6f419a81078f2503b7b4530312ca91474121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f547734ac74af31cb4535d64d767fd05

SHA1
c695b673530b968bf4f9e08ba1997ea13e890eb1

SHA256
567f1b902af0eb410bf6aaade425a2d43a4ed52186315357d25ab7a791ec2cf1

SHA512
063874853f53a43afa20ca246f9ad687252b54b3fc62c540a975f3c128af9da220f04963ddf196d03493649f0f72fe0e81b3b29efcda571f2a6cfbf2c51a26ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a6e125a46398b5e7c03140469a7b271a

SHA1
03996745c4c07a7ddce9a5276d895f19bfd73232

SHA256
30349bfe418ffcf8f8c8b7fdf6dffce7844aa1221190523986f52e6cafd8f106

SHA512
1a714d2fdad812903b07f94328c550c2b00cf8f0c6900358b541d48bc7bee49a8837905419a2a4245cd72529dbc7ef492f98adc65e966cf80764a18179981c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
df9063cd7a094c781aab594affa549bf

SHA1
212681cd49a7b80d6855777f374fb713e5aee018

SHA256
c3481cae4b766bf2160586a7eb49c931e71152adca1a049bea1c8e9e47d08f21

SHA512
b621f93bfdeeb93d8e3c4bab32dba2ef3d9a87ed069483030df984cfb394bee97488bc4f95d60765826dc8387a3d7bf053acc2f1cc436c16580f4f00a17eea03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4cced152518cbe050aedae9aac08d930

SHA1
ac1e15ef15a70aa64a757ff9b1b10317cef97d09

SHA256
37ce3b1ac92645c8e4c43dd25f5be3d97b253e951e2548120cb8af4b1e4cc6d8

SHA512
24a249971373aa6f574ab3ed1912d4c1e4fc8a68fc61342babfb1490e79f14bdcdb5b5abef44b29a8b778890562eb4fd0368cd89402ccca40a99005d8bac5e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
86618b12dbd1dd9e92865a1ce5d588a6

SHA1
9407cb452c201bc357ea21c001e0121427e8a4ab

SHA256
b4aa232418347172a2b73045959960cc2d5d16302a6d8178208ca72001b34b75

SHA512
9a2b9b4d327d9608df12350559b794f708b19e44095159f4342e85d5c1c01ac38cb9b4568ccd3a0389f233f19a3a1c47f88ee93bc08a536b69610b678901aa2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_hashlib.pyd

Filesize
63KB

MD5
4255c44dc64f11f32c961bf275aab3a2

SHA1
c1631b2821a7e8a1783ecfe9a14db453be54c30a

SHA256
e557873d5ad59fd6bd29d0f801ad0651dbb8d9ac21545defe508089e92a15e29

SHA512
7d3a306755a123b246f31994cd812e7922943cdbbc9db5a6e4d3372ea434a635ffd3945b5d2046de669e7983ef2845bd007a441d09cfe05cf346523c12bdad52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_hashlib.pyd

Filesize
63KB

MD5
4255c44dc64f11f32c961bf275aab3a2

SHA1
c1631b2821a7e8a1783ecfe9a14db453be54c30a

SHA256
e557873d5ad59fd6bd29d0f801ad0651dbb8d9ac21545defe508089e92a15e29

SHA512
7d3a306755a123b246f31994cd812e7922943cdbbc9db5a6e4d3372ea434a635ffd3945b5d2046de669e7983ef2845bd007a441d09cfe05cf346523c12bdad52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_queue.pyd

Filesize
31KB

MD5
f00133f7758627a15f2d98c034cf1657

SHA1
2f5f54eda4634052f5be24c560154af6647eee05

SHA256
35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659

SHA512
1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_queue.pyd

Filesize
31KB

MD5
f00133f7758627a15f2d98c034cf1657

SHA1
2f5f54eda4634052f5be24c560154af6647eee05

SHA256
35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659

SHA512
1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_socket.pyd

Filesize
77KB

MD5
1eea9568d6fdef29b9963783827f5867

SHA1
a17760365094966220661ad87e57efe09cd85b84

SHA256
74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117

SHA512
d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_socket.pyd

Filesize
77KB

MD5
1eea9568d6fdef29b9963783827f5867

SHA1
a17760365094966220661ad87e57efe09cd85b84

SHA256
74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117

SHA512
d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_ssl.pyd

Filesize
157KB

MD5
208b0108172e59542260934a2e7cfa85

SHA1
1d7ffb1b1754b97448eb41e686c0c79194d2ab3a

SHA256
5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69

SHA512
41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\_ssl.pyd

Filesize
157KB

MD5
208b0108172e59542260934a2e7cfa85

SHA1
1d7ffb1b1754b97448eb41e686c0c79194d2ab3a

SHA256
5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69

SHA512
41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\base_library.zip

Filesize
1.8MB

MD5
e17ce7183e682de459eec1a5ac9cbbff

SHA1
722968ca6eb123730ebc30ff2d498f9a5dad4cc1

SHA256
ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d

SHA512
fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
28af0ffb49cc20fe5af9fe8efa49d6f1

SHA1
2c17057c33382ddffea3ca589018cba04c4e49d7

SHA256
f1e26ef5d12c58d652b0b5437c355a14cd66606b2fbc00339497dd00243081e0

SHA512
9aa99e17f20a5dd485ae43ac85842bd5270ebab83a49e896975a8fa9f98ffc5f7585bef84ed46ba55f40a25e224f2640e85cebe5acb9087cf46d178ecc8029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
28af0ffb49cc20fe5af9fe8efa49d6f1

SHA1
2c17057c33382ddffea3ca589018cba04c4e49d7

SHA256
f1e26ef5d12c58d652b0b5437c355a14cd66606b2fbc00339497dd00243081e0

SHA512
9aa99e17f20a5dd485ae43ac85842bd5270ebab83a49e896975a8fa9f98ffc5f7585bef84ed46ba55f40a25e224f2640e85cebe5acb9087cf46d178ecc8029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
110KB

MD5
6cdca2fde9df198da58955397033af98

SHA1
e457c97721504d25f43b549d57e4538a62623168

SHA256
a4a758eabd1b2b45f3c4699bdfebc98f196dc691c0a3d5407e17fffffafc5df7

SHA512
7b3c384ba9993d3192ed852191ff77bdcd3421cbc69ff636c6deb8fe7248e066573b68d80a8f280ae0c1cb015f79967d46d910455d932eaeac072c76d0757e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
110KB

MD5
6cdca2fde9df198da58955397033af98

SHA1
e457c97721504d25f43b549d57e4538a62623168

SHA256
a4a758eabd1b2b45f3c4699bdfebc98f196dc691c0a3d5407e17fffffafc5df7

SHA512
7b3c384ba9993d3192ed852191ff77bdcd3421cbc69ff636c6deb8fe7248e066573b68d80a8f280ae0c1cb015f79967d46d910455d932eaeac072c76d0757e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libcrypto-1_1.dll

Filesize
3.3MB

MD5
e94733523bcd9a1fb6ac47e10a267287

SHA1
94033b405386d04c75ffe6a424b9814b75c608ac

SHA256
f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44

SHA512
07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libcrypto-1_1.dll

Filesize
3.3MB

MD5
e94733523bcd9a1fb6ac47e10a267287

SHA1
94033b405386d04c75ffe6a424b9814b75c608ac

SHA256
f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44

SHA512
07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libcrypto-1_1.dll

Filesize
3.3MB

MD5
e94733523bcd9a1fb6ac47e10a267287

SHA1
94033b405386d04c75ffe6a424b9814b75c608ac

SHA256
f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44

SHA512
07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libssl-1_1.dll

Filesize
688KB

MD5
25bde25d332383d1228b2e66a4cb9f3e

SHA1
cd5b9c3dd6aab470d445e3956708a324e93a9160

SHA256
c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13

SHA512
ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\libssl-1_1.dll

Filesize
688KB

MD5
25bde25d332383d1228b2e66a4cb9f3e

SHA1
cd5b9c3dd6aab470d445e3956708a324e93a9160

SHA256
c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13

SHA512
ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pyexpat.pyd

Filesize
194KB

MD5
9c21a5540fc572f75901820cf97245ec

SHA1
09296f032a50de7b398018f28ee8086da915aebd

SHA256
2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045

SHA512
4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pyexpat.pyd

Filesize
194KB

MD5
9c21a5540fc572f75901820cf97245ec

SHA1
09296f032a50de7b398018f28ee8086da915aebd

SHA256
2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045

SHA512
4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\SDL2.dll

Filesize
2.4MB

MD5
c7625512215f34fad03c3dae088256e2

SHA1
d6dd56a5d683358ebe84ecf50c6acd8c6a72e0fe

SHA256
b03f188230610d8865fa5150a772a5d4fad6c9d9f9eecfabc7372000f51c5630

SHA512
05a86261211749379e69d8b965f806af01647b1683c4191504af75798ea71ba9f5d6e5d5835763bcc5efd095a240485f5911dc3f5ec60542517203ca7aec738a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\SDL2.dll

Filesize
2.4MB

MD5
c7625512215f34fad03c3dae088256e2

SHA1
d6dd56a5d683358ebe84ecf50c6acd8c6a72e0fe

SHA256
b03f188230610d8865fa5150a772a5d4fad6c9d9f9eecfabc7372000f51c5630

SHA512
05a86261211749379e69d8b965f806af01647b1683c4191504af75798ea71ba9f5d6e5d5835763bcc5efd095a240485f5911dc3f5ec60542517203ca7aec738a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\base.cp311-win_amd64.pyd

Filesize
30KB

MD5
138fd37d2dedb55cad4becd19dfe1701

SHA1
67d5300a9421003fc25adde5639c20ba677c08df

SHA256
68b6df48912cab0d66ca24fae2cd88f4b0a28661bee76f6917ec6567c34906d3

SHA512
f4f780c3ac498bca935a4a27150c6e8197507bd94f905498bccfbf3a750f47232b57524c9d57f7c65d1f2771492de13a65bc1dca5fba7bc98666b9bfc06be362

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\base.cp311-win_amd64.pyd

Filesize
30KB

MD5
138fd37d2dedb55cad4becd19dfe1701

SHA1
67d5300a9421003fc25adde5639c20ba677c08df

SHA256
68b6df48912cab0d66ca24fae2cd88f4b0a28661bee76f6917ec6567c34906d3

SHA512
f4f780c3ac498bca935a4a27150c6e8197507bd94f905498bccfbf3a750f47232b57524c9d57f7c65d1f2771492de13a65bc1dca5fba7bc98666b9bfc06be362

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\bufferproxy.cp311-win_amd64.pyd

Filesize
18KB

MD5
56e1c16195cb6ef06aa5d6cbe0f5396f

SHA1
15cf001326122ade0b0a50d66e68edd780f1d09e

SHA256
842f601cfdefacf2680cdef1572e1ab2b54d72252629b0e5e23e177a9c4b4a3d

SHA512
594b3bcba13c0a011c70080bb478ad360ab49b9cce4492d23c79b5c904538efd0f83b8873495366147531926bb6a87c81c3f5e402d7b1256bda4592c46dc79ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\bufferproxy.cp311-win_amd64.pyd

Filesize
18KB

MD5
56e1c16195cb6ef06aa5d6cbe0f5396f

SHA1
15cf001326122ade0b0a50d66e68edd780f1d09e

SHA256
842f601cfdefacf2680cdef1572e1ab2b54d72252629b0e5e23e177a9c4b4a3d

SHA512
594b3bcba13c0a011c70080bb478ad360ab49b9cce4492d23c79b5c904538efd0f83b8873495366147531926bb6a87c81c3f5e402d7b1256bda4592c46dc79ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\color.cp311-win_amd64.pyd

Filesize
34KB

MD5
400254dae524e7b5cfc48e083c70cf2d

SHA1
06dd9ae3cafca7c8a0c2ff472b33ef59bb11a630

SHA256
3d0a42aa5b47a07448521c4467e7b85f4f3ecb815cb09531d8fce0fe47b31fc9

SHA512
a64ce806bcfd3f87deecebee46bc1198288eefde7213e0922773d5f5d98080e2e0f25021f0e7b8e1acdf6dd7410ae75f4dce3111af1c230917538bceae9f9f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\color.cp311-win_amd64.pyd

Filesize
34KB

MD5
400254dae524e7b5cfc48e083c70cf2d

SHA1
06dd9ae3cafca7c8a0c2ff472b33ef59bb11a630

SHA256
3d0a42aa5b47a07448521c4467e7b85f4f3ecb815cb09531d8fce0fe47b31fc9

SHA512
a64ce806bcfd3f87deecebee46bc1198288eefde7213e0922773d5f5d98080e2e0f25021f0e7b8e1acdf6dd7410ae75f4dce3111af1c230917538bceae9f9f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\constants.cp311-win_amd64.pyd

Filesize
49KB

MD5
7a74caa70749d692f65ba9a72d72f68a

SHA1
4c2d487bf7a6e10245e8b0fbb43c95563e83e2e9

SHA256
17d4d7d5e2758c41fe2cd123b83e453f6c0eb176f0e1dfbaaea28992818d1d1d

SHA512
f5a1cb1b838e36d2ab87e99317720c4a3ae42907254bf0a5c8cb88fb3d6beaa0cada1f762c1cbe9199d8abed96a0fd580e85381d5a7e749225efdc7055b872cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\constants.cp311-win_amd64.pyd

Filesize
49KB

MD5
7a74caa70749d692f65ba9a72d72f68a

SHA1
4c2d487bf7a6e10245e8b0fbb43c95563e83e2e9

SHA256
17d4d7d5e2758c41fe2cd123b83e453f6c0eb176f0e1dfbaaea28992818d1d1d

SHA512
f5a1cb1b838e36d2ab87e99317720c4a3ae42907254bf0a5c8cb88fb3d6beaa0cada1f762c1cbe9199d8abed96a0fd580e85381d5a7e749225efdc7055b872cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\display.cp311-win_amd64.pyd

Filesize
43KB

MD5
42dfb07fdec05f80161c4d8c78f0c7ee

SHA1
ca10cb102fd7052f8be7b5b64a34003d6dc1b58d

SHA256
e466678f013d80af46766daccb24f7feb3b38b8fd8d0754ddc99f8df60131123

SHA512
982edb43a382bd0b9e2b254d278559358b999326037fcc93f97cfbcb6f2d6c077e87d02151deed9374040a5a58d02788a551b251504b3b5fe7a9d2bf2ffb6135

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\display.cp311-win_amd64.pyd

Filesize
43KB

MD5
42dfb07fdec05f80161c4d8c78f0c7ee

SHA1
ca10cb102fd7052f8be7b5b64a34003d6dc1b58d

SHA256
e466678f013d80af46766daccb24f7feb3b38b8fd8d0754ddc99f8df60131123

SHA512
982edb43a382bd0b9e2b254d278559358b999326037fcc93f97cfbcb6f2d6c077e87d02151deed9374040a5a58d02788a551b251504b3b5fe7a9d2bf2ffb6135

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\draw.cp311-win_amd64.pyd

Filesize
48KB

MD5
eca64cf85d3be9e1ba2518c67fd54f52

SHA1
1ca4edf6973550d448467bf201da83059dd7fb64

SHA256
fc5be1cdd2b3a577e9fae91211e6a65c37afdb6cf554f28898338e8ba078acb7

SHA512
7b5192e56e80848a8e81cfc877f0cdd10523c496ec715deb3f0c39a0bef64be884434c14780e53fb6579e9fa2c6e33e8bb3f2c085d64d2a0ce8aa4d76beab434

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\draw.cp311-win_amd64.pyd

Filesize
48KB

MD5
eca64cf85d3be9e1ba2518c67fd54f52

SHA1
1ca4edf6973550d448467bf201da83059dd7fb64

SHA256
fc5be1cdd2b3a577e9fae91211e6a65c37afdb6cf554f28898338e8ba078acb7

SHA512
7b5192e56e80848a8e81cfc877f0cdd10523c496ec715deb3f0c39a0bef64be884434c14780e53fb6579e9fa2c6e33e8bb3f2c085d64d2a0ce8aa4d76beab434

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\event.cp311-win_amd64.pyd

Filesize
43KB

MD5
674fe500bda0369d41635df4c59922fe

SHA1
fabfa7a1d6c53daf9af04d95e665b8c9f02e0836

SHA256
4772da14fe80da602d7b133f4c57309206ee56190a609728e9fbd99d11a56ba6

SHA512
da0630c02ad729e2a31ee6ad63060b0403e1bbe947fc08f55d6af62a0547c1d64460b7cbf89dc78b43a3f6a080bb4fc6ca16e95ebef79a836ccf7b9a0ec21e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\event.cp311-win_amd64.pyd

Filesize
43KB

MD5
674fe500bda0369d41635df4c59922fe

SHA1
fabfa7a1d6c53daf9af04d95e665b8c9f02e0836

SHA256
4772da14fe80da602d7b133f4c57309206ee56190a609728e9fbd99d11a56ba6

SHA512
da0630c02ad729e2a31ee6ad63060b0403e1bbe947fc08f55d6af62a0547c1d64460b7cbf89dc78b43a3f6a080bb4fc6ca16e95ebef79a836ccf7b9a0ec21e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\image.cp311-win_amd64.pyd

Filesize
29KB

MD5
c6079cf3ce68c8585c3c7a62e40fc41f

SHA1
d4713b22b041b80d1163132bc6933c9e803e06b5

SHA256
fd2146e62b9348f72238cbac486682983097e284d0d2b1875704eb0e21f71c74

SHA512
82ef4c1dd2b1de63437aba0b74b9ce3faf844d0ee6d3325744c1f3bb8812b33979ef0301abd6b5d05e287148647b7808d825b2ed9d27e6fe05b6ee08c982ed4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\image.cp311-win_amd64.pyd

Filesize
29KB

MD5
c6079cf3ce68c8585c3c7a62e40fc41f

SHA1
d4713b22b041b80d1163132bc6933c9e803e06b5

SHA256
fd2146e62b9348f72238cbac486682983097e284d0d2b1875704eb0e21f71c74

SHA512
82ef4c1dd2b1de63437aba0b74b9ce3faf844d0ee6d3325744c1f3bb8812b33979ef0301abd6b5d05e287148647b7808d825b2ed9d27e6fe05b6ee08c982ed4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\math.cp311-win_amd64.pyd

Filesize
74KB

MD5
209299013485adfe9d13458f8e8bad5a

SHA1
17244829b177fa2cf8af8ca7d5386d9149767cd6

SHA256
9b2a7030329d33fe55a17db2cc2de0ab1777f0710c4009ebf51aa91635296576

SHA512
3b0d292ccf39b12d236df3f925602260f2d0ffedebf4faa0718d5577e00c0f85666f2ce28e145ae3932d5a8425bda14c48ae5befe051f1243364809d116f5714

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\math.cp311-win_amd64.pyd

Filesize
74KB

MD5
209299013485adfe9d13458f8e8bad5a

SHA1
17244829b177fa2cf8af8ca7d5386d9149767cd6

SHA256
9b2a7030329d33fe55a17db2cc2de0ab1777f0710c4009ebf51aa91635296576

SHA512
3b0d292ccf39b12d236df3f925602260f2d0ffedebf4faa0718d5577e00c0f85666f2ce28e145ae3932d5a8425bda14c48ae5befe051f1243364809d116f5714

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\rect.cp311-win_amd64.pyd

Filesize
44KB

MD5
529958675ca33d27d9c076e66140442d

SHA1
168f86b312c7b13d9d3914ccb151cfe7b93d7817

SHA256
a951bc8f366b15dafbca736f00aa5d847a28458b123fce243084950236947bbd

SHA512
8aabfb678b1240730c6bd6048875a58964eeb26224a60c2f59df7f62429d774b7f257c4041d30df35e0ba1f03a46ff5ed1e3624fc48dc996c7ec941db1ccabb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\rect.cp311-win_amd64.pyd

Filesize
44KB

MD5
529958675ca33d27d9c076e66140442d

SHA1
168f86b312c7b13d9d3914ccb151cfe7b93d7817

SHA256
a951bc8f366b15dafbca736f00aa5d847a28458b123fce243084950236947bbd

SHA512
8aabfb678b1240730c6bd6048875a58964eeb26224a60c2f59df7f62429d774b7f257c4041d30df35e0ba1f03a46ff5ed1e3624fc48dc996c7ec941db1ccabb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\rwobject.cp311-win_amd64.pyd

Filesize
19KB

MD5
fdc80a03ee3c210bdea9958af8303534

SHA1
2da3c645956787e82c96053a5a3a161e4e39d161

SHA256
b7f875b78c10ac3098348c702bc6abb8709c6958c9e17f0b540ff3c834b79aa1

SHA512
07b225acebe48502f9198a5475fdee472b95a127f93dd0b8e47604a01392fb3e67462f4fa9a9f1e161a2ce994ed30f25dda8123d9876e31ac12e1a944ce9942c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\rwobject.cp311-win_amd64.pyd

Filesize
19KB

MD5
fdc80a03ee3c210bdea9958af8303534

SHA1
2da3c645956787e82c96053a5a3a161e4e39d161

SHA256
b7f875b78c10ac3098348c702bc6abb8709c6958c9e17f0b540ff3c834b79aa1

SHA512
07b225acebe48502f9198a5475fdee472b95a127f93dd0b8e47604a01392fb3e67462f4fa9a9f1e161a2ce994ed30f25dda8123d9876e31ac12e1a944ce9942c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\surface.cp311-win_amd64.pyd

Filesize
234KB

MD5
bba2bd996872aa58918c82bf19d623d0

SHA1
f479a40caff0ca8a8fb670c99079a784e9b7d0cd

SHA256
c5061dd199c7c8fa8edd23c33521ee73ada44dce8a3a268c64c7df26eca04d51

SHA512
4bd8f53376d8ffa9411b702f03943facbbd11c84eebb1a4a98146625b9d75fc3ce4d5c5d0390042e8b328d9b03c7f7d9e8cacdc3b8b85ee3a93180c4b6a4c041

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\surface.cp311-win_amd64.pyd

Filesize
234KB

MD5
bba2bd996872aa58918c82bf19d623d0

SHA1
f479a40caff0ca8a8fb670c99079a784e9b7d0cd

SHA256
c5061dd199c7c8fa8edd23c33521ee73ada44dce8a3a268c64c7df26eca04d51

SHA512
4bd8f53376d8ffa9411b702f03943facbbd11c84eebb1a4a98146625b9d75fc3ce4d5c5d0390042e8b328d9b03c7f7d9e8cacdc3b8b85ee3a93180c4b6a4c041

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\surflock.cp311-win_amd64.pyd

Filesize
13KB

MD5
d6461f8add9fd49fa892819fcf014a3c

SHA1
6011e31ed3d6ff7a2975f4d33cca48bc242cefe4

SHA256
7f7edb191c906f6dd2dc2334be3884fa196cdf73ee1c51edb6a286895886296b

SHA512
305d3750122ec4193294af67ad2cc8b27281c85df01aaa7a0c0c278c7a09985773a5417fdbd07eb22f77b078e1777be4613455407de3767b73b0a5f45114fab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\pygame\surflock.cp311-win_amd64.pyd

Filesize
13KB

MD5
d6461f8add9fd49fa892819fcf014a3c

SHA1
6011e31ed3d6ff7a2975f4d33cca48bc242cefe4

SHA256
7f7edb191c906f6dd2dc2334be3884fa196cdf73ee1c51edb6a286895886296b

SHA512
305d3750122ec4193294af67ad2cc8b27281c85df01aaa7a0c0c278c7a09985773a5417fdbd07eb22f77b078e1777be4613455407de3767b73b0a5f45114fab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\select.pyd

Filesize
29KB

MD5
c97a587e19227d03a85e90a04d7937f6

SHA1
463703cf1cac4e2297b442654fc6169b70cfb9bf

SHA256
c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf

SHA512
97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\select.pyd

Filesize
29KB

MD5
c97a587e19227d03a85e90a04d7937f6

SHA1
463703cf1cac4e2297b442654fc6169b70cfb9bf

SHA256
c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf

SHA512
97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\unicodedata.pyd

Filesize
1.1MB

MD5
aa13ee6770452af73828b55af5cd1a32

SHA1
c01ece61c7623e36a834d8b3c660e7f28c91177e

SHA256
8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb

SHA512
b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44522\unicodedata.pyd

Filesize
1.1MB

MD5
aa13ee6770452af73828b55af5cd1a32

SHA1
c01ece61c7623e36a834d8b3c660e7f28c91177e

SHA256
8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb

SHA512
b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f

Download Submit
C:\Users\Admin\Downloads\image_4.png

Filesize
22KB

MD5
9606ec5c5a7aa2a9cb08169b7abbb558

SHA1
62dfd9ef3f460db8590bdb1f971539f7cb3d5b76

SHA256
bd0c32f820bbc258ed1299b74e9f57925ec3833af6a10ed9f95393439feb098f

SHA512
c650d98b3dfb9002f9937c08a8193ff9ace796ed655a4cfa70c18fed8a09d3d498b1566b4bae96a4a2efd0904918b7377aa9ff266d0599cec1bc097d0b5ab49f

Download Submit
memory/3812-152-0x0000021847680000-0x0000021847681000-memory.dmp

Filesize
4KB

Download
memory/3812-139-0x00007FF8BE410000-0x00007FF8BE461000-memory.dmp

Filesize
324KB

Download
memory/3812-136-0x0000000068B40000-0x0000000068B7C000-memory.dmp

Filesize
240KB

Download
memory/3812-425-0x00007FF8BE810000-0x00007FF8BEA7B000-memory.dmp

Filesize
2.4MB

Download
memory/3812-426-0x000000006A880000-0x000000006A8A7000-memory.dmp

Filesize
156KB

Download
memory/3812-427-0x0000000068B40000-0x0000000068B7C000-memory.dmp

Filesize
240KB

Download
memory/3812-428-0x0000000062E80000-0x0000000062EA4000-memory.dmp

Filesize
144KB

Download
memory/3812-429-0x00007FF8BE4C0000-0x00007FF8BE642000-memory.dmp

Filesize
1.5MB

Download
memory/3812-430-0x00007FF8BE410000-0x00007FF8BE461000-memory.dmp

Filesize
324KB

Download
memory/3812-138-0x00007FF8BE4C0000-0x00007FF8BE642000-memory.dmp

Filesize
1.5MB

Download
memory/3812-137-0x0000000062E80000-0x0000000062EA4000-memory.dmp

Filesize
144KB

Download
memory/3812-135-0x000000006A880000-0x000000006A8A7000-memory.dmp

Filesize
156KB

Download
memory/3812-134-0x00007FF8BE810000-0x00007FF8BEA7B000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads