d6041caeb7deed4e141de10acef283b862ec87219eebf84ab3a5e59283669f8e

Analysis

max time kernel
160s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

M$tempSpoofer.exe
Size

84.7MB
MD5

6541097814bff782bf8591a9692e7f6d
SHA1

9ca8da0b9b851517d6a001efb0540007cfa6c845
SHA256

d6041caeb7deed4e141de10acef283b862ec87219eebf84ab3a5e59283669f8e
SHA512

20420114288b1ca24538ecd7cbdfaf67bbd51a4f015469194acb3e6f4108e65e6cb01a6e9435ea16addeb22bcd4e059db922743607f87fa18b4c26f222d3d87b
SSDEEP

1572864:TUXPU1e4iamkhLDyPl4QiZeznqf3Gd6xdnj+Y/5szRd9ME7bZNRW79SRAoUQ:TUX4e4iadhLDy943sznyo6V/s917Rk9+

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp	upx
behavioral1/files/0x00070000000233b9-1285.dat	upx
behavioral1/memory/2916-1284-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp	upx
behavioral1/memory/2916-1289-0x00007FFB41F10000-0x00007FFB42500000-memory.dmp	upx
behavioral1/files/0x0007000000023312-1291.dat	upx
behavioral1/files/0x000700000002335a-1296.dat	upx
behavioral1/memory/2916-1298-0x00007FFB517A0000-0x00007FFB517C4000-memory.dmp	upx
behavioral1/files/0x0007000000023310-1299.dat	upx
behavioral1/files/0x0007000000023316-1302.dat	upx
behavioral1/memory/2916-1301-0x00007FFB51E00000-0x00007FFB51E0F000-memory.dmp	upx
behavioral1/files/0x000700000002331f-1342.dat	upx
behavioral1/files/0x000700000002331d-1340.dat	upx
behavioral1/files/0x000700000002331c-1339.dat	upx
behavioral1/files/0x000700000002331b-1338.dat	upx
behavioral1/files/0x0007000000023319-1336.dat	upx
behavioral1/files/0x0007000000023318-1335.dat	upx
behavioral1/files/0x0007000000023317-1334.dat	upx
behavioral1/files/0x0007000000023315-1333.dat	upx
behavioral1/files/0x0007000000023314-1332.dat	upx
behavioral1/files/0x0007000000023313-1331.dat	upx
behavioral1/files/0x0007000000023311-1330.dat	upx
behavioral1/files/0x000700000002330f-1329.dat	upx
behavioral1/files/0x0007000000023789-1328.dat	upx
behavioral1/files/0x000700000002377e-1326.dat	upx
behavioral1/files/0x0007000000023722-1325.dat	upx
behavioral1/files/0x00070000000233bf-1324.dat	upx
behavioral1/files/0x00070000000233be-1323.dat	upx
behavioral1/files/0x00070000000233bd-1322.dat	upx
behavioral1/files/0x000700000002330c-1321.dat	upx
behavioral1/files/0x000700000002331a-1337.dat	upx
behavioral1/files/0x000700000002330b-1320.dat	upx
behavioral1/files/0x000700000002330a-1319.dat	upx
behavioral1/files/0x0008000000023148-1318.dat	upx
behavioral1/files/0x000700000002338e-1317.dat	upx
behavioral1/files/0x000700000002338b-1316.dat	upx
behavioral1/files/0x0007000000023363-1315.dat	upx
behavioral1/files/0x0007000000023362-1314.dat	upx
behavioral1/files/0x0007000000023361-1313.dat	upx
behavioral1/files/0x0007000000023360-1312.dat	upx
behavioral1/files/0x000700000002335f-1311.dat	upx
behavioral1/files/0x000700000002335e-1310.dat	upx
behavioral1/files/0x000700000002335d-1309.dat	upx
behavioral1/files/0x000700000002335c-1308.dat	upx
behavioral1/files/0x000700000002335b-1307.dat	upx
behavioral1/files/0x0007000000023359-1306.dat	upx
behavioral1/files/0x0007000000023356-1305.dat	upx
behavioral1/memory/2916-1304-0x00007FFB512D0000-0x00007FFB512E9000-memory.dmp	upx
behavioral1/memory/2916-1343-0x00007FFB490D0000-0x00007FFB490FD000-memory.dmp	upx
behavioral1/memory/2916-1347-0x00007FFB51D40000-0x00007FFB51D4D000-memory.dmp	upx
behavioral1/memory/2916-1345-0x00007FFB43EB0000-0x00007FFB43EC9000-memory.dmp	upx
behavioral1/memory/2916-1351-0x00007FFB42EB0000-0x00007FFB42EE6000-memory.dmp	upx
behavioral1/memory/2916-1350-0x00007FFB51810000-0x00007FFB5181D000-memory.dmp	upx
behavioral1/memory/2916-1353-0x00007FFB42E70000-0x00007FFB42EA3000-memory.dmp	upx
behavioral1/memory/2916-1356-0x00007FFB419E0000-0x00007FFB41F09000-memory.dmp	upx
behavioral1/memory/2916-1357-0x00007FFB42BE0000-0x00007FFB42CAD000-memory.dmp	upx
behavioral1/memory/2072-1359-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp	upx
behavioral1/files/0x0007000000023290-1362.dat	upx
behavioral1/memory/2916-1363-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp	upx
behavioral1/memory/2916-1361-0x00007FFB43E90000-0x00007FFB43EA5000-memory.dmp	upx
behavioral1/memory/2916-1364-0x00007FFB43CD0000-0x00007FFB43CE2000-memory.dmp	upx
behavioral1/memory/2916-1365-0x00007FFB41740000-0x00007FFB419D3000-memory.dmp	upx
behavioral1/memory/2916-1366-0x00007FFB41F10000-0x00007FFB42500000-memory.dmp	upx
behavioral1/memory/2916-1367-0x00007FFB410F0000-0x00007FFB41731000-memory.dmp	upx
behavioral1/memory/2916-1368-0x00007FFB517A0000-0x00007FFB517C4000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
39	raw.githubusercontent.com
43	discord.com
44	discord.com
38	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
36	api.ipify.org
69	api.ipify.org
35	api.ipify.org

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{65A10F53-EB52-49EB-BF1F-2C8695F90918}	msedge.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
2916	M$tempSpoofer.exe
2916	M$tempSpoofer.exe
5528	msedge.exe
5528	msedge.exe
3156	msedge.exe
3156	msedge.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
9104	msedge.exe
9104	msedge.exe
9028	msedge.exe
9028	msedge.exe
7172	identity_helper.exe
7172	identity_helper.exe
7112	msedge.exe
7112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe
9028	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	M$tempSpoofer.exe
Token: SeIncreaseQuotaPrivilege	3776	wmic.exe
Token: SeSecurityPrivilege	3776	wmic.exe
Token: SeTakeOwnershipPrivilege	3776	wmic.exe
Token: SeLoadDriverPrivilege	3776	wmic.exe
Token: SeSystemProfilePrivilege	3776	wmic.exe
Token: SeSystemtimePrivilege	3776	wmic.exe
Token: SeProfSingleProcessPrivilege	3776	wmic.exe
Token: SeIncBasePriorityPrivilege	3776	wmic.exe
Token: SeCreatePagefilePrivilege	3776	wmic.exe
Token: SeBackupPrivilege	3776	wmic.exe
Token: SeRestorePrivilege	3776	wmic.exe
Token: SeShutdownPrivilege	3776	wmic.exe
Token: SeDebugPrivilege	3776	wmic.exe
Token: SeSystemEnvironmentPrivilege	3776	wmic.exe
Token: SeRemoteShutdownPrivilege	3776	wmic.exe
Token: SeUndockPrivilege	3776	wmic.exe
Token: SeManageVolumePrivilege	3776	wmic.exe
Token: 33	3776	wmic.exe
Token: 34	3776	wmic.exe
Token: 35	3776	wmic.exe
Token: 36	3776	wmic.exe
Token: SeIncreaseQuotaPrivilege	3776	wmic.exe
Token: SeSecurityPrivilege	3776	wmic.exe
Token: SeTakeOwnershipPrivilege	3776	wmic.exe
Token: SeLoadDriverPrivilege	3776	wmic.exe
Token: SeSystemProfilePrivilege	3776	wmic.exe
Token: SeSystemtimePrivilege	3776	wmic.exe
Token: SeProfSingleProcessPrivilege	3776	wmic.exe
Token: SeIncBasePriorityPrivilege	3776	wmic.exe
Token: SeCreatePagefilePrivilege	3776	wmic.exe
Token: SeBackupPrivilege	3776	wmic.exe
Token: SeRestorePrivilege	3776	wmic.exe
Token: SeShutdownPrivilege	3776	wmic.exe
Token: SeDebugPrivilege	3776	wmic.exe
Token: SeSystemEnvironmentPrivilege	3776	wmic.exe
Token: SeRemoteShutdownPrivilege	3776	wmic.exe
Token: SeUndockPrivilege	3776	wmic.exe
Token: SeManageVolumePrivilege	3776	wmic.exe
Token: 33	3776	wmic.exe
Token: 34	3776	wmic.exe
Token: 35	3776	wmic.exe
Token: 36	3776	wmic.exe
Token: SeIncreaseQuotaPrivilege	2572	WMIC.exe
Token: SeSecurityPrivilege	2572	WMIC.exe
Token: SeTakeOwnershipPrivilege	2572	WMIC.exe
Token: SeLoadDriverPrivilege	2572	WMIC.exe
Token: SeSystemProfilePrivilege	2572	WMIC.exe
Token: SeSystemtimePrivilege	2572	WMIC.exe
Token: SeProfSingleProcessPrivilege	2572	WMIC.exe
Token: SeIncBasePriorityPrivilege	2572	WMIC.exe
Token: SeCreatePagefilePrivilege	2572	WMIC.exe
Token: SeBackupPrivilege	2572	WMIC.exe
Token: SeRestorePrivilege	2572	WMIC.exe
Token: SeShutdownPrivilege	2572	WMIC.exe
Token: SeDebugPrivilege	2572	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2572	WMIC.exe
Token: SeRemoteShutdownPrivilege	2572	WMIC.exe
Token: SeUndockPrivilege	2572	WMIC.exe
Token: SeManageVolumePrivilege	2572	WMIC.exe
Token: 33	2572	WMIC.exe
Token: 34	2572	WMIC.exe
Token: 35	2572	WMIC.exe
Token: 36	2572	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4948	firefox.exe
4948	firefox.exe
4948	firefox.exe
4948	firefox.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4948	firefox.exe
4948	firefox.exe
4948	firefox.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe
6396	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4948	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2916	2072	M$tempSpoofer.exe	93
PID 2072 wrote to memory of 2916	2072	M$tempSpoofer.exe	93
PID 2916 wrote to memory of 3908	2916	M$tempSpoofer.exe	94
PID 2916 wrote to memory of 3908	2916	M$tempSpoofer.exe	94
PID 2916 wrote to memory of 3776	2916	M$tempSpoofer.exe	100
PID 2916 wrote to memory of 3776	2916	M$tempSpoofer.exe	100
PID 2916 wrote to memory of 3424	2916	M$tempSpoofer.exe	102
PID 2916 wrote to memory of 3424	2916	M$tempSpoofer.exe	102
PID 3424 wrote to memory of 2572	3424	cmd.exe	104
PID 3424 wrote to memory of 2572	3424	cmd.exe	104
PID 2916 wrote to memory of 1432	2916	M$tempSpoofer.exe	105
PID 2916 wrote to memory of 1432	2916	M$tempSpoofer.exe	105
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2900 wrote to memory of 4948	2900	firefox.exe	109
PID 2916 wrote to memory of 2668	2916	M$tempSpoofer.exe	110
PID 2916 wrote to memory of 2668	2916	M$tempSpoofer.exe	110
PID 2668 wrote to memory of 4748	2668	cmd.exe	112
PID 2668 wrote to memory of 4748	2668	cmd.exe	112
PID 4948 wrote to memory of 3280	4948	firefox.exe	113
PID 4948 wrote to memory of 3280	4948	firefox.exe	113
PID 2916 wrote to memory of 4776	2916	M$tempSpoofer.exe	114
PID 2916 wrote to memory of 4776	2916	M$tempSpoofer.exe	114
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116
PID 4948 wrote to memory of 2408	4948	firefox.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\M$tempSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\M$tempSpoofer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\M$tempSpoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\M$tempSpoofer.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3908
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get MUILanguages /format:list"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get MUILanguages /format:list
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2572
- - C:\Windows\System32\Wbem\wmic.exe
    wmic os get MUILanguages /format:list
    3⤵
    PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption /format:list"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption /format:list
      4⤵
      PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
    3⤵
    PID:4776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path softwarelicensingservice get OA3xOriginalProductKey
      4⤵
      PID:4572
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get name
    3⤵
    PID:5676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.0.375739928\1426473357" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0165b57f-65d3-430f-b625-dd8fbfc4567c} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 1956 1a8ff4d6f58 gpu
    3⤵
    PID:3280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.1.107260018\182150028" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5376d851-9274-4b11-9f92-a835f1fc34fe} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 2396 1a8ff3fa858 socket
    3⤵
    - Checks processor information in registry
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.2.269367500\1642149552" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 3132 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b669fa4-dd8a-4f25-84b0-89b7c6cd2050} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 3320 1a88cea2258 tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.3.2000692389\1689809834" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f384b030-b267-480b-8925-457f90b6c338} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 3580 1a88b6cdb58 tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.4.1811767109\1115064218" -childID 3 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25120403-b5ca-4101-a644-447a3fa07870} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 4064 1a88dee3458 tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.5.552043410\1925876587" -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f0a4eb8-9f18-49c7-8826-0c132d3d0953} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5156 1a88ef2f158 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.6.673125460\1601341900" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d6daa7a-64c7-46d8-ac62-c088c1a8499c} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5284 1a88f245458 tab
    3⤵
    PID:5692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.7.1899641957\1925757218" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ab9090-f63c-4e2b-b3ed-c07b61c5f3bf} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5496 1a88f246c58 tab
    3⤵
    PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb39af46f8,0x7ffb39af4708,0x7ffb39af4718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12285838280000745764,2129691226332516066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:6484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6052

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8300

C:\Windows\System32\2rnllz.exe
"C:\Windows\System32\2rnllz.exe"
1⤵
PID:8628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:9028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffb39af46f8,0x7ffb39af4708,0x7ffb39af4718
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:9096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:9108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:9156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:8000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:6916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:7136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:7112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:6760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:8448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8549720452239303028,10845688781592598842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
050e5e43397c8c9b85e9c863229d37cb

SHA1
0003f5862a9e0187442404f92bc7d6e0fbd83ec2

SHA256
77e3b1fa5dad25ec5d9f0f91bb51fde3c683484f647288c190720a971ddae5fa

SHA512
2a160d2715a1d47e657b0c0853787a24c48e720e69330c86bcc5a782f9f2fcab042f100d48866c5e79a92e93d448a161799adaea6a159316edcaa4e01fa4b258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c51d0df112b07b05ed823a0d3e259b9

SHA1
a4bfcdbd103eba333540f8b039707c1a858b1a3c

SHA256
eb76a5739bab72e894e96c1cea6be3d2d05d3edf3dcdbe5f19412d8c3299f885

SHA512
4edce1f3a5a598fe6337b2c575ddbb36b2d73d2b572342889d085d3739fd486c9852329b03a47e3e153ecfa390595945562cb4d1386a32e1465fb4d9e6ef3cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
3baf7c2e036abf00bf52d8e4a918e970

SHA1
0eb5406e14050dc41227ba74b64a38da778fe5d6

SHA256
d30dcb199ca26a9664a46c01b4eccb26f5b8682f04480d0a9d2beffab7d0a049

SHA512
c12875c0e5085f534496ca9f1f43bc4d5097f6d4d969f70ad1651bf01bdd4e9f5e27c93413ef0589c06c647c0a22d8c4b7a2ffbda2fe61bdeb84657f53a6a429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
24a16440d5b663d0d87263e812e3fd90

SHA1
0ffec5a540218892b440703dfbf04bf1252def68

SHA256
c3af8b6de514fe12fef4987e8a1a9c6294ea0ebf46d0537bf02d18595abbe799

SHA512
9845ca0adcbdf6e77a021073f5f01c6b0ecc0593d2c7e13d58b7717368d466d69f74c51934c77f21aaaf0704815fdefdf285748aa3e17441b700ba092a6df9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8cdefb97e42622cd00364e65daf0d35d

SHA1
5027ea34f682fce3a42e22425fb4b7117fe7b97e

SHA256
500c03c1e3f34cc3248d29fa3b5d2b7a20afd7fb4cd9d2902b96af8a62862359

SHA512
2f6c4c04c237b8f4bd4ee855780593665e12f87b1eafc39002e28bbbfb8391bc6c89a59834ba3f2533a55004406cee013479fa34ad7f3ae630ff026e44f962fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
94e33511166814b674ba345b4679f769

SHA1
8264bbf6e130ffefbf2d71722ae22dbab3812b0b

SHA256
4fa1d946d1b7110c0e23db86611a45be6622b25bcd0db9637bc52a3c133cf2ca

SHA512
a4be5c26eda4546e08efb5c5a16d46171f23399fbe586ee17e221d7b7c0cee538d885d3bbb0257025374ea56e354a2a9bf2bc704fcc019e7b38403c6fa49d43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60df253b5e47e72e1f748bf43dcf6fa3

SHA1
c9fbf7627b016033c0a73a079cb4a42c32cddeac

SHA256
d296afdadb12c2360b6a22cf236527c59021f0f89fd20bae7f0485a5371b89fe

SHA512
37814f7cc95b3c86bc4eeb786efb5a718111a88e091bc1076412d2e6f8783ee37eef3a2757f67fa902dd35c02f75c6d4a360122be0d299b9ed133372509e98e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36577f838600f9f0b6eb154114a4cdd3

SHA1
602cf52a63e9b1d63f558bbca67f935b1ba3c159

SHA256
509ab86e3d6d9a63e58babf1db0a9980d0e0697ba5dff603d0ce3b40648efb35

SHA512
89c4792a6c401757c3d95c2673fe7e049de6ed36629166155cbe8bd8c694beca8fe5b4061c834f1722f5fd55d989bd2dfa1d4acb300ca46cfc591a8dd3bd7ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd29cac1978900397160bc7fed75f8e3

SHA1
4ed0b455bc26352b3f09d6900094f32c1ba10a98

SHA256
532fda978f3216ca23e62beb2cbf00069927b4a4add523bc8fdf13aabf0627f5

SHA512
8e07f63a0ae55435862e37829e6c97dbef6251ea19ff4f73d2544c704010cb26b5f59b94d74d64d1ca4d52a744764cc8819a05825217111af0f898b23d73c8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9bc93ff973939f1003aea53652301b6

SHA1
cc9c85867a20b04fb752c85cf118d644773eeb43

SHA256
aa7cfef07dc266e7cdf69f86f88d1d69201fdd61eecb611907ee78725faa277f

SHA512
5d577ecb80f1f2cb70342e5232105b9717b80cc2a1efa38c34d7301ffe8d5b0035f275adbd71a8314c48d289354cab7871c95aedfffd7615af0144a68a6d6e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80809d6bad4090def12183191378ace8

SHA1
32d1656e0cdc3aea533e39852770b474b7ca9cc9

SHA256
2f7e841f1b46ed77c30e416a1ffe1c26edabcdbac1fb6f6a594dac62c87f6420

SHA512
e343833f3365d90b4a1fd3b85bf5abac98de4fbdbf934b1094e28fe5aa9fccf43e988095d7cf4580f757909daf8c23092b3b80472a4b4e2033444dd866bc4ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc0782ce69bb0aef99d1a326de956db4

SHA1
464fc8614f36a2d6efeeaf055393d7453b862171

SHA256
74f0d330f9954290cf986eae2dac6a11ed6800ac18d20154d36afad7905430c6

SHA512
89cfc2bd48d254d567b4dac1c2f703e309c35696b8efb300179d07b6fe80e9f8f86ca001ea91b41aa9656c6c686ffc58554b3da894f92285a6e7464747dcce37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba409093dd9e7cb6a073202924fc0224

SHA1
c6f62417385fed0c843adf947142f7c70efab3ab

SHA256
a74083174d4bd7ccae1e09e208ec70f4faa0f2235eacf36cc08a9886d717837a

SHA512
c0887a2b88a09e0d131acd4153ff1c92ab8956b6c9a5ba0d6cfa17137f50f522906f544c8c5df9365d5d8fd9d4ab946004ab463764050b08141e93e8a23957de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b979b53d116e4250c3b20bc6d9c19625

SHA1
d09032641f640f66045d5b7093813a120f72dabc

SHA256
2d4d8d13f73c1854d59745b15a92d429c7f9259be4bf80cd1a72a6da9132bb51

SHA512
fd8e5fee21316dc21fc9c85b7f6e2e90e50ae502ed80c1a7e61664284302a6432ad8880df9e7f636528468f67e70a30321711f7684e6c66b1dd475e4e43abcc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594397.TMP

Filesize
873B

MD5
0da20e801446341438912b085f30ad0d

SHA1
1bb7270b74751544ad20b2882df190ef7b00b04d

SHA256
fde6e46a03fe6ea6e5dba78c552ea8cda4fe46aa873a308b2790a040956721f9

SHA512
bc8772d632ab73be127148983db5e112d8ea2256f1fa15dc3abb61637dd3135e041297e46f1c11a917539fb7141d52ca8e52e0a1ffb281a12ae11daa25ce0abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fda1f1e565f503dcb8734ec47939dfbf

SHA1
34fbd1a3e5b20f49f30361df361baea858b90a00

SHA256
0dd2fdb1d78893141df2b69429eb7622fbf41699939b5b6f674563f8ec08977b

SHA512
cc617765a6d9c1942fb877c41ea4322ddb4a43eb3cb61db6d4ee46512547aec811b4f5cb8fd1a4541acd8e5717b6598b0977be60ae00a62af6a16abf1cdf2ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4b23110a0c60883529ac77a1454bd44

SHA1
12eb77c8480b497872831eb16f3111fc67952cd4

SHA256
98dea6410a33b80684a4e272361547833fb6eb6b9223aaceb51ed29597be6ef0

SHA512
5c9c9ad3f5f638c2a8a7d3e1282b277e15264d4a46e4df6984bf2fa24a9d02a8e6bf4e73c244524c5129732d9c48cdc8ba60616bc1f3f9dbfeb5e40db731b0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7445b44d0041618cf547b4f480e24100

SHA1
a689df792a818ee68561590711b580f718ec83c5

SHA256
d5711cf61d817277a23b24309c191e67d2f43ec6be8ada750ebea0f6cc233edb

SHA512
f9b4dc395a25da430b1f26542fb150503c59c69c923b1782a1cf555af8239a4d36fefd3fd74a689315f473b906d86b210dc198d9845e32d9eb7ecff6bca93523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11654f35fd8f95092cedd4e888e064dc

SHA1
bcc17ad60c01a5d342f403ce6eb8845e6508bbd1

SHA256
7b264f0fadc192a6f75b07aaf02c77f68f60bd062f5020ad21732d162d99bc59

SHA512
d63cb2d4aced8a1ed11cad3feda4fd603db554bbb3dd446b72244444ef3f76f4d6bee7c482d7bae4c78ec3ab5dad763e6f90391a7ef6973d3fa8efed6c0671a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7b506015d05027dc73059ad8c06421a0

SHA1
5851129a30f37ed7a4f63a1b066a1ac13657e5d2

SHA256
6cd222759dcc744f493e62bc42ca0dbc2ca54efb11ff5b9eb7df3abfc1b84896

SHA512
3751813e43f89492633efcb8c8613ad327f92376f48eafd5139a9362d2418674000f4518f288021dd501c164e41e6cf189ff92c7e2351fbcefc97b32903dd292

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\PyQt5\Qt5\bin\Qt5Core.dll

Filesize
1.4MB

MD5
1f7c188406343e319306a84aed43da6f

SHA1
f0811803f11dbb6c5dee1af86d3175ff0fe8fda6

SHA256
53f83fc2c84e9d1bd0f82d5fd49f806cde94424d6eab58cc07492a9b2ac294ae

SHA512
48d74376c0d3c87229d70a781d4b788191b57293068f772c074706a92ac8eef2d489d36738f5e0b4233d5adaf489b75a722f2db33aa450b724178c3d830f9743

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\SDL2.dll

Filesize
635KB

MD5
aacc454789a522c8652717096b3b6cc4

SHA1
b08c9349abe6d8d15679cc5f77b51eeb25bcfcd8

SHA256
61f927f4ab813fccebc600ffb0870f6ebdff856914d8fc208eb86b01d6be4859

SHA512
9e04b0695c25c78e243bc1e93c0880c6d522179369b05b31843efa9b22468ecde392a898b7eaeac2ffc2c0525df07b3e2f4ca0cb0fe7d73af27a5def4f6b5f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\SDL2_image.dll

Filesize
58KB

MD5
71780d5b9aedb54b990b975aff28bbf3

SHA1
dd59dfd88255e26e9f6fc2c96972f37f175189c1

SHA256
f670f630df5dbdf0a6e19f7bbb5cb280db519a72ddef8567a1e9315591604e96

SHA512
959edf08748a00e0c2f84c352119def05b4c4da884a178cae47b6e776eefbc87534f084b5a279c4a778a99f84ea7b98c71fb259a54ca9a12ffa506c5824f48e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\SDL2_mixer.dll

Filesize
124KB

MD5
4bf8a0231b35b804cdd002ca6ec234eb

SHA1
f6e2192e02ce714612c6aaa3fe85e3c9adb6447b

SHA256
867ea749aa6b8432c69c43b9606d8e6de19e88aef3aea2faf1b0643e0c6c516f

SHA512
420c45ff39491814e56fc6b4bf4eb99bb2b31eb4d8ead4d25fd84ef00b8b17973eb3a7bf7b31a0c100b813b717fcefe4245c403ec36038158c87bf24faf46623

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\SDL2_ttf.dll

Filesize
601KB

MD5
e3913036bdb469d933c658737dd05464

SHA1
30fd6b3571472d50d4a87b4908daef1c5516afd5

SHA256
e85aa1b2a8d7624973f9f0db7ff502e615b57edf38b0af7b030ee9cb01561416

SHA512
df6837512de2e3d03a4ce00ad20f72100139e15c80ae7062d12e4b266e4b6670b30889778621ecc869fcca691a03263158f2fa57a6bcaac9b3bda952bf88b749

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_asyncio.pyd

Filesize
36KB

MD5
70ce6ac5d7aa8082ce0efcd609ca84aa

SHA1
6719c4848079ef05991702d732736d06147e1912

SHA256
100a8184048b3f2d40efcda6a11cf85d84a2bd07a467bc0509a70b787bea0f1d

SHA512
ef7f5404e85128d364f425b412c1fd373dd56a8705601cb76d2bd265d4712896e50882b721dd1a9adcb0a8f72df3c163724483cd38a1bf6ba607fdfeee1a7d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_bz2.pyd

Filesize
48KB

MD5
0eab1e9f25ecf451849e33080996aac7

SHA1
e1adc0ab9b0f46e20d18cc39e33f24ed73b0b610

SHA256
7eaf15692c091def0a9220e2ca4a5a9ed98d86c2f7ffc9664dbc8bd0cd5bce61

SHA512
6cd7027bc9905f2beb957b2c422e0d093fa91cb1301f9c4ba1347b1d39da6a9b8a2a2ca7013d35187fe25364fcca603832d71e2425eaad0e4250d6f66c0df539

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
c1cd1d53ddfe5033a341f0c2051c4357

SHA1
b205344ada67dc82d208baf2d6b9cda4a497abea

SHA256
44381ffef40a5e344ca951de08f13fb4e25096c240d965acfaa47221b9f9ef52

SHA512
d4f509cfb8fa1f044ff4b0b55c5298ead40fd635cfb5a6c7d779a66eeb5f52d3e30a5b3e61507f2891e9ef1070e0c8eea1b698b680048fbb7cb5f15f4e26d309

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_ctypes.pyd

Filesize
58KB

MD5
65baf5ee3ab0573100279845874baf33

SHA1
15482db6246d357dbff861851ce5ce3cddce792a

SHA256
58642d99e1314e4b1677b27907efd4060ed09c344babe5880aff31cbe9c4c5b8

SHA512
4f444ffa3490cd453dc9c9c4a05bc577a0c8258131bd4b70a90c600c61122c8354472f9d7f075df3ab84a6dbc828f85d2371f917362ac4f6cff6c5ef425dbf80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_decimal.pyd

Filesize
106KB

MD5
c4d4a85be540c0fc2d2e8c6acd8b2db1

SHA1
aa91c38a0edd9a30a54c7b159ea457a28a05cfc8

SHA256
8aa197703875208bce23a5c8a144aaa52ed645c5e4555c8486c479845661721d

SHA512
f9c84b19e887348c4602acac73cbf59d6a3800f06eafae1290a441df73c1286c0fec1e506b0bb296df309804a482886d26ad52dfd1cd8d9529677e3843c6297a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_elementtree.pyd

Filesize
57KB

MD5
facc4774318e017be303f95b5a87d457

SHA1
78495539b8fdf8bbf47346ed48804285cc0caaa3

SHA256
b7d957248e15c2fce886cc143aafaec259fd0fca22d3d701fc5147d64ee284c1

SHA512
2f79a0212faac41ac4d339caca2ad98a03a04f5d5ed31835c8c62b5df6f55094444187f1e8b7ce1e32339bb8cf2f2f1544075916f8f11120560b9032c31538a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_hashlib.pyd

Filesize
35KB

MD5
f2da80e5f2fb5d73e7fd0b511e7a6182

SHA1
1337d62f6e97336edcd38811ff2b9bfb7990f2bb

SHA256
8d4c23fd61175e354d21641150803ac014c87df20dbf93378ba0c95cc126beca

SHA512
dfeb76504dcce23107910b00e71a3bdcd7c48f651a07c83c6d7cd3d06e2dfd97de9a18ab676673fff5516f7f1f9a698428ab2bda5c364c85e4684d48b2ea52a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_lzma.pyd

Filesize
86KB

MD5
843aa0af36225c6b30146627af81bf15

SHA1
81233772aec563f5ce56c22ecc4c19c03b39ecb4

SHA256
8f2701769b6f5a84b1ceb9132fcc30695929bb7706a68430e0475282c2f77ecf

SHA512
5d6d2a31bd6d50c45e83d96e8d617127a70473fe02caa954634e282f714c553600b4eb0167ea1d1244a6f303bca4d7bc08bdc9fa7a942a57734129dd7ed43617

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_multiprocessing.pyd

Filesize
26KB

MD5
a42f587a792891458264922be54d2d11

SHA1
c815a0e90534c39ad73155ce8d72af965e1718f0

SHA256
defaa267063def7278589912a4b9228452d29e34654d5ae43e85b58281817320

SHA512
5b0cee3670d6e46d47f6a0a393e4efd36e34c5e54c19093d542b15bd3bf0fab73d7fc5408e3a95ca7b7fd608a75be995d009f81fdb665bacf514c045093ba1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_overlapped.pyd

Filesize
32KB

MD5
4680729c0d610d99e4d749e8269cba9d

SHA1
2e149bb779b4da9c8aa42f8a0177d52492251051

SHA256
d403c917622208d7060d1d3e137616cd3ec0631fe920c2fc4c0d3748ebff5e98

SHA512
3eea48c3313a5012e7f1d9efed0dbe8880f5fc5f2c91610cac69400bc796c8dc7116f84460cee900723dee3a53f795a8e3c47253bbfa526c59c42f7a7e842bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_queue.pyd

Filesize
25KB

MD5
ede5774fa07edfa67a3c49e3480446ee

SHA1
cb28a6e5193971fb4e9819dcc2b260eae278ca0f

SHA256
dcd2d678056a367b11cd8c677a2c3b16e93862556941e3b6133218b98873fc99

SHA512
0c87a4a20f51d0192e4604d80f0a529eec5b28d568939a26b680636c14add2cb703ac2668fd805706280e2a3f3a4de8233418b65243f9f02ab37376ed59a4c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_socket.pyd

Filesize
43KB

MD5
de11a99a4c0044181e9bc643a584fb4f

SHA1
4a9404218bde9ab39c1d7c09212d95b3907844d2

SHA256
df4ce084634aa3c5e337193262daa75a217e1f3ba57bc94fd8b1345ecb92b96e

SHA512
756ac6895ba0b10e684659eb3247e4dcd7304a8d575c4a5d2518d47b8567fd9aeaac768e2a3a870220c5161b5e65cdce14f26cccb80149c95a51403d416e6389

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_sqlite3.pyd

Filesize
56KB

MD5
413d84d76f6b70d73a20c8dcdde9bb38

SHA1
34fe4cc92c4321874ad6746b8f768ee786c1c793

SHA256
90365869159266e2e1a5c7617fe8c2d077fa6966a263372901b84f5f2d57016d

SHA512
56fa63becb2f6e3042f217cb30530864ed9916856a5084431aa1ccad26905be824739a551661c1e4f940662b94796c79018e752c032568f2a29ec5c2c29ed609

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_ssl.pyd

Filesize
65KB

MD5
f40e40da316ea3a0ffab17a87086ae39

SHA1
3f0ca1dae76b8c7112d4ce956eb258c93aa4c3f5

SHA256
906f98bdfe9c84bb681b53c56c4fc9bd36bf81a24923f9b9f28a8ede5db0c507

SHA512
22a31984afa961c85047cdd8692f4df47878cb2aac3d7332d061a540f11ec72fdd2802057d9e85bc7ac864e0f66896231e176be01b2e0a6739ea2ddc5837475a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_tkinter.pyd

Filesize
38KB

MD5
c56c51546b8e4a53a37082c892678b2a

SHA1
6f6e2c5363f0aa5b1a9a2cdc52907eeaa1d99ac0

SHA256
c55d898519d4d993c166ba781847f90870702fabaf5c4efa0c231cffcf246167

SHA512
4f3bdbd4e99d6bd57ce076d102247afb557c53a0dd0a5c9324fe81a27de354ecae9482bf7f2e9e808aa734269a6f0da8115846738cd07a33883d4cb268baa699

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_uuid.pyd

Filesize
24KB

MD5
b21b864e357ccd72f35f2814bd1e6012

SHA1
2ff0740c26137c6a81b96099c1f5209db33ac56a

SHA256
ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53

SHA512
29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_zoneinfo.pyd

Filesize
31KB

MD5
a14cc5c015f6506d2146bd4fb19f85b8

SHA1
9499dc75ac035ac2eadad0db459a146db75094ce

SHA256
7be028e504c8e5638a87986ae7c8cbd72ee3c366f77a8c64fc79f5958680e07e

SHA512
1c2e030677d16aae829e8567f3f41ab2decdf45a5edbfaf9d29a374f069dbcf1cf0fae2a9b1da110cff28a2e7d188de8b87fd40ac4838b75b342fcb939efef0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\base_library.zip

Filesize
1.4MB

MD5
6e706e4fa21d90109df6fce1b2595155

SHA1
5328dd26b361d36239facff79baca1bab426de68

SHA256
ce9b9f16ce0d9abdbac3307115d91eaf279c5152336ccbe8830151b41c802998

SHA512
c7e377e2854ad5b5c3fb23593817ad6345bf8a78d842ff2a45c3be135fad6bb27b67c5b6c01b26e7c1b1b12ea0814f4f6b6a522bbfa689b89fa50d3652799b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\freetype.dll

Filesize
292KB

MD5
82f05dbb0f1cce48f7c3983e8c214e34

SHA1
019d790608c0676ea7f02bc2eb89c949196a1249

SHA256
f9f58cb7bd727fde30c3c63638a5e701cf74e4d73fd8a0ed65da3e889fd4ebb4

SHA512
393f8cc9fb76b44cfb252a7a03ba7bcb9b01952b03f861a4b8cd3287d795ad5d1bbe1379d18b7a62547851d70c1eb8e1c5756c53a5de7da7a5c5f918ddd37a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libcrypto-3.dll

Filesize
1.6MB

MD5
e68a459f00b05b0bd7eafe3da4744aa9

SHA1
41565d2cc2daedd148eeae0c57acd385a6a74254

SHA256
3fcf6956df6f5dc92b2519062b40475b94786184388540a0353f8a0868413648

SHA512
6c4f3747af7be340a3db91e906b949684a39cafc07f42b9fcc27116f4f4bf405583fc0db3684312b277d000d8e6a566db2c43601fa2af499700319c660ef1108

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libffi-8.dll

Filesize
29KB

MD5
bb1feaa818eba7757ada3d06f5c57557

SHA1
f2de5f06dc6884166de165d34ef2b029bb0acf8b

SHA256
a7ac89b42d203ad40bad636ad610cf9f6da02128e5a20b8b4420530a35a4fb29

SHA512
95dd1f0c482b0b0190e561bc08fe58db39fd8bb879a2dec0cabd40d78773161eb76441a9b1230399e3add602685d0617c092fff8bf0ab6903b537a9382782a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libjpeg-9.dll

Filesize
108KB

MD5
41633e0912bf97cacb5651e2fd2ad506

SHA1
d9382c55247244fc38c253490e71498fcd469182

SHA256
2919f523293c03c48debe55d338f3d17002e8e185bbf9d1978d8d8f765f9502a

SHA512
2cd6fc9f5da6f925c4ae2351882c853af46cbd1fe8d99788640afbfc89054f95ec05ddbbfb51965d7141647295b3993cc6d73c94d6f63ecd15fd88748d89a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libmodplug-1.dll

Filesize
117KB

MD5
0c985da17c6c82e61ea96d20ac0eab4d

SHA1
ee703038cae84749ea0c69c95f33497cb3ab33eb

SHA256
68c95b609f4464b34f0beca377fffaa02316655ddb18e208cf92fef486d2a42a

SHA512
cb6d4d8f15540e2ea3c1588c8893e951efba125ce85af5efc2aed09d7f33873a2675e15b2746c45c6978b3d2a6b97d9bcfb437b31d54b7bad3fcbdcea408dd21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libogg-0.dll

Filesize
16KB

MD5
ab504a0ac020045ad44a8f6f5f9bc783

SHA1
19fead3f5bfd83915915516c13fc44133adcd12f

SHA256
6d0c00699e42ef9f79e2accd1fa6129dd032473cd81248e1a6c65ad3cb147a51

SHA512
9a2a3278ef8a0b53fec8549a528b22d1686206a30f5e9afc1b888a1a15de16e0a3aa497cc6873655feddf13a7b1623d13b2a4aa7e422ceed8f836974b1e7d535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libopus-0.dll

Filesize
181KB

MD5
94fd9860bede297d3c77eaa40511f549

SHA1
6d22c1e12a6cbaaaf4ec9938dec29827f2d6df33

SHA256
554707828c21a5cacfa2af347be15caeff205a9c772b7c72a0292be410f1d458

SHA512
268561cee431918cba7f0531068674c59ba7234179026ee0084e06a7d493f5f46b0d5c9029ea83ef7d97fa29772b54f2431513bba5bd9dbbe5d76bfc0ff3d91d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libopusfile-0.dll

Filesize
26KB

MD5
d669449f8a7dfdc0c7c8dddd95ea6855

SHA1
11f9cf6210ce8b4311f047a800f37feb901b402a

SHA256
5f0b18d22b566a05ccba829649314e14a59ff59055f1a6d0f1c8eb7700c8bdba

SHA512
7750cbaecbe489eb0a1649951f4b01c54341cdfe43dc3736450b466f574c30d23ba37d1c313b065a8f76e717d571134ea5befb86920b7643a363ea265ccf6954

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libpng16-16.dll

Filesize
98KB

MD5
3175d904587f59af989251a2c2fc63e2

SHA1
770688d85522c647588ba2fc004c3ef48997819b

SHA256
16a2f6da537545f45757b5fa261b90dd87ee6a0f46d0326b270514648f43a253

SHA512
2a9e426f87a75b7efacebafbfe153015dd47498ce9578b65a43ca8042299110dd89ef37c4eebfac552d9ac196e9ae9d99381aed7935d8d715c28210be84c43af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libssl-3.dll

Filesize
222KB

MD5
9b8d3341e1866178f8cecf3d5a416ac8

SHA1
8f2725b78795237568905f1a9cd763a001826e86

SHA256
85dd8c17928e78c20cf915c1985659fe99088239793f2bd46acb31a3c344c559

SHA512
815abc0517f94982fc402480bba6e0749f44150765e7f8975e4fcbfce62c4a5ff741e39e462d66b64ba3b804bd5b7190b67fff037d11bb314c7d581cfa6097a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libtiff-5.dll

Filesize
127KB

MD5
dbc84c57a4a0eac0b72d890c34eaa9e9

SHA1
bbb475ccd76b12a820a02b12e9ac4ef2662eb04d

SHA256
ccc783f4877936cd92e0a5db05209be92984cf2140ae523f084179fc16f93000

SHA512
89014963ccf7071f0f40d296239c9cf0879375d94c89d191d0f8fcfd09ed50a634ca58b11184225a1c8a738b5b946b457cf2d6da66a890eefda9b9ac78b852db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libwebp-7.dll

Filesize
192KB

MD5
8a188af3c4037da968dc8b72e62c438f

SHA1
07de31918ca8a3f5d75431acc6ffee5570b3cdb7

SHA256
f744f63142e189ef8e1693bc89ff81008263f97cfe38a94e47b31119b761c7fa

SHA512
0500c5d7cdca551d91121812db24ae2cda604f9a84dfa0b43a32870905115a9e1ca741ffcf0081f77e782257fc415bbda8a0508c9244d077f040b883654a8f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\portmidi.dll

Filesize
18KB

MD5
38f1fec9bf5e3ffdd22074ad246f3b7d

SHA1
ba6d0d842f5707c8678a9bcff4502cb0b3810eb8

SHA256
8cbfeb763ff321d7d1bc3d238bcd20f62fc7301611a4808d7daa11dfac408b4b

SHA512
566966ea6ada58dd6cf4c04f17e52db127d94b868cda160e6c953ccb0962d43f3946bcec199b37e1329ec5a502213791e6e8c8c099b512517a96ab5bef4fbf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\pyexpat.pyd

Filesize
87KB

MD5
752c757abcf9044c04854cd80386c14f

SHA1
bb4863dcab2f401d3235eb4f4ddd570be1dc9b0d

SHA256
7e7ce545ad07c2a31d57d9f112aa75157649e33b0b8d7c522081be8656cf30e8

SHA512
c03ddcb34212b9abcbf1ce069abc3209de0036fc02be533ded76192a75983f734b32719c52bf3e42293afed5141412b823cdc45eb032802ee7cb7fcd508cda65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\python3.dll

Filesize
65KB

MD5
35da4143951c5354262a28dee569b7b2

SHA1
b07cb6b28c08c012eecb9fd7d74040163cdf4e0e

SHA256
920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802

SHA512
2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\python311.dll

Filesize
1.6MB

MD5
e985f181fe3f9c104445dda9d330d3a9

SHA1
58826c6308fd2c3f86e7aa82b34abe30d84ee15e

SHA256
32839d0168dd21852463a0d8c0adb1d6848b7fd661747b03db9f0c1ff345aa31

SHA512
8e18559aeb251513c7aa53c84c7d697adcd03144e7a59d6f8f45cc1038758c74305afd379d24f268c986a27b5bc047b04b74d1f4fa9c159e2813480f71166844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\select.pyd

Filesize
25KB

MD5
eabb60e5bfa50c34fdc208dabfe0faeb

SHA1
fcbd6f29fe6f07a40274690c5baf09fa627bc52c

SHA256
8d86da96488df03c81e7b1383466a2ae865bf2042c162ef6b986d01a7cc23234

SHA512
301e50cabe9ad89874d866caeb557cbbee1cfa197c364b99e6c89167ce17d2b5dd6b6ee0fec4aa24840379ba4c9e49ed69d248b422fefaed1267805ca00cd66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\sqlite3.dll

Filesize
630KB

MD5
580403fafc967e30646b5f08b4515b00

SHA1
b1581c05597851f31d4b45c0529143339570a484

SHA256
19fb614953fa460813ae5b27933b662331a2ea8fb2342f784324a7bdaf2780ac

SHA512
3dbad41ca81f4b80db0c589124afada3f9bc93ae6161efa6b92a226b6e8b2abf583cc79dce6c6fa81808236e0b776884395b4377586ea1be6101cbfe1ce29eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\tcl86t.dll

Filesize
673KB

MD5
ee0ccbc5fcf0a48d31781e0b9bd31d78

SHA1
47089554b09ebe092ef1497aa2e4b55ac07664ff

SHA256
461585787e1171c4c2ab234e55a23d9e92d79786122b2a6359a429399250fecc

SHA512
bebb9ff3b1c7e9e5edf2baa85d6d8cef5f47453561bf1e7cc7ccfd991ca14178563c5725a54f3ba1be916a6eaccce0b3d110d35234e35a422b04181bebf04206

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\tk86t.dll

Filesize
620KB

MD5
3b6ebced3b05ae5edadc3bc084c133d7

SHA1
1614f4af5537f25b18912327fcc4fc18295a5fe9

SHA256
5bfa32d877dfa4567a7b668cb25d52c328ab33fa1fc9f51ad6d248ca77af8c9a

SHA512
07e06344acf293d8c7d325e5f240d1784d9d715f491645f47066229ed2ca6773f2173155d508cbb7ca1ae72477b0518152ca4700da244c077d1e1e46e3ab2e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\unicodedata.pyd

Filesize
295KB

MD5
6e6e1dc31955a4350612dc94c8866379

SHA1
47230a4e025b591547fe33b49aa545648798d595

SHA256
424a8c9a3a09f0e7c91806e939a24f3c475e9d68d17c7c36a308aad068cbcd24

SHA512
08bddc481817f4b96cba7f078dbbad8ce66680de58dda4ef38e6db6d797f8814e85e79aed195531de7d85ea7083da285100c0f3a597ef685004cdcb8da6f1abd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\zlib1.dll

Filesize
52KB

MD5
7ec6cb7d2b2abe92446de11d6485ebbc

SHA1
972a44c57865a3247f0d7d17c932ea25de336cdd

SHA256
5ec6e34c0e0ee5e09a87802f305531e34e3d0c7166ed751d82766a7b9fcd4176

SHA512
c09ceea5eab2e368cc9d7872985556a513bc9a31d5f289d81aa81c13b3a8c6381b8efd5a731beb80d76df4b480518334bd8641b423b99ebce43ddf01d128cf20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
579bc86b5df870b3f83195a8bbcbfe5a

SHA1
d0d129d3678e0d987fb9c391f5c4f169fb092ed5

SHA256
0b04abb519b70065f9884f24e10dcedf91c8e5ff820a1c559ce408fdf6bd55fe

SHA512
415a803c39b6d28c7a346b40cce766e0104ba5c24ff7f8a47b6db5fd679a6399c98de4511413c72f5d3aa64923d061eeda9b37aabf83d8bff8580dd2d05bd01b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ed7764227c428a0065e4f6b21bd95d4a

SHA1
2268bd36a29cde4af6a0098a1868c8ed421f5336

SHA256
9e3799bdc15cb8eacddb64ab4d0d0906d1da68be1e0f31e2f35d0e0fbf118cef

SHA512
6137f935ffd7ae2b169f5bfc1977d46a187e39de799a3f3088a54413c2d72691b30d64715687c1d54362c6587da13667d3cf0e1530ac11952fb74d92d09e915a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\3c6bbbac-2658-482c-b853-39e6a4079928

Filesize
10KB

MD5
8f37af0f465293ce15afde28ac16f5ac

SHA1
44d3da8ce3e2f1de90059a6ea1e7cb4e29ca3c4f

SHA256
a2a8b432d996dd2adc252c9fe1ad5e16ad5930e9bb19955c55e6c0785c7da628

SHA512
c718111bacf87fe23baed6ba70a31c0e194bde82259559a67215801e797fdb48f0b5d0345736963f653fae91b11ef8b5210aaab8e3a4783467f02fe07d68fab7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\ce1e4997-63a4-4027-ba7a-d722f942006c

Filesize
746B

MD5
31ddecb7883c01b87ee1b5a1e68d579c

SHA1
41f02d5960c98e8964d35f47d9a1862105de1369

SHA256
dc106fe8d3be4ceec45809f020a2b2f459761ccc472c63e4b1f84ea2bf601006

SHA512
5c1fe7c1661299a05b58a37239eb8fc0e426b14c677fb0c8c0373c82fb427aea06c166825dcebffe719a05d78041689705b7bc4d82235425ebf7e02f4857f1c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
6KB

MD5
f5f697e0a637fdc9b04d7cbe440988c9

SHA1
c0a8d51226cde7bdf0303a009f1a1a3590ec2bdf

SHA256
5b1f8a389489b47a818d626b0c4cc95d94cfbe1547d415929b72af962ff8cb2d

SHA512
0afad7bf26d8d7afaa3feb0a21480416f6e8e72ebe67c551b3f68f09173a75b8ff664ec405ea96c580bd75250a12b7620477fce097e5da60b609705c63c6520e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore.jsonlz4

Filesize
879B

MD5
665518786901623250b64d5d086f449b

SHA1
f0cabdf3a661e6602c41c7c185ef179c35adc683

SHA256
12de79897c364ec26fdb8da91be1cdb2d911157aea456d00f6a6f350fb5db49a

SHA512
320b7c35fcbc127f2f07fcb8d6b8af6a07968850243a1ff9e28af660706cf5aaeeb3d72555a83793580453459a8a93877e734f72cf9d6372ceec87624f61577b

Download Submit
memory/2072-0-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp

Filesize
424KB

Download
memory/2072-1359-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp

Filesize
424KB

Download
memory/2916-1381-0x00007FFB40D60000-0x00007FFB40D74000-memory.dmp

Filesize
80KB

Download
memory/2916-1380-0x00007FFB40D80000-0x00007FFB40D96000-memory.dmp

Filesize
88KB

Download
memory/2916-1378-0x00007FFB40DF0000-0x00007FFB40E05000-memory.dmp

Filesize
84KB

Download
memory/2916-1382-0x00007FFB42E30000-0x00007FFB42E3E000-memory.dmp

Filesize
56KB

Download
memory/2916-1383-0x0000000068B40000-0x0000000068B81000-memory.dmp

Filesize
260KB

Download
memory/2916-1384-0x000000006A880000-0x000000006A8AB000-memory.dmp

Filesize
172KB

Download
memory/2916-1385-0x0000000062E80000-0x0000000062EA8000-memory.dmp

Filesize
160KB

Download
memory/2916-1386-0x00007FFB40D30000-0x00007FFB40D3F000-memory.dmp

Filesize
60KB

Download
memory/2916-1387-0x00007FFB40D10000-0x00007FFB40D1E000-memory.dmp

Filesize
56KB

Download
memory/2916-1389-0x00007FFB40CE0000-0x00007FFB40CF0000-memory.dmp

Filesize
64KB

Download
memory/2916-1390-0x00007FFB40CC0000-0x00007FFB40CD5000-memory.dmp

Filesize
84KB

Download
memory/2916-1388-0x00007FFB40CF0000-0x00007FFB40D06000-memory.dmp

Filesize
88KB

Download
memory/2916-1392-0x00007FFB40B00000-0x00007FFB40C86000-memory.dmp

Filesize
1.5MB

Download
memory/2916-1391-0x00007FFB40CA0000-0x00007FFB40CB7000-memory.dmp

Filesize
92KB

Download
memory/2916-1393-0x00007FFB40810000-0x00007FFB40824000-memory.dmp

Filesize
80KB

Download
memory/2916-1394-0x00007FFB40520000-0x00007FFB407FF000-memory.dmp

Filesize
2.9MB

Download
memory/2916-1395-0x00007FFB3E3A0000-0x00007FFB3E3C2000-memory.dmp

Filesize
136KB

Download
memory/2916-1397-0x00007FFB3E2D0000-0x00007FFB3E300000-memory.dmp

Filesize
192KB

Download
memory/2916-1396-0x00007FFB3E300000-0x00007FFB3E39C000-memory.dmp

Filesize
624KB

Download
memory/2916-1399-0x00007FFB3E270000-0x00007FFB3E284000-memory.dmp

Filesize
80KB

Download
memory/2916-1401-0x00007FFB3E1E0000-0x00007FFB3E1F9000-memory.dmp

Filesize
100KB

Download
memory/2916-1398-0x00007FFB3E290000-0x00007FFB3E2C3000-memory.dmp

Filesize
204KB

Download
memory/2916-1400-0x00007FFB3E200000-0x00007FFB3E21A000-memory.dmp

Filesize
104KB

Download
memory/2916-1402-0x00007FFB3E1C0000-0x00007FFB3E1DD000-memory.dmp

Filesize
116KB

Download
memory/2916-1405-0x00007FFB3DA40000-0x00007FFB3DA63000-memory.dmp

Filesize
140KB

Download
memory/2916-1407-0x00007FFB3D840000-0x00007FFB3D84B000-memory.dmp

Filesize
44KB

Download
memory/2916-1406-0x00007FFB3D8C0000-0x00007FFB3DA36000-memory.dmp

Filesize
1.5MB

Download
memory/2916-1404-0x00007FFB3E0E0000-0x00007FFB3E194000-memory.dmp

Filesize
720KB

Download
memory/2916-1403-0x00007FFB3E1A0000-0x00007FFB3E1B3000-memory.dmp

Filesize
76KB

Download
memory/2916-1408-0x00007FFB3D830000-0x00007FFB3D83B000-memory.dmp

Filesize
44KB

Download
memory/2916-1409-0x00007FFB3D820000-0x00007FFB3D82C000-memory.dmp

Filesize
48KB

Download
memory/2916-1410-0x00007FFB3D810000-0x00007FFB3D81B000-memory.dmp

Filesize
44KB

Download
memory/2916-1379-0x00007FFB40DA0000-0x00007FFB40DE4000-memory.dmp

Filesize
272KB

Download
memory/2916-1376-0x00007FFB43DE0000-0x00007FFB43DEE000-memory.dmp

Filesize
56KB

Download
memory/2916-1570-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp

Filesize
424KB

Download
memory/2916-1571-0x00007FFB41F10000-0x00007FFB42500000-memory.dmp

Filesize
5.9MB

Download
memory/2916-1582-0x00007FFB42BE0000-0x00007FFB42CAD000-memory.dmp

Filesize
820KB

Download
memory/2916-1581-0x00007FFB419E0000-0x00007FFB41F09000-memory.dmp

Filesize
5.2MB

Download
memory/2916-1580-0x00007FFB42E70000-0x00007FFB42EA3000-memory.dmp

Filesize
204KB

Download
memory/2916-1572-0x00007FFB517A0000-0x00007FFB517C4000-memory.dmp

Filesize
144KB

Download
memory/2916-1377-0x00007FFB40E10000-0x00007FFB40E2B000-memory.dmp

Filesize
108KB

Download
memory/2916-1375-0x00007FFB40E30000-0x00007FFB40E41000-memory.dmp

Filesize
68KB

Download
memory/2916-1374-0x00007FFB490C0000-0x00007FFB490CC000-memory.dmp

Filesize
48KB

Download
memory/2916-1373-0x00007FFB4B920000-0x00007FFB4B92F000-memory.dmp

Filesize
60KB

Download
memory/2916-1372-0x00007FFB43EB0000-0x00007FFB43EC9000-memory.dmp

Filesize
100KB

Download
memory/2916-1371-0x00007FFB42AF0000-0x00007FFB42B01000-memory.dmp

Filesize
68KB

Download
memory/2916-1370-0x00007FFB40E70000-0x00007FFB410E8000-memory.dmp

Filesize
2.5MB

Download
memory/2916-1369-0x00007FFB42B10000-0x00007FFB42B38000-memory.dmp

Filesize
160KB

Download
memory/2916-1368-0x00007FFB517A0000-0x00007FFB517C4000-memory.dmp

Filesize
144KB

Download
memory/2916-1367-0x00007FFB410F0000-0x00007FFB41731000-memory.dmp

Filesize
6.3MB

Download
memory/2916-1366-0x00007FFB41F10000-0x00007FFB42500000-memory.dmp

Filesize
5.9MB

Download
memory/2916-1365-0x00007FFB41740000-0x00007FFB419D3000-memory.dmp

Filesize
2.6MB

Download
memory/2916-1364-0x00007FFB43CD0000-0x00007FFB43CE2000-memory.dmp

Filesize
72KB

Download
memory/2916-1361-0x00007FFB43E90000-0x00007FFB43EA5000-memory.dmp

Filesize
84KB

Download
memory/2916-1363-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp

Filesize
424KB

Download
memory/2916-1357-0x00007FFB42BE0000-0x00007FFB42CAD000-memory.dmp

Filesize
820KB

Download
memory/2916-1356-0x00007FFB419E0000-0x00007FFB41F09000-memory.dmp

Filesize
5.2MB

Download
memory/2916-1353-0x00007FFB42E70000-0x00007FFB42EA3000-memory.dmp

Filesize
204KB

Download
memory/2916-1350-0x00007FFB51810000-0x00007FFB5181D000-memory.dmp

Filesize
52KB

Download
memory/2916-1351-0x00007FFB42EB0000-0x00007FFB42EE6000-memory.dmp

Filesize
216KB

Download
memory/2916-1345-0x00007FFB43EB0000-0x00007FFB43EC9000-memory.dmp

Filesize
100KB

Download
memory/2916-1347-0x00007FFB51D40000-0x00007FFB51D4D000-memory.dmp

Filesize
52KB

Download
memory/2916-1343-0x00007FFB490D0000-0x00007FFB490FD000-memory.dmp

Filesize
180KB

Download
memory/2916-1304-0x00007FFB512D0000-0x00007FFB512E9000-memory.dmp

Filesize
100KB

Download
memory/2916-1301-0x00007FFB51E00000-0x00007FFB51E0F000-memory.dmp

Filesize
60KB

Download
memory/2916-1298-0x00007FFB517A0000-0x00007FFB517C4000-memory.dmp

Filesize
144KB

Download
memory/2916-1289-0x00007FFB41F10000-0x00007FFB42500000-memory.dmp

Filesize
5.9MB

Download
memory/2916-1284-0x00007FF6F8C00000-0x00007FF6F8C6A000-memory.dmp

Filesize
424KB

Download