hxxps://mega[.]nz/file/KU10STCS#aagewrEg-DSCcTCUiPrXu_LxWQTkXGQAAFFPtZB7yic

Analysis

max time kernel
74s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 19:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/KU10STCS#aagewrEg-DSCcTCUiPrXu_LxWQTkXGQAAFFPtZB7yic

Score

7^/10

pyinstaller spyware stealer

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5040	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe

Loads dropped DLL 49 IoCs

pid	Process
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe
2364	TTD_TRADE_SCAM_CLIENT.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001200000002326a-200.dat	pyinstaller
behavioral1/files/0x001200000002326a-1273.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5900	taskkill.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 437129.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
1112	msedge.exe
1112	msedge.exe
3360	identity_helper.exe
3360	identity_helper.exe
5184	msedge.exe
5184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	5392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5392	AUDIODG.EXE
Token: SeDebugPrivilege	5900	taskkill.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1200	1112	msedge.exe	87
PID 1112 wrote to memory of 1200	1112	msedge.exe	87
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 3388	1112	msedge.exe	89
PID 1112 wrote to memory of 4252	1112	msedge.exe	90
PID 1112 wrote to memory of 4252	1112	msedge.exe	90
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91
PID 1112 wrote to memory of 2056	1112	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/KU10STCS#aagewrEg-DSCcTCUiPrXu_LxWQTkXGQAAFFPtZB7yic
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda33846f8,0x7ffda3384708,0x7ffda3384718
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,4613697916700349776,1871796386097435286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5184
- C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe
  "C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe"
  2⤵
  - Executes dropped EXE
  PID:5040
- - C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe
    "C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2364
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:5796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c taskkill /f /im chrome.exe
      4⤵
      PID:5844
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im chrome.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:5900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
623b4a4a143858543d6d41ed4c60ec77

SHA1
33d75fec3c0ed15e589edfe4a52bf2df4e831777

SHA256
7d800f343d2fd8fde32661628834e460800d3c0f8b5c45ad9115408d6d3c62ae

SHA512
c754e0f8bc2946bc7ba6b6c8dc431ab21ab226902db87c708f3838d9f8dc4ece7d671d73eff55309feef02db7185c48c50848bb4c1f899e41ee97d6af3300b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
e08735d8d04f386ff229cfdd8a901096

SHA1
e90c5ea41031dec6fee120cc3dff12883d030394

SHA256
dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

SHA512
a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a695e108c4cdca34ef823125a9b6645

SHA1
5c21c43dde44a10275b3ae58d116dbcec9306b79

SHA256
43117cce83ddbeb8337dcc013b3b67b41cf3c4334f48fabe2d15e988d2f538fc

SHA512
b3e333e0b6bffa0865465d2c6beb02285847e30512bf01f8d839ac06d1c913ffd8f74eb332ec20365d77b9c7f08b95f57cc0060a81937adbb2f5b590100d6844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d250d899b0515f86ced718a22cc2240

SHA1
3e73ee6290ab8e2da88ab1eb6874e06ce22893e7

SHA256
0fa67c2c5c620954c492d543d0b42b591b51c2b746a0a84a8f06f868533bcda5

SHA512
be61aaaf16bbc438674c422ca3c5f7a47328332058021fd9323f366c89fa71487ba847a4a339db8463d7a8a20d544c31bd3a2c7679b6243bcba68c2c5e87fdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
636bd5d428b20cd1c70b2b8f19986337

SHA1
23229481a4c0989e9a7c7d9bddd1e99b9ea64e05

SHA256
67f40e9218dd85218e6b19889e99153d02a7f60d2b698563d1150374435d774a

SHA512
af1d40e9f94b5c5a207462d3b4a23a602f40f12d81069248155f9676bb948bc5c371086b9275236a2de3ea3dbf8e5d7e8ac1d40b1d836b7783aafaeadcad0346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
789373da73f0332ed4be01fb943930dd

SHA1
ef1fb1cbe96bb2eedc65842cec36f7eec7c0cfcc

SHA256
4dcbde3a5ee3057cd01f390e20b766b269f5f7b5eaaf97701ef97a214426f8c0

SHA512
8c800ffee4de48287e75d151eecc8bd2a4d86da0c945e6de8bc78070ed0ba41d3e3e38f2f19e0305c01635ef58707a0779fa443fc57303dbca0c6e0509dbd934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5799fe.TMP

Filesize
48B

MD5
0a918d3aff5e38b7059752a95cd9603b

SHA1
bba09420a6db3928b554c63863510a24a8c5efd4

SHA256
f92f732429006e0bc491dfb4b0893e247070e5e03bd4dde056a5e280229520b5

SHA512
4974e5e0a0b1d184b5a00175f5b34e99bc964c7339f284e81e85c31d6dc5a06d24f3e27b279e4d7a728a3729f2e8b56927e09f6ccdfcc2be88a63cc13e372af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9fd1927ed357f650a26f04ec810c5a5

SHA1
c21735a000bce1c6601f6350099ab71b6619163f

SHA256
28bdd84e7249be75df4824dc6b49028fcf0d53fc86d8d69e263b47f07514407e

SHA512
185ebead06ef343d2516be7bf638cef116d9b9fce457192d49970d5c4fb1638d027f9431aa85f2013042997b7e71de089423765c2aac044f570c2cd5052b494a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dfd3d0931d316a7e4ececf5ae0501231

SHA1
60446c236ccaa27f2503698a3612fcdbd4d915a6

SHA256
faacbd9d4efa93899fdd595d81004915a34dc70381890a0cde672998e4f1603d

SHA512
542f0d1986553c7934945341f6e575be8974183052331ece68a48ccd13953ff1f9d4615f65dbc37cffc54c77520b2d6d141fb03b894f139a6afd0d049ac4800c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
2143ddc34966bfed00c84ebfece6196f

SHA1
32781e9e0a955dee1f755374bc73444681f3f6df

SHA256
8201a29422733a3da950d5a6b6f88a9da5d70f38b91b1f4465d8ab32f1e4e35f

SHA512
20c83588e08465f038180f0116db1d136b7e355984dfb28b10046b24a54b9f96115288eddae79caf62177395945e3068b699edd71b58cb5e92e42bdc280b1415

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
092b677c774860713ff4cca8a187923d

SHA1
c7764697901a160f23b87f5bdd68d7044741185a

SHA256
af19e28aa4ca9fc8bc668bad2a669908c8729fa4f6d04f4e74ccf90b6fd3f762

SHA512
95561366ebd15da52b5201346fde183b363e6df74612f5b0af4e4affb07e785190523d5b682d3e18e14dd7479e48594bc9f2947ac561dfe6de0ba8a5ed7d7f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
5bdb143e6c89de893040a2189ed5fd0f

SHA1
8e02e332936ecc6d57f91aa2b173e4ea15149e9a

SHA256
2905d03d7eb0f43744c3f4d55f822bf87410e3a753ddaf15a3e9d75a1f966c90

SHA512
df320995eb7b2d03a0d5274f8ea511f31bfdb17af7198e4c21589f000084287b6f22ba83aedcc256dd046123295fdc3dd0d99c326153237e3b3e3c8f22436066

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
558579e5a47b188788bae6961ec15cb6

SHA1
ad06540883dfb1294cf64f60aaae9cbdd1d0bbd3

SHA256
d7a4206300cdaf487994fee81ad08e515fd4fbc48a3f4ed6cdf61695d24bc864

SHA512
38506c7b79a297e9eacad7cae0c789325768124e3b071fde4022b64ceb4e5680f875f46a0855e78893e8ae6ffc2f682632bc095cedaa93b042652d5a696a945d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
49c1b7e3c8b3d8d99e94c6225f0c767f

SHA1
000cebc9cf68a110b4cd97a73c94c2acb763f6c9

SHA256
fed6127aaf2d10ac69eaced27b1baf82451be8bd00e9e586b1c70a753c5001af

SHA512
0556c351f985f801ba926dcbf633049c404a1bd8454fd0132a16c5e271f1e25cd863623c0bd26c4673fa8c4e045f2c15be315b0d59665bbae9d7cee14d586863

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
88cd1931b26cb23b0e3e3acd6b63ce9f

SHA1
fa1a8a97374624fb77e3b179ee284cb8404e570a

SHA256
9e3519dcefc6932612ab355793a48993ee11ad995e6b394b89a9bb49a0be6fc3

SHA512
17467ea58e1ca927a0f027009ee30e592ca4bb4bb2b28a2972a84683c75deb711f72fd59e659e5ce4bd1909d0cc7b601b700d8fefb4184abd2c0dab150b8cf27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
708c2861a41de23414da002dd74539e8

SHA1
7f4ff50aec4375c9bd3dcadd5e8176579b5d7e78

SHA256
0189b1fa2f0613581a5648ef2731a77520811cf6964d4d60d73afcb43dddf03f

SHA512
a3e17eb3f57504e371b69dacacc3eed42e033e61f63ffe22e94fffb245f3b5edfd16b14421d295d208c6333f7e3402b11f496d4495c767686773e69a06d35e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
b6275391dfa7a36e7ad607ba66b9aca2

SHA1
716696198be8c2ccaafc3a51773c84184fb783e1

SHA256
9d01c6df855e8fb8ae4c07af27cbddf9dfd2c4457261622f55115ff19cfec6ba

SHA512
1a39a78e5f840ba856c00eebe83c7b616e7fd69ab8fe8a6615234aa70f30654e884e5a33d00066462919dfc6bba141c0fb2474a20b98fb60ddf853147087d961

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
b28d1e59016264d7aeac4cf809e9a0a6

SHA1
54468f099023f00eb7ef99a09b1a87fc0f6d7cf6

SHA256
e4e405c78f4bf9d15a14282c63044503fbcac17c92e5258f4bc027f625012369

SHA512
459223290e020a3c4f24765f7a92f6a3749e06686941d10b47f4bab298116491746b6b4873d86332299da5ba009358efc3d068617a0504e979b88075162cf4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
c3b228e0b491e5cf2045c9cdfc07f6dc

SHA1
44752c7e7f04661fbd6e760b02b106ec1be8b506

SHA256
bec5ffa5fe04958794c49a009447a783a4bc78b0b8861164cbe15a9bac680dda

SHA512
0634c016c492621b8f774435d7ed343f6650b653fb0f83467628ed2dfa4f2f2287361a576ce4fdc5284d051bc03ac2e4f360be3a6fd3ce086d948d07a29619eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
4daba42f26c42ca9c028d84a0cfb5c57

SHA1
79be9304491a7d92bf784b4243e4d05cc7b908f5

SHA256
5cb7624b630e7495526bfb9c4fa54856d3ba65f45928ad765ac658d5d23b2e99

SHA512
2a6472f890aa246ae8075f4086cd5882cfce931c5900edefc427dfdd96c74767910cbef5655545d2009f40bd9c4701e98349cea862f95b374d76aa3d4dfbe705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1ebac2900b4c7e34df5af9a6c69075a9

SHA1
4f8b1155f5725255601b73ddcc316c54da70c578

SHA256
67cc3eab562fd4d0d224e6da52e1d6481f79d1c0c7557456adbc86b431186ee0

SHA512
2278a6974aa9e065308d3e50b8a5a81e3e79eff947be0f3013c6ee9839681f76522207b8ed5c56f52b2994506a7ff024ec921247e884dd881ba36224b13855f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
b655f536e30709d8e30c0242e31ce6f0

SHA1
8e99a8b3b3a3cae775a4e54bc89b55a8f652b289

SHA256
c899ad0071e4d9d300212f070a684c4afc99a728f980a638327a204bc48427ed

SHA512
e07034b3bced13a12e4f5eee663052725cbd903e969bef9410377f85b958697b4dc7a2491e205bf22ec857e8c6fdb8c0fca855e3f2af83fce64f6071bab7d306

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
b881bb0358e31e480f18295940657cd6

SHA1
ec36bad62b115f62b49a341bef400b57f760c315

SHA256
d40f186b6aa0aa1017b8902ceb94b4692ccbc45eae515034af54ef2d6b17bf67

SHA512
647d20d73edafd7d9c20d385742df60fc55d03293828c7c7411b28bb8ac05448587d00526077aada8baf34b7433b8119bfae846f0a5fdc2feff51624ab94a9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
dd5a6479b460fd9df89d2962887a87b9

SHA1
b8de5406d3cf9d947a7d53234a5781b45112bdbf

SHA256
dfeb6285c0d01662b3b442c712f59b294e56ecc2168e5f46fdc4a3d10b51e9d6

SHA512
ddc465bd3fb891e5294330e54b795e4901c81be1da568425ba2002c7044eef04811a4f5fe494aa44577c8279cb6b5fc8c927fa324f8d245c38e3ecabe4c26453

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
85c65fff73e81800bf42bfce6fddbebb

SHA1
a39047ef68c9faf9364dde9fec42fde5ae7d2d48

SHA256
20dada70af647ceb68a2d23ce21fce70e2457778c463b13db2d11a172638ffb4

SHA512
fc1063c8c070f1fee9270c290ce159b924b1f3150360c9a2bc4efbfba2c91f9796d8a9905340632be634d505da6925bc9571b26759e86a12ddbfdadc899a6812

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
a31ea419418ec118b983e42abee09f65

SHA1
481a2d081a34acd7b8234aa2f70337e8188a0cef

SHA256
1881e7478bc6e5df712e85869f0a8842dae252f8e2de74fff7accff0ca667a32

SHA512
d902a99efbd90df22027d6c9054de9916751e9672f174c466986400c6a94c3b4cfc48522d2fa2665f5c22bb7c931cad0a7698934dee62f37b172131d9bb231de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
8fcee7008f86343b3c3457d18de46872

SHA1
b4a26fd572e780d29dee5cd1bb9d55d84594ff78

SHA256
72222b4a4ca744896832d9bf437d177fd0d92bc564dad4ab79e16ec51ca81187

SHA512
cf114d5ec86b28b92bff9de349b7325c2744139398ad59a9f4290cc43db03f81a172f5b029678ef464478ea6e8ad1fce61d5cf73f302043f0b40b2908b73d343

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
d774c19557320f816be704d937d94945

SHA1
2e7d5518ac8e3b6444be1ca3c36aeb6c14c7ba85

SHA256
a4f3e046387bbc3645ae982e61ab5c7b14d948c60aaf80d4c63447f7c6cb21ad

SHA512
1055f058055c5b390260761dae1f5d57027c7b0ad37964e056c99c49e937ec73610a1f6f8761e7f84879223fa60371e7d01e47fbbfe4fba0db6969d70e970eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
657975e3ea41b1324d9dcbd9e54434d7

SHA1
f083eb8f0748a9578c0ca37cb375c28fb246f1e5

SHA256
21acc6b81f1df17780829be0a9480b3596f319a30951b6b803fecdd7e4d18b4d

SHA512
657e28362ff1c8166a041031236942e7eeeffabf8020571d941e79d3292aad9311527588b41fd5a9e54a015fa93ebf92a8c0bdb74fe0c67055560f2f42a96b7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
9169cb5487d05c9fcf49380a06b45ac7

SHA1
72a1c243bd7e80685ba999b0f0e8958bfcea2940

SHA256
b512eb70a04a28f3c0e72d010f7ac106775449012223e695edea577d09e7de0e

SHA512
0473bfeebd54b13754177288320b244c2ff6811cf5953a23e724229a7f7f4c0781547b78d01cb0fced1d54f2bfc3527597ca598e9ef8466d29a6312d53243866

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
c38cebd0027d56ad02cc191b76e7710f

SHA1
a95be3bc8453bb998b5a920ba123e9eef7539c60

SHA256
6c02302542b17bb1fbcc410b40ff34dfe3775d7929c40cb6d717bdc871f1c492

SHA512
29826cc2dab3644f8fe42ced15c013f3f364cc4c9b6da9d258d7048ff15736f385dc8b3725ed4c0f5c6f572604f3bcd3c4884899c9d08b79265ebd6b039cb060

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
607290b1a7f0d6823f7f1d991a7efc01

SHA1
c9eff2ce71e8c5862daab11feb3ec4d9307c8b02

SHA256
265452c8043692f945c778c761f8a1b9d7f152c0f074053723a79698fbf9d076

SHA512
c16bdc9e64d181d286872a013a7ba9152e15f988d0a4b302a1e7a3211ddd4eafbd7e877e0fd9175beecc22a2ce3dc2ab0077860f370099a7c5a0046569d962a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
aa0e9adc80f42faf22699fb0854d0a21

SHA1
b59ab019d7522cb9e5f81f4294fc5b18cbbfae71

SHA256
4c149c16c035a2a903a32736aa0fc0276188daa9dcbcf74edad5933f33289b5c

SHA512
01624f5a82e280db940eca90a0319b6ed5b2d0847e4abd073a8eaf49d15024a49c5e18caec39138f6081b105e790a8ac14b68226c0a78ba25a4d9e83cf11741a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
26c955d0c361a32071108199c55c30d4

SHA1
104633221cd25efcb2f4edd5491b27aaffd398c8

SHA256
a1ce478f22ffdd124fae31ed61aa09d42b0b62866f0a97161b5196d6d5848a89

SHA512
e34f415ce90649d085d648ebdb382b3630471b5928296215a8116f8d7990e922224a55514808b64ec638b164065440c165c76789f0ee711bf65bcf0c62f6b66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
c7d4348c271ee6501003da8c6100c83f

SHA1
1cbcc85a1adecfb0f7b9f98577fefdbefdfef8fa

SHA256
b83ad8f5db8efc5637ef028c15b3c04024eb8f7e21c5ae81d6c17e72291fd239

SHA512
90f98a65e96a8919dde0a0bb500597ba8ad3d44cfe6ef3357e5d4582b872164e4e74c364e49e4664f2e434964065b9b8b44e12fa62e5fca37caddf608e73187a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
fb2eeb241fda3a11bb48954c2986cccd

SHA1
c09c752c0461438260016e8a4b7f3c198121c765

SHA256
8c656a21898df98a85bf666ed8d455c2d344d449aa7582dc273fb36343974cd1

SHA512
5addcb0ffe5801e352cfd38475378fdab0d497a7534f54304de25f4dfda0acbccb704a17895a9614b330b41108ca1d4c4d91871497d3a2aac04a8a5f722fa705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
497b312d1c1aa3a0b31a1c7b68b5d508

SHA1
d69282af2dfd8244793ddfdaa33a95c5c542e228

SHA256
5dbaaba9ecd6a20bba8440ff2ef1ad6758dd267bace7a925b8001de2efc4f374

SHA512
8f0b1487b224018a2f974b278b79844a7af755324dd0eabf64351d66c2c91d1296e218318828533e95f52e3eb8c0f65d7bd2dab564b1e725f782ac211b0fa93d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f68ac205b806e6c95e3052cd73f12d1d

SHA1
1eb30aafeff8482e7daff151a8c07e7328c6f16e

SHA256
c2cbc7f0ee922e3d4c46c9a1d93e8e9978c3acc36b24989238f071ebc9fce4c4

SHA512
83144531784880aaf33c20f7b8e6c56a7c7ed1ed40dea0bf045cbe7d43d3351e9ce648ae49fd3d015bbd22b0cdbda3185c581ae71e1c8bca37791fd1398d3c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
d4562befcb8d31f2a8046d5aee1eba49

SHA1
7e6e93c33e0bb5ee38b19592167ac069660c9a28

SHA256
4a8487dc7d30d6fceb518adbc56f0818fa44bb9bb25a8d6cd66ba0f718d72f02

SHA512
11286a7091d9fe281bb6165ae991fbb17d9dc5a107e10245043cf73f89d003df058be619af1ab5f8547011c28f4e07b7fec8b37c5a24ea79fcf80e14c13b1e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
b0c0132688c04e051e315d3397aa3ff7

SHA1
89d53f878aef6498457fd4cdeb9c8d8a6e1ba8ab

SHA256
da9799f5819ff0ffcc32ebb971af779f5f2be4cd45e278abd9dc39f489f24be3

SHA512
39d7a59247a1532d38b472d64d859e98513f87fb0edef64b823653f6f0b5d6c456cb8bdf481dd159d7b81caf9f3a139bccc89fbea0440c4cf8c943a761229ee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
e333f5e98a7c2e481bf10929c3ea4d49

SHA1
dc88faafde60e1282906c754e2eb44d3d2f4e0ef

SHA256
1682d3ef3559b21f74d1e275e62e117acee0c6828270dfb53bc194970714e6b4

SHA512
1b6a7b33fa3bf7a879bc0c78a589dc1736a62af38f2196903629eeb6feaeb63f698900eceadcbd5e0cd6f9acb22d9b70716eefc7ed543ca490d3dfb458905305

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\base_library.zip

Filesize
1.4MB

MD5
5011d68fbea0156fe813d00c1f7d9af2

SHA1
d76d817cac04d830707ce97b4d0d582a988e1dbd

SHA256
b9e9569931047cd6a455ec826791c2e6c249c814dc0fa71f0bd7fa7f49b8948d

SHA512
6a5affde07b5150b5aee854851f9f68c727b0f5ba83513c294d27461546a5ef67bf6c5869fc4abdadaa9bf1767ea897910c640c5494b659a29004050c9c5d099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\python311.dll

Filesize
3.5MB

MD5
4e2b72d0f51a6a4ca5ead78085516d44

SHA1
42a68b27a9c1268b71b8aba3f38ed7b8974dca41

SHA256
54aa8afa339f52a41fe41e9aed7491900c5ed860fefe9aa6bc3824a4b4df73d3

SHA512
a66689de09e1ff9976a362690f432d40a3317c51eeb897b626300ef13ddd1ba10066ef055cc4666859e8f7c8e829ee211cf0b44856507f2907e1a21b85d6ee25

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\python311.dll

Filesize
4.7MB

MD5
ff1c428e05e81a8fbff0dd413a7dad5b

SHA1
5f343e244f75782da311d40c21dcb8adb0e48ad8

SHA256
1b57fc28b600192cd203e555a9e21e4cb932f361b9a7afb66861601cd30ad27f

SHA512
4e5d8b95e1bf4deca3f1bc31b95faef7bff9c737c82a84248b1e7e330a79bfaffb2bfd01541ad91041cc022a0445730ce21396235a99865c83ce0dd274ca0061

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI50402\ucrtbase.dll

Filesize
1.1MB

MD5
07b29a42df29e2b41f241a9b9816520a

SHA1
208914e161e62ea65e7cfff63cce4986e2ff7ac8

SHA256
af845379ccf526abfcd611255049d4c560d17c37cfdb06341c47f615d106951f

SHA512
b5f6d034dd462a7ce7d2b68e71ab64aa21aa1a74b5642470d134abc3280163e47db54dfea2564f3d399adf3dbf108dcd189d5903b5cc4b44f74a540c619e8109

Download Submit
C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe

Filesize
3.9MB

MD5
77e2911f6d58da8a70c3b525e47c9482

SHA1
f06d3bb7c758436cca1d81e6dc85efff72199901

SHA256
c3e2bdd5de0df8e4f81256e65147998b2392e959e1a4717a07df483a501a37a3

SHA512
6f4fbfc2f50e79ffc9cb66709070563264bfa0e03b4d5c147958b2eeb1d6a1ebdd6d3903669094638bbebf21c95ed0fa9c0f97db63eca5e5b4d30a175ea2ba5f

Download Submit
C:\Users\Admin\Downloads\TTD_TRADE_SCAM_CLIENT.exe

Filesize
20.7MB

MD5
b6709ef840959186d7c0e02fe4c5f51e

SHA1
568466b9759939e6c7a4e9cea1309061a1dfd876

SHA256
1ddb3a19547881614e3f832f2ba23f2d8f0b18277105322734660cd41bbaa3bd

SHA512
f9656d61da31cfd0deb7663074354d103cbd1bb0a48aca7bb06a99f30eb9b3c0b18b60c9e1c9c2b0cf5ff73aea0b447fda38aa4c910f9685c2d0a4951f07bb91

Download Submit