hxxps://mega[.]nz/file/lOFXRY6Y#T8f4V2EUriVgCGf5_nu3sBgaB6-Pz7Hldc72XnB7dw4

Analysis

max time kernel
113s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/lOFXRY6Y#T8f4V2EUriVgCGf5_nu3sBgaB6-Pz7Hldc72XnB7dw4

Score

9^/10

evasion pyinstaller themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MW3_UA_WOOFER.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MW3_UA_WOOFER.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MW3_UA_WOOFER.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MW3_UA_WOOFER.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MW3_UA_WOOFER.exe

Executes dropped EXE 11 IoCs

pid	Process
5452	WEB-STARS_ML.exe
5472	WEB-STARS_ML.exe
5792	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4796	WEB-STARS_ML.exe
6108	u237cgatAh2.exe
1576	MW3_UA_WOOFER.exe
5464	MW3_UA_WOOFER.exe
5320	MW3_UA_WOOFER.exe
6120	MW3_UA_WOOFER.exe

Loads dropped DLL 64 IoCs

pid	Process
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe
5288	WEB-STARS_ML.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1576-7710-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp	themida
behavioral1/memory/1576-7711-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp	themida
behavioral1/memory/1576-7712-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp	themida
behavioral1/files/0x00020000000221a0-7714.dat	themida
behavioral1/memory/5464-7716-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp	themida
behavioral1/memory/5464-7717-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp	themida
behavioral1/memory/5464-7718-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp	themida
behavioral1/memory/5320-7722-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp	themida
behavioral1/memory/5320-7723-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp	themida
behavioral1/memory/5320-7724-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp	themida
behavioral1/memory/1576-7725-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp	themida
behavioral1/memory/6120-7729-0x00007FF627150000-0x00007FF627D29000-memory.dmp	themida
behavioral1/memory/6120-7731-0x00007FF627150000-0x00007FF627D29000-memory.dmp	themida
behavioral1/memory/6120-7730-0x00007FF627150000-0x00007FF627D29000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MW3_UA_WOOFER.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MW3_UA_WOOFER.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
90	raw.githubusercontent.com
91	raw.githubusercontent.com
72	discord.com
73	discord.com
78	raw.githubusercontent.com
88	raw.githubusercontent.com
89	raw.githubusercontent.com
76	raw.githubusercontent.com
77	raw.githubusercontent.com
81	raw.githubusercontent.com
82	raw.githubusercontent.com
87	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs

pid	Process
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
1576	MW3_UA_WOOFER.exe
5464	MW3_UA_WOOFER.exe
5320	MW3_UA_WOOFER.exe
6120	MW3_UA_WOOFER.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00070000000234a6-144.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 936148.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4796	WEB-STARS_ML.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
1552	msedge.exe
1552	msedge.exe
3396	identity_helper.exe
3396	identity_helper.exe
4300	msedge.exe
4300	msedge.exe
4504	msedge.exe
4504	msedge.exe
5184	msedge.exe
5184	msedge.exe
2772	msedge.exe
2772	msedge.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe
6108	u237cgatAh2.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4796	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	3368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3368	AUDIODG.EXE
Token: SeDebugPrivilege	5288	WEB-STARS_ML.exe
Token: SeDebugPrivilege	4564	WEB-STARS_ML.exe
Token: SeDebugPrivilege	5540	taskmgr.exe
Token: SeSystemProfilePrivilege	5540	taskmgr.exe
Token: SeCreateGlobalPrivilege	5540	taskmgr.exe
Token: SeDebugPrivilege	4796	WEB-STARS_ML.exe
Token: 33	5540	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5540	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe
5540	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5288	WEB-STARS_ML.exe
4564	WEB-STARS_ML.exe
4796	WEB-STARS_ML.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 4376	1552	msedge.exe	83
PID 1552 wrote to memory of 4376	1552	msedge.exe	83
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 2640	1552	msedge.exe	84
PID 1552 wrote to memory of 4584	1552	msedge.exe	85
PID 1552 wrote to memory of 4584	1552	msedge.exe	85
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86
PID 1552 wrote to memory of 1992	1552	msedge.exe	86

cURL User-Agent 8 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	113	curl/8.4.0
HTTP User-Agent header	114	curl/8.4.0
HTTP User-Agent header	115	curl/8.4.0
HTTP User-Agent header	116	curl/8.4.0
HTTP User-Agent header	108	curl/8.4.0
HTTP User-Agent header	109	curl/8.4.0
HTTP User-Agent header	111	curl/8.4.0
HTTP User-Agent header	112	curl/8.4.0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/lOFXRY6Y#T8f4V2EUriVgCGf5_nu3sBgaB6-Pz7Hldc72XnB7dw4
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,10333746300956689698,18129621945986765127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Users\Admin\Downloads\WEB-STARS_ML.exe
  "C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
  2⤵
  - Executes dropped EXE
  PID:5472
- - C:\Users\Admin\Downloads\WEB-STARS_ML.exe
    "C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/webstars
      4⤵
      PID:632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
        5⤵
        
        PID:5896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17898254776553706823,15714888706969737342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        5⤵
        
        PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17898254776553706823,15714888706969737342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5184
- C:\Users\Admin\Downloads\WEB-STARS_ML.exe
  "C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
  2⤵
  - Executes dropped EXE
  PID:5452
- - C:\Users\Admin\Downloads\WEB-STARS_ML.exe
    "C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/webstars
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
        5⤵
        
        PID:2244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
        5⤵
        
        PID:3284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
        5⤵
        
        PID:4364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:1360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:3960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
        5⤵
        
        PID:3140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
        5⤵
        
        PID:4532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5927620923940647831,5023556954905451976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:5212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4536

C:\Users\Admin\Downloads\WEB-STARS_ML.exe
"C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
1⤵
- Executes dropped EXE
PID:5792
- C:\Users\Admin\Downloads\WEB-STARS_ML.exe
  "C:\Users\Admin\Downloads\WEB-STARS_ML.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1932
- - C:\Users\Admin\AppData\Local\Temp\_MEI57922\u237cgatAh2.exe
    C:/Users/Admin/AppData/Local/Temp/_MEI57922/u237cgatAh2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:6108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\_MEI57922\u237cgatAh2.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      PID:4684
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\_MEI57922\u237cgatAh2.exe" MD5
        5⤵
        
        PID:1184
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:5116
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:2128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c CLS
      4⤵
      PID:116
- - C:\Users\Admin\AppData\Local\Temp\_MEI57922\MW3_UA_WOOFER.exe
    C:/Users/Admin/AppData/Local/Temp/_MEI57922/MW3_UA_WOOFER.exe
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\_MEI57922\MW3_UA_WOOFER.exe
      C:/Users/Admin/AppData/Local/Temp/_MEI57922/MW3_UA_WOOFER.exe
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\_MEI57922\MW3_UA_WOOFER.exe
        
        C:/Users/Admin/AppData/Local/Temp/_MEI57922/MW3_UA_WOOFER.exe
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\_MEI57922\MW3_UA_WOOFER.exe
        
        C:/Users/Admin/AppData/Local/Temp/_MEI57922/MW3_UA_WOOFER.exe
        6⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        
        PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a110c551b09a6093d0700e4faad46fcf

SHA1
c6c8bb93945dee02b8cbb57cd69b430cfb41289b

SHA256
9e6713ce7eb9fd0dd8abf440e7b8a3c1ace63fc74630faa32554520391a89aa9

SHA512
0b7a75399edaaf9d34a313a82d5c1bbbdc66b6849a9a3ea276803e9beaa0c4a375096d9336db516eaa77af370c61c95753ba04ed3ed8e280cce5eeae9ecd7559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
bbd3dbe9b7173fd0554b6e73d094a519

SHA1
5dac26372eda8df2dddcfee4a0dc806dc89fc9f3

SHA256
fa56e315c792db53c6753b0c87baa37d1bbb9c34f43cee37ac2fbd18ea78f196

SHA512
d9428cf03fd2dbfd3cbb0487483713b4a914df15bd9f4f08069cc997cd99c2c02765ca4a33b289b9edfe9821ea51ccdcc917d9172faffe3e113871d479e5702b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
18d0dd35be5f178d0e4d50062e0594bd

SHA1
56b62afeb8f56494b1dbe7715fea6baf04301973

SHA256
74627388377cbaecb46b0c7e9d6f601eb7e5c0b931728ea9bcafe1bbebb34ca2

SHA512
ed9ff633eacdd081bb981d3e19247e2248d88e7bbe1c0f69fbd6144c51088ebbfef522c8dc630a5b0cb89f97e1e938d5e6f51e4eb0dc15460db9a70c0365b3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
e6be42954f5d689a90f3de42751a8648

SHA1
c81ae2ebcb409a5bcbfb34eb41421ab2e900d167

SHA256
b97c215ed7b7becd08d3b7b26cac63e59162a3470c5d1cc32dfd2bee84a10441

SHA512
1c4587fbb49055f3d1c9806910d62e8175353b64cf2f98227108b379c4c1a6bbbd6a60029153b7a9a45d61ef950aa7fe884c91b436dd1f7c7dcaf98922fc4af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
15KB

MD5
c7e9d37a6a00f9ce5dfe02280dc66ee1

SHA1
420cb49f7d3de1bf9cd8ba547ac8a47ffd515f89

SHA256
19745759e574cda0b033d19160bedcb9892029e7669cda13f76b8a3693b0cf82

SHA512
089596ea921961ab08247c0bcf74596b3a40709ff23b53bb106c23fd94fa6abe0d65090bcd9bd21a0f441038403c74ee1b3cb1214512a8ae8ff648ce8077b737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
dd80ad086e8554f60aaff50dc854bea3

SHA1
b630cd86cedcb9b7daf43204974fa350f4a8d5c2

SHA256
2a9d901c729050d9d596eb9ba8aa8e376bb516f76d0eef8b5ed582319d6508bc

SHA512
a569d8b36e61abbc771a4d4468ae950854f757fb08dc64b9f43c241337f164caa02658545f204a7205c2e14f25266dfcb697ffba982870628a8071fb70530c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
35a1a2ace93cddf5b61487a3eeb1e55a

SHA1
ec170111bea168678fb14ada9900ae517cc7e1c8

SHA256
9313b7d851a9209ed0686f8d1a63f10967a7c9e58e19300ec76a2a0980015524

SHA512
b83cf124fb5eafc9b33e01f7d215202bd6235bdecd661afd3581eec13b1315980e3625c80b2d1dbcde0eeec25febb8942bea0a74e05b56741f3c47295704df6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
ab662e9401ce306b33ec76c7f3fa01bf

SHA1
d414006e9dc288681bd105d4b7c0d8377abaeffe

SHA256
bd2173dfbe9e665aefa121f0238edba1d595d257e47f3b2888c2c748b9e957c6

SHA512
51df7569bde5874095962b61417791e93ae7b846356fa62637824b43db405df041f30c0001d790c965e28eba083187fdf4ac5dc0732a34a053672629e358c8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
2f6c78dade86419bd4f14670945f6201

SHA1
cddafa15fac06aead780632ed846e0a5490cb1ae

SHA256
35a6681e24027676ac030a15833738eaef03e445e4f7327c0a68e032a4f3ce43

SHA512
e635c98c897acb8d23588d657c83a62959e9b955460b45de4f38555436ecbcb10ba988883136f6765a3e7b74831d8eecc6e2f07b08d4945f674f5fbe9187ef75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
b4bfacc2d929e8aad3c696635cd05ac1

SHA1
6f35dbb5f3a713469e14aa92a3e1df6914be7119

SHA256
ebadf38b426bda3bf39d1da23608b695f34ec14126d91ff21a26110fe420263f

SHA512
1a651f904cec1f3a65566974ff04a83672700a11b8585d467a3f8ce284e3fe5feb6bf29d26454ab59c802c3278a1cd34c31b5f6aa57735d7abd81e7ad652ce47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
c3dc9ad60360e4b85ca83aab63176218

SHA1
10bd5d125452c8de588d4504fe84892e3990cc21

SHA256
9a40d9de173798a871e37a6cbdcb95dc1c4512d514c5bb22af6ec2e9a4aae475

SHA512
c3573b405081033119f3f17fef5690cb9e67204616185e5e9316f9c99c4ddd8136bc63860e75e2dc9e5aff0ce6e2c1136e30a0931c7f5269fb38ecc83a4791d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe577a31.TMP

Filesize
337B

MD5
d8ec25352b47a6f7fb8411ba400a4c07

SHA1
be37453d77003be62959f8455373e7465ef5229f

SHA256
9ce4628c04091ab7d90a3494d998c64692d0a3bfc82588c11ab4e0a2930b93fe

SHA512
41a41bc2bae756bf0c7d89bdcfb97ed7853279e0f627498ee74233ba17e5b354df86b994a6f71600c54a0303585725cce5e31bbb238f4ba6acb64f558ff63f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
603B

MD5
721cb03fd54939181c4e95ca411713b6

SHA1
afd0e6803eb8a8711dc449c24c7e3b68cd79e1ca

SHA256
72c3db267512c3da33fa1dd3ee35ae7f108a0238d0d324fb410a051f65d00565

SHA512
168f4b3f6869794435e7358226c8b66d08c628a349aa59bf8c9f363c5bde3139ff3e29d0ec805fac0236fbce79d195d7765a57eec78785a9736fe063f138d98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
2af45267beec0d905b81baba591e58e5

SHA1
d7ebfa1fb16ecc563901f0fae767b6ef7f0976fa

SHA256
7e8a74a7009899f8042b98847e1c8d967987bd2f323267b881dc8b0c0fd559ff

SHA512
614f0f2e87ee3a9b05c22d6c420daf601e9a908a7724f4325df401cc01021d1106c71867c0fc5ebe9829c48c046e681ff446e7bb94aa4b04d246cdec1ede4c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed6c147bb0018174c403e90784db771c

SHA1
5f7a53e544fa327e2e23138a94d3d534698b0127

SHA256
c72e72b2202b57ecbc4367ed4cff5bbefa76592feabbbbccb8d65c52c16570ce

SHA512
3d9adf2f044ad72d5ae620aad32de6aeac17989e8224d4e4512e67a54baf1837b36827d57c563f78a47c6e1ed962e53941383315cef04c357dc30702a3326696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
406d033d29475d7f502d7a0bcf54ea74

SHA1
850e86e69367d957b158e215b3e7aa96a3615586

SHA256
cd8ffcdd02ad81ddc070d2131bf0e1d859dd2b45449965dc2d9213a943c54da1

SHA512
ebe9df2cf836275c7a4b35d5ea27fce6d8eb4f2512237f0b06545004ad033478621f6c78def6302e0c2a5d23c6fefea3d60803ba92e8b1702ed0db3d6feb2dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fc2587f1a58041bb92529474f6ea327

SHA1
812ac0bf67de019d4a57bdb1e71bd23fafc4055d

SHA256
3bf8a900d2afb545ffe5acc6fd6b645ae7b963996fcb9806f7105dcaaa9738fb

SHA512
87b9a0ee4e97fc836b26f59c7f115915d4e282254b113e3d1d538409971979f54856202c7baedf78ac382b30eda89ffa9e7560b6d078c778caa38386d277543f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b5de7303014037fd4baec8451ff8f58

SHA1
7b30e43d1d0acf202781e10fc3a75c3bccc27aef

SHA256
e2c0dafe3656a1e9c3a4f6b141d6cf14e9eb13c259696751f8a01907b9150b18

SHA512
2d0725ee03b7096f77a010b14594594852333594f4c02b6ed01cd3af2c6e61468700bc0614e84a53b494dd503076f3f25e67ca874e8472e62bb463ec853e5475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8499b6426ff99d07f21e5ac906eb42d

SHA1
b8c14237939e0f38bd43aeda2288a5db5fd289ce

SHA256
6efbbd6c1d846fb53a8f07a6dd57e8faf8d0eb4fab39d61ee32fbee863cdae76

SHA512
fdae2bea63bfa95912daa1820d12a3d86eba4b34b4544bf12cb21a4bd168f6adf19d03182a55bfd940495c77606549f09274bc5665f429a278897d567f6c0b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
327ec94a85d17fad10cf66a339be4ecb

SHA1
70f4ec753d3e90eef346691cf487c01b509cba6b

SHA256
1f0a3c7ccbecdeecce02a70438b00950ad65e24776ce709c8e8a500f56befce9

SHA512
5fdb7d82bfa51a42826f3f6d8b79970bc50af5ea9ffddfc7c745ded1ac41dbb28f48798349b19e93aab78e17670273d8cde736b4d763edd02215d4e1fc0e4b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a1ae.TMP

Filesize
48B

MD5
54413065da0a95a0e6b6316a06910d1f

SHA1
3afd31da27260ba828241bb9ff26e3ef5d2bd888

SHA256
f497b96662517f232a0cab4cf2cd4f9613340ef164d554aec164b18a55f1b869

SHA512
068c5be804c4035e46c31506bc7ca1a3159968f2a14e33931311493672a6b32a7ba6ab7ca6f42885dfc1af6248d21da8dec5f4ad81e89d83c3e770ebb0a1174f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
a2c653a074f35f8cb3d75b65fd39bac2

SHA1
0147ab389cf2b884c67418a7e99f96b60abe9d5e

SHA256
9e6e5d4ea5f6a150e7ed8d8a57edf03a26cecaa317223c259cc6bc547529c022

SHA512
3635f0f1271c2a0700eb953062ce9743ec787a8542129a34bfa622660b125e74a6abce0b6755173fc581bed376b71c369f674529168bc20e685e53501dd74f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0f7d20d-45bf-40b4-9ae6-72a5206756c3.tmp

Filesize
5KB

MD5
b16f708c78f64f9e452b2bd2eea8fff7

SHA1
7e38661a3daab69b326305d385e9e19222053a5e

SHA256
781ef0cbf6fa46c1c735778dd7e504477001689384c0aa2b49b3b903d7840bf9

SHA512
35da9aafde00fe89a78caeb6d1058b5e594a706ac0cd86a09fc3f0b52aa88ff2c989fee95a5c6c532eaed8eb7b31caa05103466f3338a335eaa23fba7ca2fcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14380fbac5aacc7cdf11ab7311fa2dcc

SHA1
56cfca1ec45eaff9818f1d7b16a3dbcc2d9180fd

SHA256
a91a0d04658f88110c44a787fc476b687b6fe5af9a65ce304e390d6ff5ee5bb2

SHA512
791e3808edfcea14bf15b179f44e0639402b6cf7752433b7c86e38498c85e047cbc7a14d7d49aa1ff66db6fe837f8644d6e3cde4d20b9516f0bd6ce01bc90de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9abe8f16074bc903ca6ec0b0baabb59d

SHA1
06d38a26c9e7d989420ff6e51131ddd728d45156

SHA256
2b8ab84975ad2ed24e702edfab42c4d5b4ed863738564c83d58d3542ffedb2c4

SHA512
17f940adda8e0b160e31aaf04bd0e03d655b764ff6fcb64cfe06d8c88ea33813e62883d4efeebf38d3ebc232110c311d6818ef999ecdab430773ac538357c515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f9c2d7195aebbbfd07905564e43fafb

SHA1
d7d63fe2e2f706509339f690ba3f3cc627881cbe

SHA256
0f6012ae9b27b3a621dadb5dbce0f4b9a9dff43cbbc7e678997182049d78535c

SHA512
ac9415bcada17648b6b96fc5053ef033c8345015dcdcdafd2c42d79b117dfc48ae589179d0d5179080ec0f3e1f0fb20445fb63d3458ef2a8d63faf2d0d3c137e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcfa8395ee67fdfc0f356ec259f5238d

SHA1
ac07e4aef8434f6b229c1f74316485784a78c7b9

SHA256
34390c4e22c8825aa9a2df4d87071174304e2c3280b3d30c45d06cb50999c12d

SHA512
d00f15ac859de02c52f8572733c35629f25e51a16b59ac5345b553f1325b14c59265cac470075a25f0cc6807cc6cabd444b992b1d75a5c5f392888d7b89802f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
512b9948eab164d08022dfd71facabbf

SHA1
c5744892d9eea610fd8c5030859cdca1ea3481df

SHA256
b828df4a7cc97880f543b7d7c6c2e85cb118257e8b6a7c017ad387da0462dbc5

SHA512
70752bf983daca37d817b34b73f91ce34630fc2fda733bb31ac8e95dde5ab376ebbc93b1824ebea013052d57c34df0c75d9bbe6fddf00c4e0863e7b558e7dc1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\2019 AIO&FORCESAVE.exe

Filesize
10.5MB

MD5
76eb781090d248af2109d98418597e0c

SHA1
d929e7348092525adbbe90af2dc8ae747d146a6b

SHA256
0c9655191902c119d0f5f92b9107540173212e1d4cd0fe8ece63d78edee3c1b2

SHA512
eebe3b676293d1c8142909391428a499a191c8f9edd7eb9231e6966abdb9832c9fecf34fbaf1a6f40c970878a6cc90ff25e24641617624de6b322b1ea12660ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\PyQt5\Qt5\qml\QtQuick3D\Materials\maps\emissive_mask.png

Filesize
334B

MD5
882310febbcd112f6416015145fd8c6d

SHA1
e142d0ba597a2c773e6354673bbc4a760f8d963f

SHA256
03003aa01026e944b75447078f5758d0ffab854d03e9ce80780a174411073f7f

SHA512
b21d8a189123c3019b5c99c1927d9eb10293cbe9321cb54d1fe183bf57efd22f778a61e47be27afb8f54d731ce17f96a6c6452dc76c3a8596b1bf1fdd532d4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

Filesize
2KB

MD5
df7e32b0e18bd35fa8453cb1263886b9

SHA1
f4336c9380a7fbee4dfbc17c545b409364f7f8b3

SHA256
8207c603c9de51d9954302dd9df559a1df70e0a9658af62637229b5a2437eec3

SHA512
21d4e9b1d71c5ea9c7c66e5bacead5d4857ac109f7452d81c6d793f8843dd1d6f9194011e41259cdb9e3faecc04675a1433a2dfcbf0b758ff97cbd068fd95732

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\SwitchSpecifics.qml

Filesize
2KB

MD5
95806d0bfadf617cdb91b9baacab5429

SHA1
2102999ec25be88f138ea7c8fbf2a1bf4454c766

SHA256
07911dff4b3128de29fb83223a78878f9e972f35a596429861c7ea7956923b2d

SHA512
00d3b1dd1d764859249a5997ec4b2ec68fdf7c245a3ad4276a81370b2f43090f41d32de48d94307703436e661ebaf64ff96332f109b0e611b74521f28c8f8004

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\PyQt5\Qt5\translations\qt_help_en.qm

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-console-l1-1-0.dll

Filesize
13KB

MD5
71405f0ba5d7da5a5f915f33667786de

SHA1
bb5cdf9c12fe500251cf98f0970a47b78c2f8b52

SHA256
0099f17128d1551a47cbd39ce702d4acc4b49be1bb1cfe974fe5a42da01d88eb

SHA512
b2c6438541c4fa7af3f8a9606f64eeef5d77ddbc0689e7501074bb72b7cc907a8461a75089e5b70b881bc3b1be009888ff25ea866faaf1c49dd521027041295a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-datetime-l1-1-0.dll

Filesize
12KB

MD5
a17d27e01478c17b88794fd0f79782fc

SHA1
2b8393e7b37fb990be2cdc82803ca49b4cef8546

SHA256
ac227773908836d54c8fc06c4b115f3bdfc82e4d63c7f84e1f8e6e70cd066339

SHA512
ddc6dda49d588f22c934026f55914b31e53079e044dec7b4f1409668dbfe8885b887cc64a411d44f83bc670ac8a8b6d3ad030d4774ef7bf522f1d3bc00e07485

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-debug-l1-1-0.dll

Filesize
12KB

MD5
e485c1c5f33ad10eec96e2cdbddff3c7

SHA1
31f6ba9beca535f2fb7ffb755b7c5c87ac8d226c

SHA256
c734022b165b3ba6f8e28670c4190a65c66ec7ecc961811a6bdcd9c7745cac20

SHA512
599036d8fa2e916491bedb5bb49b94458a09dddd2908cf770e94bb0059730598ec5a9b0507e6a21209e2dcae4d74027313df87c9ab51fad66b1d07903bae0b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
12KB

MD5
0ffb34c0c2cdec47e063c5e0c96b9c3f

SHA1
9716643f727149b953f64b3e1eb6a9f2013eac9c

SHA256
863a07d702717cf818a842af0b4e1dfd6e723f712e49bf8c3af3589434a0ae80

SHA512
4311d582856d9c3cac2cdc6a9da2137df913bcf69041015fd272c2780f6ab850895deb69279a076376a2e6401c907cb23a3052960478a6cf4b566a20cce61bd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-file-l1-1-0.dll

Filesize
16KB

MD5
792c2b83bc4e0272785aa4f5f252ff07

SHA1
6868b82df48e2315e6235989185c8e13d039a87b

SHA256
d26d433f86223b10ccc55837c3e587fa374cd81efc24b6959435a6770addbf24

SHA512
72c99cff7fd5a762524e19abee5729dc8857f3ee3c8f78587625ec74f2ad96af7dee03aba54b441cda44b04721706bed70f3ad88453a341cbb51aac9afd9559e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-file-l1-2-0.dll

Filesize
12KB

MD5
49e3260ae3f973608f4d4701eb97eb95

SHA1
097e7d56c3514a3c7dc17a9c54a8782c6d6c0a27

SHA256
476fbad616e20312efc943927ade1a830438a6bebb1dd1f83d2370e5343ea7af

SHA512
df22cf16490faa0dc809129ca32eaf1a16ec665f9c5411503ce0153270de038e5d3be1e0e49879a67043a688f6c42bdb5a9a6b3cea43bf533eba087e999be653

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-file-l2-1-0.dll

Filesize
12KB

MD5
7f14fd0436c066a8b40e66386ceb55d0

SHA1
288c020fb12a4d8c65ed22a364b5eb8f4126a958

SHA256
c78eab8e057bddd55f998e72d8fdf5b53d9e9c8f67c8b404258e198eb2cdcf24

SHA512
d04adc52ee0ceed4131eb1d133bfe9a66cbc0f88900270b596116064480afe6ae6ca42feb0eaed54cb141987f2d7716bb2dae947a025014d05d7aa0b0821dc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-handle-l1-1-0.dll

Filesize
12KB

MD5
10f0c22c19d5bee226845cd4380b4791

SHA1
1e976a8256508452c59310ca5987db3027545f3d

SHA256
154ef0bf9b9b9daa08101e090aa9716f0fa25464c4ef5f49bc642619c7c16f0e

SHA512
3a5d3dc6448f65e1613e1a92e74f0934dd849433ceca593e7f974310cd96bf6ad6ccc3b0cb96bdb2dcc35514bc142c48cb1fd20fee0d8fa236999ad155fc518b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\api-ms-win-core-heap-l1-1-0.dll

Filesize
13KB

MD5
405038fb22cd8f725c2867c9b4345b65

SHA1
385f0eb610fce082b56a90f1b10346c37c19d485

SHA256
1c1b88d403e2cde510741a840afa445603f76e542391547e6e4cc48958c02076

SHA512
b52752ac5d907dc442ec7c318998fd54ad9ad659bde4350493fe5ca95286ecefcbbbf82d718d4bf4e813b4d20a62cd1f7ba11ee7c68c49ec39307b7746968d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\python3.dll

Filesize
65KB

MD5
0e105f62fdd1ff4157560fe38512220b

SHA1
99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c

SHA256
803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423

SHA512
59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54522\ucrtbase.dll

Filesize
994KB

MD5
8e7680a8d07c3c4159241d31caaf369c

SHA1
62fe2d4ae788ee3d19e041d81696555a6262f575

SHA256
36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

SHA512
9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54722\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54722\base_library.zip

Filesize
1.4MB

MD5
32ede00817b1d74ce945dcd1e8505ad0

SHA1
51b5390db339feeed89bffca925896aff49c63fb

SHA256
4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a

SHA512
a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\MW3_UA_WOOFER.exe

Filesize
6.1MB

MD5
440f3b905dfd499af206124d0375a00a

SHA1
c9deca63f45589c0428dcc50fb14a933a4dc13ca

SHA256
d26efbd37d69e8efeabb7f8f02468f92ee929567858c52e61449e7b75aee990c

SHA512
4eae521d741876d3a88be71e7d8d1f674a1c568979405062416b9a4a0f311d9f520ed61ee57935e8c542dd4be4a976f273bf7e2f4aba56005aaf84b49338c052

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQml\Models.2\plugins.qmltypes

Filesize
30KB

MD5
586729654c62b631e9eb5b4fa3f38b18

SHA1
b8be2787bdd76479faa19e21bc6e2339ef9e0cd0

SHA256
d1758ab33c5741f70a7ab6e1dc3de1eff858c90e1c91f45cdefb6b0bccd2b75d

SHA512
b87d400176f14516967aaa10a6fd15aba7738c20b19df37e1510bdace31bfd2dc0bf8178eee2c5b3ad3e51c94131f52e6859131e7f1117097c7cd164febfdebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick3D\Effects\designer\IdComboBox.qml

Filesize
4KB

MD5
a75d8aec7049d08e9cf5cec2b914b3aa

SHA1
e619ccb766e6e8c69ae8b3d034b94bc5aa08a994

SHA256
1bcc0cde97edfc72b8b70666a7a9d73fdfe071dbcc35dcd5c717c047cb08cdd8

SHA512
c74e7fbf65d011c6887b1f0324ebfa8fdd63a7f5f15c45f4b86ea18a032c244896e16135a9273d818a71d6da4ea889a5ce1cf044e33ab2d37616928f01ef412f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick3D\Materials\designer\AluminumBrushedMaterialSection.qml

Filesize
10KB

MD5
38c19b80aeaf4386ddd27bed4551abf5

SHA1
d3c9647a9066310f78208dba4f187c9d1048d25d

SHA256
5e4a4de40ab7ff724a795ce8a7efe00e304b44912816c075b8418c98092ea8bc

SHA512
460b0801323f81740231976b5e197e677f4941192be6ac846692f450f9d1655f78ec311d63572665611641d4152d35338c73b577e46e33dafaa4b40ba18d8dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick3D\Materials\designer\GlassMaterialSection.qml

Filesize
5KB

MD5
45377d7d623aa68d672d16d7ffda4723

SHA1
e59da9462ca7e7d86089814f534a667918b395d3

SHA256
ed6e4e27192e1509c0694763ad7c618fdf18f8e60b11111dd19adebcce2b6782

SHA512
b490be862961bfc144ec1ccb8cca634782645e0851e76604bead460231deb9458bb3ab3279cbbf714eb43067e5de47b227232368457b0674d8bd98798cd0f975

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick3D\designer\images\cube16.png

Filesize
190B

MD5
21b009349ad040ca5eb6377efe5dae4e

SHA1
c0ad0b5ffe01d8bdd1ffe30bb4699bb609a5c019

SHA256
3b33e04d7ef0ed5308f7afeda2c169fb52192bcc49f55a8aa6c6bac639dc1dbd

SHA512
a1ba7ada6021a0b27b99e4b903796c090c84126cfb2f24fae9fe542440c4904930f7b5a6c5ce945b2f63f31778020044b910a4c9fbc01d74f297fdd226eadae8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Controls.2\HorizontalHeaderView.qml

Filesize
2KB

MD5
c51a96cfe7de9ef5f7499b520aef04ee

SHA1
fd088304215ec2f081fb3b30383140fb716f0842

SHA256
c7f74755b3fc438dbdcb415930beaada79e45a540424282daecf5f538ee3489a

SHA512
80a19ab44c7232abb863575c63ff25f235e2ea49a9532fa23adacc8beebacaa3b36067e3e486b5bdb5f936bafd442c70127f7e028ead02241aa2b3cb35512be3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

Filesize
2KB

MD5
f5cd8ac746b6994ed71ff8301b42a56b

SHA1
ba037b256ee49d9fc2c30bd11ccb8a01993a38b5

SHA256
1d4f3f1d0dbb8cae0d392c2556889c9639a1a51b055e47bdaabedbd33bd4a934

SHA512
6b465228d5918fc4a1eb093a0896abfbd11a57abd2641a6f89581b063e6537f5bec2b33084f873871026526c39741a10ce11c0f52be80b35257ec86f7bd27e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\ButtonSpecifics.qml

Filesize
2KB

MD5
920c6a6b84d14e1995291b8177a1141c

SHA1
c9ab88cc4c09efbbba25b63a70479d3159a837be

SHA256
9cd02378488e8ddc891cbc1e7718be197088a628d07100ed2d676b958f57b81e

SHA512
1fc8193ca7fbbfd005a4d8169535789086460f4f2272086fe44da7c9e793f9e4b056a5f7d9bbb25bd818dc56a7fd96864f6eb8abb244e5c27644fc8d9ba04c22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\ControlSpecifics.qml

Filesize
2KB

MD5
b450eba19443a3df0571977ceaf495d8

SHA1
b35b0c22629222f33bda33156c178af505808906

SHA256
34f14e5b36de01740dc8a7c571ff8ce65bceb7fc4c26f906e10c08773b644ae6

SHA512
cd145a9fa4ecddc55f133a64fd693eadf2ce3c22af599585e9b0b350827ae9309f9345c79756da2f0ca9230b62085863924b5af4d9417dfbf5c30f124c3354dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Controls.2\designer\FrameSpecifics.qml

Filesize
2KB

MD5
c24d49381cf8b3e6098fda1c27527e56

SHA1
4c78067e28c7fc742c52461585edf9113483e5d0

SHA256
b3ba820ff86bf5ede7116543342393ab2279c2deb37c23ce3d240a1f114f16ef

SHA512
89022c8518525601024b6c63ca425fae6f0010d1a167ff7eef6b7526f6ac634c856811b43d18e0555821f1286895a44f1d7dba6fc26ab58a50e15fe1fff64308

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Dialogs\images\information.png

Filesize
254B

MD5
e63da36f919735c308f3a549ab9de849

SHA1
d2e037b8ff7d52e8fefd71334878fa68a083ba18

SHA256
84878e61f7605016611fbb49c07f1963c4823b41208162072fbcda30963301b7

SHA512
6ef916c15958e7cdeda1c6fedb314585b2c1608936763e6e85877d3e25b9f0d76bb9340bd06f6ad251a363653415eb2cd41611eb1d203d13b190492bf45e6c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\PyQt5\Qt5\qml\QtQuick\Dialogs\images\question.png

Filesize
257B

MD5
fc9c3bea26774ac81478d5a102d2309c

SHA1
475360264e44712708f262efc5ba0173fc5b2a58

SHA256
98e8dd83fac047b42fb3de69f2733b87697ca8a33f54ae12e65d2d88867ef80a

SHA512
8edee937294990f49f1ce82a5f6a6cfe33594935991a0500b895389c4f78b45ad5e9b30b10fe045294dd2b9ffbbbbf47252e8eb8c33d92f69135ecdf2ab2549b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\cryptography-41.0.5.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57922\default_Fixer.bat

Filesize
2KB

MD5
7d5e02b2bfb2dc8d9b93b958ff7820bc

SHA1
08838b5ebbfa908a4b2b558c79a514351db8a034

SHA256
7d6ddc4ed9c361aaa8f8641e44d2fe2270a17658f12dccd58b78d240139069bf

SHA512
3bdfd53ace80aedf44ad83ce22691be627af07b763874d67b21bec96c04a3e18a163dc7644439f7cf83b57db457541b3e81418fd5a2b606d650b4bb455c870ec

Download Submit
C:\Users\Admin\Documents\ΛV\WebStars Multiloader\Medias\offline_icon.png

Filesize
91KB

MD5
7add6e1e8479bcb9603802ac81bef3d3

SHA1
25a0cfbf001df648e91cd16ef7c94582ad3445bd

SHA256
4e8800a761c4bfe52d8d6b55fb0535074d6c72ba0b8f00f507efc8ce6ed17e0c

SHA512
7c15592860ee70d9361cf43d6d98b70f6a92a6b2c1b0e02b9284afe1d1994071fbe4a60350656c50ed573228f167a3bf117d5494f690c4516b6fd68ea8229abf

Download Submit
C:\Users\Admin\Documents\ΛV\WebStars Multiloader\Medias\online_icon.png

Filesize
93KB

MD5
23794ca8a5193d4f69cdd9724b5fe223

SHA1
658073967e67e463ed6d2ad0e47203e908dbfb61

SHA256
6cc9cba997897a1ef9c36acd0c74258d31b3bdf639ae38b241df941adcbc196f

SHA512
b8cdcf01bb27831c7e8d8125137c8c6db97fbb318aef6e044c40a05233f0bb479b03c21e12ad85e27768715d92c9cb9929221cada1d5a9f1976404474db173bb

Download Submit
C:\Users\Admin\Documents\ΛV\WebStars Multiloader\Medias\updating_icon.png

Filesize
94KB

MD5
62732d6b1c6ab2e743ee2223c142fcc6

SHA1
1fd630ed50de3a0f46519c3d82d687540fa54848

SHA256
50e10b4f368007462a1bdbb0d3476ea60eb344fffcd29bcb2c150e5e1b3841db

SHA512
0ed4100710d366856be0f162b28708c7da3fd864c55385121e6b44b1d52aaa7317faf410654ebf050a4d1a17fe903c87e0d3aaa46cf2bf66437446d4ba3408c7

Download Submit
memory/1576-7712-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp

Filesize
11.8MB

Download
memory/1576-7710-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp

Filesize
11.8MB

Download
memory/1576-7725-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp

Filesize
11.8MB

Download
memory/1576-7711-0x00007FF65F130000-0x00007FF65FD09000-memory.dmp

Filesize
11.8MB

Download
memory/4564-4161-0x00007FF8AF3F0000-0x00007FF8AF653000-memory.dmp

Filesize
2.4MB

Download
memory/4796-5949-0x00007FF88F420000-0x00007FF88F683000-memory.dmp

Filesize
2.4MB

Download
memory/5288-4160-0x00007FF8B5100000-0x00007FF8B5363000-memory.dmp

Filesize
2.4MB

Download
memory/5320-7724-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp

Filesize
11.8MB

Download
memory/5320-7723-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp

Filesize
11.8MB

Download
memory/5320-7722-0x00007FF7AE060000-0x00007FF7AEC39000-memory.dmp

Filesize
11.8MB

Download
memory/5464-7718-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp

Filesize
11.8MB

Download
memory/5464-7717-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp

Filesize
11.8MB

Download
memory/5464-7716-0x00007FF6FB510000-0x00007FF6FC0E9000-memory.dmp

Filesize
11.8MB

Download
memory/5540-6045-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6046-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6056-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6047-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6059-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6058-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6057-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6055-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6053-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/5540-6054-0x000002CAAAEC0000-0x000002CAAAEC1000-memory.dmp

Filesize
4KB

Download
memory/6108-7706-0x00007FF783C30000-0x00007FF784608000-memory.dmp

Filesize
9.8MB

Download
memory/6108-7705-0x00007FF8D76D0000-0x00007FF8D76D2000-memory.dmp

Filesize
8KB

Download
memory/6120-7729-0x00007FF627150000-0x00007FF627D29000-memory.dmp

Filesize
11.8MB

Download
memory/6120-7731-0x00007FF627150000-0x00007FF627D29000-memory.dmp

Filesize
11.8MB

Download
memory/6120-7730-0x00007FF627150000-0x00007FF627D29000-memory.dmp

Filesize
11.8MB

Download