hxxps://github[.]com/ai-aimbot/AIMr

Analysis

max time kernel
900s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ai-aimbot/AIMr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
1876	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe
3228	AIMr.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
37	camo.githubusercontent.com
38	camo.githubusercontent.com
210	raw.githubusercontent.com
218	raw.githubusercontent.com
32	camo.githubusercontent.com
33	camo.githubusercontent.com
34	camo.githubusercontent.com
36	camo.githubusercontent.com
35	camo.githubusercontent.com
209	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
101	api.ipify.org
103	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
2104	msedge.exe
2104	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
1824	msedge.exe
1824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4484	wmic.exe
Token: SeSecurityPrivilege	4484	wmic.exe
Token: SeTakeOwnershipPrivilege	4484	wmic.exe
Token: SeLoadDriverPrivilege	4484	wmic.exe
Token: SeSystemProfilePrivilege	4484	wmic.exe
Token: SeSystemtimePrivilege	4484	wmic.exe
Token: SeProfSingleProcessPrivilege	4484	wmic.exe
Token: SeIncBasePriorityPrivilege	4484	wmic.exe
Token: SeCreatePagefilePrivilege	4484	wmic.exe
Token: SeBackupPrivilege	4484	wmic.exe
Token: SeRestorePrivilege	4484	wmic.exe
Token: SeShutdownPrivilege	4484	wmic.exe
Token: SeDebugPrivilege	4484	wmic.exe
Token: SeSystemEnvironmentPrivilege	4484	wmic.exe
Token: SeRemoteShutdownPrivilege	4484	wmic.exe
Token: SeUndockPrivilege	4484	wmic.exe
Token: SeManageVolumePrivilege	4484	wmic.exe
Token: 33	4484	wmic.exe
Token: 34	4484	wmic.exe
Token: 35	4484	wmic.exe
Token: 36	4484	wmic.exe
Token: SeIncreaseQuotaPrivilege	4484	wmic.exe
Token: SeSecurityPrivilege	4484	wmic.exe
Token: SeTakeOwnershipPrivilege	4484	wmic.exe
Token: SeLoadDriverPrivilege	4484	wmic.exe
Token: SeSystemProfilePrivilege	4484	wmic.exe
Token: SeSystemtimePrivilege	4484	wmic.exe
Token: SeProfSingleProcessPrivilege	4484	wmic.exe
Token: SeIncBasePriorityPrivilege	4484	wmic.exe
Token: SeCreatePagefilePrivilege	4484	wmic.exe
Token: SeBackupPrivilege	4484	wmic.exe
Token: SeRestorePrivilege	4484	wmic.exe
Token: SeShutdownPrivilege	4484	wmic.exe
Token: SeDebugPrivilege	4484	wmic.exe
Token: SeSystemEnvironmentPrivilege	4484	wmic.exe
Token: SeRemoteShutdownPrivilege	4484	wmic.exe
Token: SeUndockPrivilege	4484	wmic.exe
Token: SeManageVolumePrivilege	4484	wmic.exe
Token: 33	4484	wmic.exe
Token: 34	4484	wmic.exe
Token: 35	4484	wmic.exe
Token: 36	4484	wmic.exe
Token: SeIncreaseQuotaPrivilege	3584	wmic.exe
Token: SeSecurityPrivilege	3584	wmic.exe
Token: SeTakeOwnershipPrivilege	3584	wmic.exe
Token: SeLoadDriverPrivilege	3584	wmic.exe
Token: SeSystemProfilePrivilege	3584	wmic.exe
Token: SeSystemtimePrivilege	3584	wmic.exe
Token: SeProfSingleProcessPrivilege	3584	wmic.exe
Token: SeIncBasePriorityPrivilege	3584	wmic.exe
Token: SeCreatePagefilePrivilege	3584	wmic.exe
Token: SeBackupPrivilege	3584	wmic.exe
Token: SeRestorePrivilege	3584	wmic.exe
Token: SeShutdownPrivilege	3584	wmic.exe
Token: SeDebugPrivilege	3584	wmic.exe
Token: SeSystemEnvironmentPrivilege	3584	wmic.exe
Token: SeRemoteShutdownPrivilege	3584	wmic.exe
Token: SeUndockPrivilege	3584	wmic.exe
Token: SeManageVolumePrivilege	3584	wmic.exe
Token: 33	3584	wmic.exe
Token: 34	3584	wmic.exe
Token: 35	3584	wmic.exe
Token: 36	3584	wmic.exe
Token: SeIncreaseQuotaPrivilege	3584	wmic.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 680	2104	msedge.exe	84
PID 2104 wrote to memory of 680	2104	msedge.exe	84
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 1560	2104	msedge.exe	85
PID 2104 wrote to memory of 3984	2104	msedge.exe	86
PID 2104 wrote to memory of 3984	2104	msedge.exe	86
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87
PID 2104 wrote to memory of 4280	2104	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ai-aimbot/AIMr
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff288546f8,0x7fff28854708,0x7fff28854718
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,6209754355582255203,3604506424167075114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe"
1⤵
PID:4412
- C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe"
  2⤵
  - Loads dropped DLL
  PID:1876
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4484

C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe"
1⤵
PID:4908
- C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_AIMr.zip\AIMr.exe"
  2⤵
  - Loads dropped DLL
  PID:3228
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
304bdec6f94cd131229b8656fc6ce93a

SHA1
4585cbb91157787d479bcea7267708d6e9e9d131

SHA256
ec2115795792770276c60e125b757f154171ab932915884130d1eed85d544a1b

SHA512
37b2c940262e531287b3bf3162e49f125c34142233c8cf079fb36934e48ad252cf1a1a4175fb7ba199d02f96254aad958112280101660d286a98608e4beaf643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
658fd06afff7a0102e70896927fe8eed

SHA1
50f5cbc4393adfb1a6460fbe1df519174240c937

SHA256
67e4d48f47dfe555d63a92be738637e88d5e14a2105e71010ed5ec73484de785

SHA512
63283a74d9cf620fac147f23288bb71ff45918cc29de96bcd91350101d530d5eb815d4eac3163c5d284247e221e037b8229a554fb866be965cda1431244cdd3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0fbe2b1ac6b302d9101e324bc99eaf9c

SHA1
82411efbe409200541a595e567939e411c21be60

SHA256
7ac3f5f564af0e10b5d8f0b6ac7d24764abea25b925c4ff1c28a98b7b3e27af4

SHA512
55a567de2da554cc7c2fb048867d1ebdfe8d8bde91732f95a39393a76c6e33ab452c49afda2777b48354fa9283bb9950a33ed7375d3d43f4b4adf4e8cc5c12cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
09bc67315f34c98d59932dbe5ae82765

SHA1
230ee8adae12aef6ea1a4efd28f442fe550bcef3

SHA256
45b92caaeab077ef538514a4543b954c452d058dae092f7ac67320832298a96b

SHA512
df6ea5365a9027d328b2b879a7d02c97841f2e93d1d7d791f94d3107e0f4aa67d1755a7233a3e370e726db68b6e8b102a04a374da23bba633261424d1e15fe24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1121c6b9111631164b1bd770a59f1ee6

SHA1
03f6a5b3f1116497263311d319458c40cf838de3

SHA256
57f3f38881d915c7cbb8c7ead0426aeb0b300ca9759edc4d9576817800d35629

SHA512
22397ee2318bf9b9d96adf1f124dc90ed95862a8e4de863154b0026e11cc483c32f8f693c699c1a45df31009d7fac03503dec578cf7cc557cfb3522f176f0adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33bdac4e27b43573ee95aa82cdfda922

SHA1
c01a2909d4a58db9a6ea6d32f01a186209fa3055

SHA256
f0d7f73469a3799c6baa832d48e2a2c1e8f7bc346a09487d327cc95bb50e3b96

SHA512
10b540a628c5ccab0c49463fc78298a6ae17a4a74818026bb8aa17439abdea57409ebdc92a0eb237ba220078d323319e7ee7b6aa5f6970dbc10c3d8d41ef4392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6d9bae83fa7c3335db798fff468b77f

SHA1
47537f737c92288d72cf173f2c38bfdebc329b98

SHA256
732703f55f4831c64eaab4861fee7b114ce049d401a8cfcbcda9d5f2292e67c9

SHA512
6cdaf85792cb419517e5d0a1741c78c36372525121d5847ef37ce7281a928d08c5940a5971d3e1b96c6199c3c56b956504642b8f7452008766198d84a88f47a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2af35ad7b5dbe5472d2255d989a85db5

SHA1
8985733b010fc7100c8c75649655ace5242f920d

SHA256
8f513a7392ba65eaf1ce8dace3a361b303691ee94343dfe6a9b584b5bf501d77

SHA512
ef2804e2ad40287bbe4dad0e45991a568c9e9498abd8e69681a42db870cdccc8d805494029ceda71e8c8d376ea7ee1edb067f1f4b7fb0ed4fd2f07815cecf10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d7f76fb79611545f1d384900d64547f1

SHA1
738de9dc5b6229b074b6f24dd1b51fa9767ef461

SHA256
4c97e0aa804e29d6d0faff774a24504b0d1fd40dbb8b2677fa006ab5da705afe

SHA512
75f0de140c36088e3507b3f87186469f9c331718f207a3c3207345caf4c3e907b8d7c87b34fe9a609c72ed24ab10c0256fe265f6099dfec45ee73b1f0b3ed61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
47c4e7688c458ec8afd4d6fff2afe777

SHA1
3d322d2859872cdf54804a8df8bda7e1087000c8

SHA256
f8fe726c8c0eb5bcf625bc19d783c7959c2f60ecc783a450f8c822c2c4792090

SHA512
f50636fe8ca6cfd8bfa8a7ee1aa75016f1fbbff3f9bce2ca6f36d27a4a47f8912b4ed68f65753c263cfc80af26913cdd44f344d9fe691461f556ccd663c537f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca07.TMP

Filesize
2KB

MD5
ad4f86f26d30d4ef1e464ca9f44dfc60

SHA1
f65e570d488e21ff81fe79897ce8df069e441c6c

SHA256
735716f46089bd28a7b78b2d6d9a1b1cbad19e36852fc286f47b79336a42533e

SHA512
479ecefe7c768f12426234780cc77fa06518891496fe8e1bc60bd7d6613aeaf6e5a55038a1e2285359bc23fdc5dfc1821fed79a33af3f9a74849fdc28ab3073a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
86c959342e781905c0c67c6a4fc83f41

SHA1
04963a81b306dac0dd2b1b8c3acebfe2a4b91b69

SHA256
18c15b2d2f942820bfe98e4509b46f28ce0cc1a834bf778cddf1901c48ef5ec0

SHA512
a5edec9cd12ff772fef7afc129bb3e7cd212505378ddb8a8e1d617dd067351d2f6a6b1138a01a6d32af5c6a4781f1a8511b755efda0fdebd2ab7ff971b1c5f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
87e2472df7b480591ff2ef9b5d62fe3d

SHA1
4e6473236de16b8834ab72b84da66fb7f98bd9c5

SHA256
3c09c513ad10bf0644fbb58e128939e35da0318f4fae70d606b5a8520a245975

SHA512
a2417167c27ebfcb0916c4844defb1ad33d0530371be2fb8486ec13868325175426c5be81b5f9b24495769d5fb2fde95071f5fa54f3966a97624ed95150f9eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1981dd7bf0069858f9022e88d260df36

SHA1
52f05f940f01c70ee0f0c5952dc60fc7b91af7e9

SHA256
ecac624dd1d69c4559d21c214ff1488960004637e4df00f5f8c0ed7961e71e5b

SHA512
b345a9df4cbdb335ef8668ff91d6f547dae1f40641a5ea1c5816a81dba7ed3aa8873632e72817c7d7eb9f9a4f2979c466c8682118d3136328e474b154ebf8c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\VCRUNTIME140.dll

Filesize
99KB

MD5
8697c106593e93c11adc34faa483c4a0

SHA1
cd080c51a97aa288ce6394d6c029c06ccb783790

SHA256
ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

SHA512
724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\_ctypes.pyd

Filesize
125KB

MD5
11399d7c6d62ed339ada949dcf41f127

SHA1
a6262f3a439b42e9c21b5ca90739fc2202398d05

SHA256
af49dbab240639e26c6186122b1e660fc33b15105d67c2523a162bee0f75a46b

SHA512
6c2cf93a87e70da90ad361ce73afe84560ed7e75766d31f9f0ede571af95074b8d01f364a0ef90d906bbda911b49b6d1a1bb230f04e86201ac630ae448b3b867

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-console-l1-1-0.dll

Filesize
18KB

MD5
e5912b05988259dad0d6d04c8a17d19b

SHA1
724f4f91041ad595e365b724a0348c83acf12bbb

SHA256
9f3608c15c5de2f577a2220ce124b530825717d778f1e3941e536a3ab691f733

SHA512
c270a622d7887f4c97232ea898f5380459c565817f0d201cdb081ee82e3002b6e6248753a68da896d3b1327f93e8e8cb0ca0dcaeef324f610e0a1c7b542c6492

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-datetime-l1-1-0.dll

Filesize
18KB

MD5
16789cc09a417d7deb590fffe4ed02dc

SHA1
4940d5b92b6b80a40371f8df073bf3eb406f5658

SHA256
3b68d7ab0641de6b3e81d209b7c0d3896e4ffa76617bbadd01eb54036cdd1b07

SHA512
19e4f086cc2137ee60316b0736b3c6b3780578896df9a826edfe004bb74bee8e051c511a84d8a7ea278a5f47c82b9c955394f629ab0bb0740ecb51293d9be7b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-debug-l1-1-0.dll

Filesize
18KB

MD5
9476affaac53e6e34405c4001f141805

SHA1
e7c8a6c29c3158f8b332eea5c33c3b1e044b5f73

SHA256
55574f9e80d313048c245acefd21801d0d6c908a8a5049b4c46253efaf420f89

SHA512
f8e3476a09d888caebd50da0ea2debc4006004e72af677919413655ab4595622cac524f1bc6c13406ee341ae0052a19ed83826ad530f652e73b2c65d4fa65680

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
18KB

MD5
a5883c68d432f593812ab3b755b808db

SHA1
51cbb7ba47802dc630c2507750432c55f5979c27

SHA256
b3715112a7ca4c6cc0efee044bd82444d3267a379e33a3ec118d87e75604204d

SHA512
27153e29e99a905fa4c8b3ede078644a3a3f29fdf7b98e387e39c5c60444e326c92afd74da8fee225f7ddf39724a0daef68ba238f3cc64fb7860172b8f29d79a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-file-l1-1-0.dll

Filesize
21KB

MD5
241338aef5e2c18c80fb1db07aa8bcdf

SHA1
9acbeef0ac510c179b319ca69cd5378d0e70504d

SHA256
56de091efe467fe23cc989c1ee21f3249a1bdb2178b51511e3bd514df12c5ccb

SHA512
b9fd37f01a58594e48fa566c41827b2b9499605d9e55c2178e83ee41c8c5f50a4df2c85efea94ca586ea0ea4a6d984ebb7ca2193e9306fcb853b147b2c76bc2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
49c3ffd47257dbcb67a6be9ee112ba7f

SHA1
04669214375b25e2dc8a3635484e6eeb206bc4eb

SHA256
322d963d2a2aefd784e99697c59d494853d69bed8efd4b445f59292930a6b165

SHA512
bda5e6c669b04aaed89538a982ef430cef389237c6c1d670819a22b2a20bf3c22aef5cb4e73ef7837cbbd89d870693899f97cb538122059c885f4b19b7860a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-handle-l1-1-0.dll

Filesize
18KB

MD5
cce27ff9b1e78b61955682788452f785

SHA1
a2e2a40cea25ea4fd64b8deaf4fbe4a2db94107a

SHA256
8ee2de377a045c52bbb05087ae3c2f95576edfb0c2767f40b13454f2d9f779de

SHA512
1fcec1cd70426e3895c48598dfc359839d2b3f2b1e3e94314872a866540353460ec932bf3841e5afe89aa4d6c6fac768e21ae368d68c2bb15f65960f6f5d7d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-heap-l1-1-0.dll

Filesize
18KB

MD5
cdc266896e0dbe6c73542f6dec19de23

SHA1
b4310929ccb82dd3c3a779cab68f1f9f368076f2

SHA256
87a5c5475e9c26fabfead6802dac8a62e2807e50e0d18c4bfadcb15ebf5bcbc0

SHA512
79a29041699f41938174a6ec9797faf8d6bf7764657d801cb3af15c225f8eab0135d59cfa627bd02dd7459f7b857d62299e4d082586ce690627ebdf1267ebb21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
18KB

MD5
39809cc5dabf769da8871a91a8ed9e69

SHA1
f779cdef9ded19402aa72958085213d6671ca572

SHA256
5cd00ff4731691f81ff528c4b5a2e408548107efc22cc6576048b0fdce3dfbc9

SHA512
83a8246839d28378c6f6951d7593dc98b6caa6dbca5fbd023b00b3b1a9eba0597943838c508493533c2de276c4d2f9107d890e1c9a493ee834351cff5dfd2cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
19KB

MD5
5d5fae1a17961d6ee37637f04fe99b8a

SHA1
47143a66b4a2e2ba019bf1fd07bcca9cfb8bb117

SHA256
8e01eb923fc453f927a7eca1c8aa5643e43b360c76b648088f51b31488970aa0

SHA512
9db32ec8416320dcb28f874b4679d2d47a5ae56317fdc9d2d65ebb553f1d6345c3dd0024294a671a694337683dd4e77254595a9cdbfe115c80d0ef53516d46aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
588bd2a8e0152e0918742c1a69038f1d

SHA1
9874398548891f6a08fc06437996f84eb7495783

SHA256
a07cc878ab5595aacd4ab229a6794513f897bd7ad14bcec353793379146b2094

SHA512
32ffe64c697f94c4db641ab3e20b0f522cf3eba9863164f1f6271d2f32529250292a16be95f32d852480bd1b59b8b0554c1e7fd7c7a336f56c048f4f56e4d62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-memory-l1-1-0.dll

Filesize
18KB

MD5
6def20ed13972f3c3f08dba8ecf3d6cc

SHA1
9c03356cf48112563bb845479f40bf27b293e95e

SHA256
c2e887a17875d39099d662a42f58c120b9cc8a799afd87a9e49adf3faddd2b68

SHA512
5b4d2b1152bed14108dc58d358b1082e27defd1001d36cd72ec6f030a34d6caf9b01c3c1dd8a9ac66d1937fcf86a6fe3469ac93b1e76d933a8f4b51c1f782f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
18KB

MD5
a056d4eeaae37deab8333dcc4c910a93

SHA1
cb59f1fe73c17446eb196fc0dd7d944a0cd9d81f

SHA256
593fa2aa2474508ad942bbaa0fdc9a1badd81c85b0dff1c43b90a47c23ad5fb7

SHA512
c2f811994182ef51d0c011c19336179da69357e5f284f787bcdb54f90c32768a959232a477534f7e62cd3d71a048a13e91b20042e2fe6ab108d606c7c8df9255

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
19KB

MD5
f3b4ab35a65a8d938c6b60ad59ba6e7f

SHA1
2745259f4dbbefbf6b570ee36d224abdb18719bc

SHA256
ea2972fec12305825162ae3e1ae2b6c140e840be0e7ebb51a7a77b7feeda133a

SHA512
a88afb66311494d6c15613c94555ba436cd2f75e11a49a448c9c6776dfba24cda25a44792a1e8b3e680c1ad3ad0574b43ac2328c6e41ff0832139c94b066dbf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
20KB

MD5
5faf9a33bab1d39dd9f820d34339b3d4

SHA1
50699041060d14576ed7bacbd44be9af80eb902a

SHA256
a1221836731c7e52c42d5809cc02b17c5ec964601631ec15a84201f423da4ac4

SHA512
73c25d1338df9aee5211fbb0e1b14e6bd853e31746c63bc46f44810622b09d52ee39b8e8a57c655da63d3d3d4025c2cba4d8673893d022417a2032ba3d935061

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
d699333637db92d319661286df7cc39e

SHA1
0bffb9ed366853e7019452644d26e8e8f236241b

SHA256
fe760614903e6d46a1be508dccb65cf6929d792a1db2c365fc937f2a8a240504

SHA512
6fa9ff0e45f803faf3eb9908e810a492f6f971cb96d58c06f408980ab40cba138b52d853aa0e3c68474053690dfafa1817f4b4c8fb728d613696b6c516fa0f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-profile-l1-1-0.dll

Filesize
17KB

MD5
7028cf6b6b609cb0e31abd1f618e42d0

SHA1
e7e0b18a40a35bd8b0766ac72253de827432e148

SHA256
9e98b03a3ca1ebabdceb7ed9c0ceb4912bb68eb68f3e0df17f39c7a55fada31d

SHA512
d035ccfd0de316e64187c18e6e5b36e14f615f872c08740ec22ef2c12d592e37d78ab154202926a56ab01d669eb5870dff651280a882d6bf2a700c43dcd25ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
18KB

MD5
2166fb99debbb1b0649c4685cf630a4a

SHA1
24f37d46dfc0ef303ef04abf9956241af55d25c9

SHA256
cdc4cfebf9cba85b0d3979befdb258c1f2cfcb79edd00da2dfbf389d080e4379

SHA512
de27d06b1f306110b42d0ed2642a555862d0ade7e56e5f2908e399f140aa5f43904e08d690bcb0d2f4d11d799ec18fa682db048da57d99cd99891e45add86371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-string-l1-1-0.dll

Filesize
18KB

MD5
b7cbc8d977a00a2574e110b01124ed40

SHA1
637e4a9946691f76e6deb69bdc21c210921d6f07

SHA256
854db7d2085caacf83d6616761d8bdcbacb54a06c9a9b171b1c1a15e7dc10908

SHA512
b415ef4092fa62d39941bf529a2032bc8b591c54ed2050ea4730f198899f147539b2c0e97f3c4f14848c71066924c1848ae5f07779a1a47ab4c5e46f02be7258

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-synch-l1-1-0.dll

Filesize
20KB

MD5
6961bf5622ffcd14c16fbfc1296950a4

SHA1
5584c189216a17228cca6cd07037aaa9a8603241

SHA256
50a1542d16b42ecb3edc1edd0881744171ea52f7155e5269ad39234f0ea691de

SHA512
a4d0c15acbff4e9140ae4264fa24bd4c65fb2d1052a0b37bf281498f3b641fef563c18115511829a23340c9440f547028d36015ba38cbd51ad0744d44d5ccd87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
47388f3966e732706054fe3d530ed0dc

SHA1
a9aebbbb73b7b846b051325d7572f2398f5986ee

SHA256
59c14541107f5f2b94bbf8686efee862d20114bcc9828d279de7bf664d721132

SHA512
cce1fc5bcf0951b6a76d456249997b427735e874b650e5b50b3d278621bf99e39c4fc7fee081330f20762f797be1b1c048cb057967ec7699c9546657b3e248ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
19KB

MD5
df50047bbd2cf3a4b0cf0567514b464c

SHA1
f20ae25484a1c1b43748a1f0c422f48f092ad2c1

SHA256
8310d855398f83cb5b9ca3adeb358da1354557aec5c82c8ef91a29f79a47f620

SHA512
5c3bfc2ccb2ee864b99f6709677474327e85889f4c962ea0a1ef9e1e876dc88b1d8e8e0f6c1422f634ff1c84a861c34e52ee07dac7fdde505b508bea80562b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
f62b66f451f2daa8410ad62d453fa0a2

SHA1
4bf13db65943e708690d6256d7ddd421cc1cc72b

SHA256
48eb5b52227b6fb5be70cb34009c8da68356b62f3e707db56af957338ba82720

SHA512
d64c2a72adf40bd451341552e7e6958779de3054b0cf676b876c3ba7b86147aecba051ac08adc0c3bfb2779109f87dca706c43de3ce36e05af0ddee02bbbf419

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-core-util-l1-1-0.dll

Filesize
18KB

MD5
a1952875628359a0632be61ba4727684

SHA1
1e1a5ab47e4c2b3c32c81690b94954b7612bb493

SHA256
a41bede183fa1c70318332d6bc54ef13817aeee6d52b3ab408f95fa532b809f1

SHA512
3f86180cc085dc8c9f6d3c72f5ccc0f5a0c9048343edaf62239eb4b038799845388898408ed7e8eac5d015a9bc42ff428f74585f64f5d3467dddb1303baf4f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
6c88d0006cf852f2d8462dfa4e9ca8d1

SHA1
49002b58cb0df2ee8d868dec335133cf225657df

SHA256
d5960c7356e8ab97d0ad77738e18c80433da277671a6e89a943c7f7257ff3663

SHA512
d081843374a43d2e9b33904d4334d49383df04ee7143a8b49600841ece844eff4e8e36b4b5966737ac931ed0350f202270e043f7003bf2748c5418d5e21c2a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
d53637eab49fe1fe1bd45d12f8e69c1f

SHA1
c84e41fdcc4ca89a76ae683cb390a9b86500d3ca

SHA256
83678f181f46fe77f8afe08bfc48aebb0b4154ad45b2efe9bfadc907313f6087

SHA512
94d43da0e2035220e38e4022c429a9c049d6a355a9cb4695ad4e0e01d6583530917f3b785ea6cd2592fdd7b280b9df95946243e395a60dc58ec0c94627832aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
c712515d052a385991d30b9c6afc767f

SHA1
9a4818897251cacb7fe1c6fe1be3e854985186ad

SHA256
f7c6c7ea22edd2f8bd07aa5b33cbce862ef1dcdc2226eb130e0018e02ff91dc1

SHA512
b7d1e22a169c3869aa7c7c749925a031e8bdd94c2531c6ffe9dae3b3cd9a2ee1409ca26824c4e720be859de3d4b2af637dd60308c023b4774d47afe13284dcd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
f0d507de92851a8c0404ac78c383c5cd

SHA1
78fa03c89ea12ff93fa499c38673039cc2d55d40

SHA256
610332203d29ab218359e291401bf091bb1db1a6d7ed98ab9a7a9942384b8e27

SHA512
a65c9129ee07864f568c651800f6366bca5313ba400814792b5cc9aa769c057f357b5055988c414e88a6cd87186b6746724a43848f96a389a13e347ef5064551

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
f9e20dd3b07766307fccf463ab26e3ca

SHA1
60b4cf246c5f414fc1cd12f506c41a1043d473ee

SHA256
af47aebe065af2f045a19f20ec7e54a6e73c0c3e9a5108a63095a7232b75381a

SHA512
13c43eee9c93c9f252087cb397ff2d6b087b1dc92a47ba5493297f080e91b7c39ee5665d6bdc1a80e7320e2b085541fc798a3469b1f249b05dee26bbbb6ab706

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
ab206f2943977256ca3a59e5961e3a4f

SHA1
9c1df49a8dbdc8496ac6057f886f5c17b2c39e3e

SHA256
b3b6ee98aca14cf5bc9f3bc7897bc23934bf85fc4bc25b7506fe4cd9a767047a

SHA512
baccc304b091a087b2300c10f6d18be414abb4c1575274c327104aabb5fdf975ba26a86e423fda6befb5d7564effac0c138eb1bad2d2e226131e4963c7aac5bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
4dd7a61590d07500704e7e775255cb00

SHA1
8b35ec4676bd96c2c4508dc5f98ca471b22deed7

SHA256
a25d0654deb0cea1aef189ba2174d0f13bdf52f098d3a9ec36d15e4bfb30c499

SHA512
1086801260624cf395bf971c9fd671abddcd441ccc6a6eac55f277ccfbab752c82cb1709c8140de7b4b977397a31da6c9c8b693ae92264eb23960c8b1e0993bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
595d79870970565be93db076afbe73b5

SHA1
ec96f7beeaec14d3b6c437b97b4a18a365534b9b

SHA256
fc50a37acc35345c99344042d7212a4ae88aa52a894cda3dcb9f6db46d852558

SHA512
152849840a584737858fc5e15f0d7802786e823a13ec5a9fc30ee032c7681deaf11c93a8cffead82dc5f73f0cd6f517f1e83b56d61d0e770cbb20e1cfff22840

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
8b9b0d1c8b0e9d4b576d42c66980977a

SHA1
a19acefa3f95d1b565650fdbc40ef98c793358e9

SHA256
371a44ab91614a8c26d159beb872a7b43f569cb5fac8ada99ace98f264a3b503

SHA512
4b1c5730a17118b7065fada3b36944fe4e0260f77676b84453ee5042f6f952a51fd99debca835066a6d5a61ba1c5e17247551340dd02d777a44bc1cae84e6b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
76e0a89c91a28cf7657779d998e679e5

SHA1
982b5da1c1f5b9d74af6243885bcba605d54df8c

SHA256
0189cbd84dea035763a7e52225e0f1a7dcec402734885413add324bffe688577

SHA512
d75d8798ea3c23b3998e8c3f19d0243a0c3a3262cffd8bcee0f0f0b75f0e990c9ce6644150d458e5702a8aa51b202734f7a9161e795f8121f061139ad2ea454f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\base_library.zip

Filesize
824KB

MD5
247080fe487fbd248d06f68f43451d4c

SHA1
94c716d0eca119615b5ef2e9d139eb028871e6dc

SHA256
9da0de4efad14382340e6d9f3257fcc0b31808925fb2e9c091436d3f3c0d3640

SHA512
8726eb38765d8958a017791a4f27e081d5df07508c526ed3a19828f2fa0fc1eb228ebdf661a418640f550efe367ea6e6cffbf1645a090135c698baae8ba1f663

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\python38.dll

Filesize
4.7MB

MD5
a56338254587417ad3ef8e46d4842a34

SHA1
a1b0916568dc5fd17f116706c6dc500410a88308

SHA256
cf872677852291280bf615849eaf1bba02c5480597207c05f13f79ac82f01770

SHA512
fde064987ac8becc197e74252a686f2ce88d240b4fa677c956f14e2b1205723157f1bbf20a5b93c63b3683defb34da5d23d0dba0fa0655608fdb722990a4096c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44122\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 922105.crdownload

Filesize
7.0MB

MD5
dbc2de4b885b9626d6cf8323b080c60f

SHA1
3d48a93873dcd8b61ecf166ec12c8cbe6a9a52e4

SHA256
f534f51bfb6136975b3cd469eef6285043d47466aa103fd2f2996fbf9ce3868e

SHA512
738a9a2107baac8a24b99d75444a12c53fcf0730d873a735da0fb115c5388e24f33edcf8eb8fdb21529e3722b32b818d0d9bb33c8f6295460b2d0a9c0dbf7052

Download Submit