Analysis

  • max time kernel
    60s
  • max time network
    60s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 12:56

General

  • Target

    https://drive.google.com/drive/folders/1V_jcYzwTiKnSv8Dbv-7Z0hh9SWbkn6Bi

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1V_jcYzwTiKnSv8Dbv-7Z0hh9SWbkn6Bi
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a464718
      2⤵
        PID:3972
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:4172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2488
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
          2⤵
            PID:956
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
            2⤵
              PID:1220
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
              2⤵
                PID:220
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
                2⤵
                  PID:3100
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4128
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4984 /prefetch:8
                  2⤵
                    PID:4672
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                    2⤵
                      PID:4892
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                      2⤵
                        PID:408
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                        2⤵
                          PID:1432
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                          2⤵
                            PID:3940
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                            2⤵
                              PID:1756
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                              2⤵
                                PID:3308
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14401662722343173786,3009867388494171585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4992
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5020
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2460
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:1784
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\" -spe -an -ai#7zMap8714:110:7zEvent31879
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:4860

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    d7114a6cd851f9bf56cf771c37d664a2

                                    SHA1

                                    769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                    SHA256

                                    d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                    SHA512

                                    33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    719923124ee00fb57378e0ebcbe894f7

                                    SHA1

                                    cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                    SHA256

                                    aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                    SHA512

                                    a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    1KB

                                    MD5

                                    afe7905378517ed80bef4b65ae4bcae3

                                    SHA1

                                    d069847a2db28d22609a763c52f48965da0ac594

                                    SHA256

                                    fc42428ba40516fd8e3730a45f0417f408690d79f048130fe9e0f23fc2b1776c

                                    SHA512

                                    1d9cb4624dc27b6ebb689bf8e5083d2baa167e2b39e346ee4f57ee10348ef4c3ec080406e7697d651dc34d4695ad52f3658c56abb7a03a706f8d296bb4af9a80

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    81254cb5b44d5e3fda93771136e8b15e

                                    SHA1

                                    c49a90fedafbffdd0cf419ad1336a3b2eecd6a0d

                                    SHA256

                                    bb3398df83014c89edc5e4ec32180230cf5a474f8a2c880efb65dbc9bef2c4a5

                                    SHA512

                                    62f971ac2068e6db67b9a087a054f85861223ab9bfae80cda896df45f68f6580eecd8d85034750e9fa0e42d9b71c1737d1dbddf1340226430fb4c4d3fc7657c5

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    0f34f32909736283b120ecfb1d53ec9c

                                    SHA1

                                    bdb78b77d0b3ab1ff12e4a6a22a1ec0c4a52e8fc

                                    SHA256

                                    4e4afa620d5da1cf2bb99881465820aa892b0e5f3b368d7baaeadfbce8159246

                                    SHA512

                                    96e75fae34c5603349be8469b58c33ef1cf0f6c967e33c9c394800c750d0ead78bf137ec0f7bb15c8f0d656db65e9640a031050a4618fa65787d3f64cc21decc

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    410437dd4d29dcd07c45e0936c78228e

                                    SHA1

                                    c95e4be911643445c68499e9610e3dfe68e5cccc

                                    SHA256

                                    69f57cd5d9a25ea57c0872c5961652c104bbf79fb31cf8fa172be65cc0821f44

                                    SHA512

                                    df6e3eb4f8d11c81dbc7fd8eec377c518cd5b66d625a0c5c7e631f7489a7fd756cd6ecc1817ebab114f3d45d725461828db2d1f306ce2249e1a9fe0996371ba5

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    cc5630e9844deb9bc02fa390f57392d8

                                    SHA1

                                    8c3f0d292dc9ed514ad600d0d2a72ce486d117a0

                                    SHA256

                                    a31235eb56b0221694b018aec7d47d3b547f5e3d82c4c68c52e844bb2b1a815d

                                    SHA512

                                    a50ae7260542ca5c8b48aa1e18107082404faa432179e360637e34170fd217cdc8c6376f67f4b13f7b49dbbf94181865f5dc394c0edb12762f58d2de9bad910c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58363e.TMP

                                    Filesize

                                    1KB

                                    MD5

                                    2949412e8b49ee2acdfedd9eb7d6f124

                                    SHA1

                                    acd14dfa573452190cc9bc390635dbf3fc78cafd

                                    SHA256

                                    2823bb0d233e572c452c6c0fabb28e1c976eb7084a95f8b5b865de1749b184e3

                                    SHA512

                                    29c2bd57fd3481064a39206cb4872b0d191e745011d2ac2c48dffaeeaaebc11e6c8c8bb668da06ffe117748a91af2c4c6172aa792bfaa88a50da40eae8dfbf68

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    94e5469fc73e927fe5963fd2640f036a

                                    SHA1

                                    91a1737ffeb76c61976eb3255e5ace3bb582010d

                                    SHA256

                                    f8aa9eebaa0ce0185b03a9a04caf3ef9357ce652d5144034227735d1b8330f4e

                                    SHA512

                                    a539d0ac306a28e4ab943cbc25a401a65577d4e9b6abc0c2a9d2b0e0bf2078368dacfc4be713f14a0bf82649baaa50abbff95dd55ad06909422e43575411c7ae

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    d9431da383c69efebf4ed44172c989aa

                                    SHA1

                                    7892cbad9d38b88fed74ecd068be1926661f7a6d

                                    SHA256

                                    1e7271323960b14b12614148afdadc0f5f7813906f6f141770497ececba15fc5

                                    SHA512

                                    7b0104d8e4102ce91e98b22094cb55235b3b7e99fccde6f0cb04cba54ef3aa5dd1cf4d79c148f497b0ee9b1d8cdb3c810fcc3082ac530d6802bf42fed92a5db9

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort04.tri

                                    Filesize

                                    293KB

                                    MD5

                                    28ed1e5654c05b763cdef0c12f9ecbb9

                                    SHA1

                                    1351045923bacc195bf72abc4558744ce89f2113

                                    SHA256

                                    8df46a66641a8395832792bcbdaf47bfab8066b7f1dc37b330f03b754f923f96

                                    SHA512

                                    862f4cea25d0368ead389e1a8f7d6413e1abcf5c345a165cb2d73d835fb47e20d06b7edc8b0e4790efbda94e6abbb45731a9b112753453f5602977435cd2cb57

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort04chargen.tri

                                    Filesize

                                    742KB

                                    MD5

                                    96dfb98b084c1dcee66f6c7cba667cbb

                                    SHA1

                                    3d2bafa9c375123637b98d9f77ee046a11b6921a

                                    SHA256

                                    5c58db5ebe6df094c964c0f69fde6acb89332949e7d60563b112b50ad5ccf32a

                                    SHA512

                                    d5cab9c7a98be7bfaf680dce9bf8480e28938d4ccbd33452ee88a150600438a115973a31f594a6423b8f5406ef527a7ccaf77abd2a51ad89d67a528f51aac0c0

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort04races.tri

                                    Filesize

                                    112KB

                                    MD5

                                    52ba721c0fcdc10fc666cdb97638157b

                                    SHA1

                                    10c810aada0945bd38382279ea10f8913452423d

                                    SHA256

                                    ac544f5d77b74ccd9d65970b4c19f46cf7e66942246e6577a93d578bd70db53b

                                    SHA512

                                    adeadbac725f9a6ab3dd4fe5183e4edbb48a3625a3838ab314e1f8d2f317fee55ef62723403768caf2a684e7382e518dd59c5c276d036616bc8381b41f5134c9

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort22chargen.tri

                                    Filesize

                                    435KB

                                    MD5

                                    865102246b63730f2c50df59c8d389a3

                                    SHA1

                                    0b366658b14b955ad9b251d4feab6ac812e59f89

                                    SHA256

                                    686d83096c69846137df60b1e40f0f2d3ea3c89cd273b5278074a716f0cd9f42

                                    SHA512

                                    de05da6e559b74bb47ae7035d0b795b01540146a9fd6d176d2c72dc26a3baa7ca0229cb3b0b094c6320f7e3a6ff3b34e6156dad8a2d3fa0996aef1008c4299ef

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort23.tri

                                    Filesize

                                    171KB

                                    MD5

                                    26bea572f07c7bb75c0d1cb173e659ab

                                    SHA1

                                    30815d2becaa3ceed614fbb467dc655af47abf83

                                    SHA256

                                    93176cbb476a900ee3bc9cd045e1464112c597f11bf66f75775e2643bb09d5ce

                                    SHA512

                                    d94607f4830e344d2867bf2c7ddce28365834012aca093ab98b09a15d7234a599e657eb3b54893d8d7b71f3621d50501b6b46627545f15eff1dee016c8ed55dd

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\01 Loose\meshes\KL\High Poly Head\beards\humanbeardshort23races.tri

                                    Filesize

                                    64KB

                                    MD5

                                    d707cd159cd2d832f293aaadac23ae67

                                    SHA1

                                    6bec46944be0656570f9a4659eacae7e76858114

                                    SHA256

                                    a41e637be626812c8ea63fa0a4e96cd50a47d2ea941da35169b227d2fde0051c

                                    SHA512

                                    c22732a63f837eba092af77f4f07b5062614e34553b0e39c383a6a9945e1d128f88a04bf12a43395f49423170012447129f0dd55efa4e34f9c359b7f678cc013

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\04 No VampireMorph\meshes\KL\High Poly Head\beards\humanbeardshort04chargen.tri

                                    Filesize

                                    737KB

                                    MD5

                                    4bc1cec385e5395399a7ba4b4b45b254

                                    SHA1

                                    1acb3bde08302ce757bdd5367b6a00789a1ba83b

                                    SHA256

                                    bd1546492f908621bc108aace573c9a9b2da72fff7029b98e9b556330acd2e32

                                    SHA512

                                    b3f1917616c0f9cb9425271fb4eac9e5363268678d0c1a1b4c103ec6f964a6391561b5b9b9c3557ee8e1a6409f2acb6e039f008818a7e94f5da5ca4561fe8c85

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\04 No VampireMorph\meshes\KL\High Poly Head\beards\humanbeardshort23chargen.tri

                                    Filesize

                                    432KB

                                    MD5

                                    a10336fdcded444ad166f2b255a2bec3

                                    SHA1

                                    b65d86f650bb9ec6e80b335ef0923c29d341ca6f

                                    SHA256

                                    7af57e5d963d48a19822d02c3d4cb1f6314553415cb77f9739d025cb1c01552c

                                    SHA512

                                    9825ab56b66fde6c031266159e5e8635a62f09ff2dff8fb9549f7ab4d71a04b3a0c70fc9dc716ebde0001e87ed0d1969aa724f6df35ab7b3a516d04d51f57191

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\KL\High Poly Head\beards\humanbeardshort04chargen.tri

                                    Filesize

                                    594KB

                                    MD5

                                    ac44eae26ad0343e0c9313022497c970

                                    SHA1

                                    e3e0068299dcbb3de6565fd63e010a8b6b047a34

                                    SHA256

                                    73a812e2a17aca46ec3c1da259dfa5d83230217aa0e55ba1690ac3df3c8a322b

                                    SHA512

                                    d3d5c22a2978f87fd829a14c0428d8701d0f82b2ad6e31d30be217758080ea26c527feb20f7fb4d2616a95532c2133366a48f96624fa8d51e0fd4407e40492d1

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\KL\High Poly Head\beards\humanbeardshort18races.tri

                                    Filesize

                                    41KB

                                    MD5

                                    e5ea2857f70d247fedac68f4e0119507

                                    SHA1

                                    c4d69f94acfecbe0a17de36b1421467094ca0602

                                    SHA256

                                    9f10d8f1db1de16414e4ccd1b026ca2a2c9bc341e386cf5d6533aa9506ae2c5c

                                    SHA512

                                    28ea8da4305221408dba793d06ec554041b3531b369fa438f721a3f3da668a7e475b733d1a2d2960dd79fb886f4a566f110008b48d4e997b6b582743d1c96493

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\KL\High Poly Head\beards\humanbeardshort23chargen.tri

                                    Filesize

                                    300KB

                                    MD5

                                    9094cc45709e7bc4f1ba41185d881872

                                    SHA1

                                    6e1a93cff918f83cc936f5714ff0bbb50f99b9bb

                                    SHA256

                                    18b13e1291922e1ca08cad5687264d6a9910a0680a3a73682e55e67ba433e703

                                    SHA512

                                    e74a0bb2e8eefa1da54af87d9fcaa27cbd7973893b3725ce4a85f7185e85d654bfa05cc4c29c3c2cb3c26ec171a89142eb0d6066fe3a052dc578c4507ecd979b

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\KL\High Poly Head\beards\humanbeardshort30races.tri

                                    Filesize

                                    74KB

                                    MD5

                                    9a3cde6df79c491b5c77ad9e669709c9

                                    SHA1

                                    bf711f08dad2676be3db30f41c334965b0104a08

                                    SHA256

                                    f8d659c91849e88a26d3dcd42a2c6d824fa502344ef5eecbeb7ad04a8295d94a

                                    SHA512

                                    78be93843ebbb61c6d77cbd3b0c5d31aabad951c58d22e3ec41934988f9fff0994a1988f67ae36984682fad7b822717b5d621ca56030d2597f6982115d3e503a

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\actors\character\facegenmorphs\morphs\KL\beards\humanbeardshort04_race.tri

                                    Filesize

                                    167KB

                                    MD5

                                    1e3e8f94df382f4dfe75249142bb5368

                                    SHA1

                                    9e345765961234f79debf78b2b1dd50e86d6d8ba

                                    SHA256

                                    2e1f5dd678706a31f6a4b4a54bc6b9a3977b7d7b07304a204013f880e5d9b211

                                    SHA512

                                    ac0f7b27d0c7ff0096faf6c13ea7e3504dfd017c76dd8b0452413cfccf714c4e21a3ff75849cd5da519f97ee1b6dbd45fffe3501264c18f6cc6677bc6ef73e4d

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\07 EFM\meshes\actors\character\facegenmorphs\morphs\KL\beards\humanbeardshort23_race.tri

                                    Filesize

                                    97KB

                                    MD5

                                    242e5f0f6b98b54689b593cdca6aacd0

                                    SHA1

                                    5c7bdb78fc6047c3bed697e4795806daedcc277a

                                    SHA256

                                    7483afc414f77147054e039b268752cc5b8b7c9bcbd45ea83494aae336185d98

                                    SHA512

                                    a1ab9051f5d1c1d447b609d8dcdb79292c6f346ebc88629ad3fdaa403096b8f102c6f0ebe3a3dfc055ac559a7d686f6270d2060f592f38546d506781461893d0

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\beards\humanbeardmedium07.tri

                                    Filesize

                                    247KB

                                    MD5

                                    c230f46d1a51cad4acbe68935439beaf

                                    SHA1

                                    37c383a5a7b48b6292528c96ae11864a061a5723

                                    SHA256

                                    1b51ccc2cf92c79260d23240f8fa952a4469b223591e1a6769ae8be6e6dcbee8

                                    SHA512

                                    cebb876d64cd36a56647e84310bb1bbcb81bb448d87a95a248ab86fc6736ee2a0687f0a452446c846187dd5274e6a9b65925721edf00e3d22438657d97a2ab4b

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\beards\humanbeardshort18.tri

                                    Filesize

                                    100KB

                                    MD5

                                    7b7477151002cbd7598cc18ec3dbc4fe

                                    SHA1

                                    1e7fa6182c2f43777fe5e59ff58f3cbd7e2ba398

                                    SHA256

                                    d25b720db613cc4bc1e438899066fa4e2cc17841645fdc69115d8cf4f427ed62

                                    SHA512

                                    696fe2a379c47aa598a1f0bd64a81dc9f236ee715a6ff33002d3c8a115ce7050d1230045784fee63bf2c30b8d6461ea480a1878137ed7656ce85ef3bce2b3b99

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\beards\humanbeardshort30.tri

                                    Filesize

                                    188KB

                                    MD5

                                    e6221ef74f4b6b27a96386d4262f3c17

                                    SHA1

                                    552f7e9da23fc8a706d4a3b5dedaafca6be7f7e4

                                    SHA256

                                    be21916403e210ca630a9962d341c6a618c651fc4d5a379c228867552d47754e

                                    SHA512

                                    30aa9a644b91ea396b1d837c51882959fb5a3439a66efc0a1f56dbf0f6e0f2e4f2eae3ee53f23b3de5eb162d39dfdd405bfa1d2e6b017eb49af4ad025f38cb16

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\faceparts\maleheadbrows.tri

                                    Filesize

                                    101KB

                                    MD5

                                    012677f9de73f5ab6f79917e36b57ea8

                                    SHA1

                                    b1761c236e2381f299df3000aa035871ad40dc5a

                                    SHA256

                                    79de3f77519294fa7efe47af5030f47e29ad72bc2b8233dc9d9d45733d754539

                                    SHA512

                                    032d8bb459fb6d0bab45350143a02ec5c6b0a985b1f6531db7af04666eeac0d0691cf33119da712d6787ab201710c94f59bb05a96ae99a84b83ad6a6ab331545

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\faceparts\maleheadmaskleftside.tri

                                    Filesize

                                    154KB

                                    MD5

                                    97c04cd215eb9cd416598a6d93bcd22a

                                    SHA1

                                    35df051cf7224a222267cdfbc8b4c36d3ce7107a

                                    SHA256

                                    17f0546113a7c0c65b7c4089e7a406a3b29db640135eded08c122ccadf4edfd8

                                    SHA512

                                    f27a164ed6f982f714704ee8de8b4d451bf1f53c9749e0a8630e6540cd2493f71616127b88f4b0a4fca7df2cfc461ba10f5f8e42273a58b4d73f9fd562383bca

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\faceparts\maleheadmaskrightside.tri

                                    Filesize

                                    154KB

                                    MD5

                                    edc05b22e5fe162bb5f229b5ecba22b5

                                    SHA1

                                    762da65c5fa661c02c1d40e22c17a60d328e3911

                                    SHA256

                                    420f9ca8804f283dd43e96d8dc4f3af9554d1fb4c4cd32445bd976191cbc5a78

                                    SHA512

                                    21ed3271b99ee2d4d60ee394b0bbf9c45481b800a5b9f0c64eeacd0ac4871f8854b909e11ea26807278706f1b767c759f9be7bb0840afe5e28e03bc32e333838

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\KL\High Poly Head\malehead.tri

                                    Filesize

                                    1.2MB

                                    MD5

                                    ec728f11eb13230bf581c431b1b75d78

                                    SHA1

                                    295b4a73901c881349d27aa6e6d501b0dc08d1bc

                                    SHA256

                                    3f0a644b434bc9069094133c1e0dfd81eb14661cd8670b9fa9c415e2de3e9182

                                    SHA512

                                    b27948ea97f35f75fee7484dc53a71e2f36ee656548634fd15a089b9321d3ebcc3f41f5b955b99184b8a07f97221947b7234b9f6f024a4e8ad3e35bfdad2a6f4

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\actors\character\facegenmorphs\morphs\KL\beards\humanbeardshort04_expr.tri

                                    Filesize

                                    282KB

                                    MD5

                                    111591c6241b8ad7fab71ed16796f15a

                                    SHA1

                                    a571a5782b35a52989c75df04df71c1392b4c292

                                    SHA256

                                    f55f935a0bad1c1fbf34599ec443fc8dd612b1955d785579dbe5e2b8e26cda6c

                                    SHA512

                                    a67f80d49c006e41e45d54c43e0d3d384d72baf856868fb45938de1f2f8a6735366747b9b7fb99827206df8550de154a614f37c5f69ac8c96d58a5953dbe37c7

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\actors\character\facegenmorphs\morphs\KL\beards\humanbeardshort23_expr.tri

                                    Filesize

                                    155KB

                                    MD5

                                    3cbd0ce38ef0e09cbc5342a2b633c141

                                    SHA1

                                    3e3d2a91ffbbee874d688199bc2520db366e7b39

                                    SHA256

                                    ba811f01e94933039f2f180850b26cd445c6cef5cd632aba6509283c7cae876f

                                    SHA512

                                    40cfb64d59ec0b88434e6e7da26c74a43f8b8a74fb57b3bfced99951efe33e3b38fdae13d5cc3cd148cb899313815667254e62106eb5795df3bdac0200b07156

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\actors\character\facegenmorphs\morphs\expressions\beards\expr_humanbeardshort04.tri

                                    Filesize

                                    74KB

                                    MD5

                                    37bc7f9bd69a5228d1bb70c5d8a8cc1c

                                    SHA1

                                    07326e6641a2944330a9125471586bbde1799b91

                                    SHA256

                                    df2313665e8082e95647e3279832ffd67846b1326fa6373edf05ae0f0ae73ad7

                                    SHA512

                                    74a1339a847791776c69c844a47aaf23ba2e155c01098aee19603fdfa72c39be0de99f6ae70e6ea76c8d7f2fc0c4dcdd44af0a968b32ace469ea2fa63097dfeb

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\08 EFA Male\meshes\actors\character\facegenmorphs\morphs\expressions\beards\expr_humanbeardshort23.tri

                                    Filesize

                                    42KB

                                    MD5

                                    fe897ae162ddc46b218ec0904cebef6b

                                    SHA1

                                    f26dbf2a3cd25f3ee3f629043fe5838cacb0e99a

                                    SHA256

                                    46127f1224176547b8095b6aa81b03c58ea75718d484073721a54021066e3a60

                                    SHA512

                                    c3902843cba6514a89d4f2bfbd7272959340063705de14505357ee2c0ad65292e6513aeab98c50ee6852b8cc96be7575addb3f77d3b496d0234b8a1579f50241

                                  • C:\Users\Admin\Downloads\High Poly Head v1.4 (SE)\10 High Poly Vanilla Hair\meshes\actors\character\character assets\hair\male\hairline06.tri

                                    Filesize

                                    56KB

                                    MD5

                                    334132b877d1391526137ddb75980af0

                                    SHA1

                                    2127c6e3d51f0052b6ef346eba84300e79a5c2bf

                                    SHA256

                                    1c191ab8bfa882b6f2541417f0f7eb368bba4b0cd4bb7d283c9ab4a5ce209b34

                                    SHA512

                                    4ae2adef9f346fa03dde9b3974b343aa42958d39060dabe885ed2837ed371e24c17b1e2edba968ebcdd1ffa05e72ed59ab9d84ac6ba54443893b5b417b6d9bf2