9c4faf01bab51f707cd2fc8e41124aabc6e418134a42daa8a22318576aa1f554

Analysis

max time kernel
1788s
max time network
1793s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nuker.exe
Size

8.4MB
MD5

b6b1e0fb5b60a9c9481bbfb9f04e4865
SHA1

9564cd7f3e5cb58c6ed65bc89d605e63ceeb182f
SHA256

9c4faf01bab51f707cd2fc8e41124aabc6e418134a42daa8a22318576aa1f554
SHA512

c1ce6540f0124245456a206d5aa38c883106a3162753787c3eecff76fc644cc076875831540a308407de9cb160a41151a15597f4b5a8cf6d2c14dae0402045b4
SSDEEP

196608:LMGwA0MhCqDBTX1QFhjwt25Hnuwf5auOmtIYuOGfotI2:xlA6OHuw8uOEEOG

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 54 IoCs

pid	Process
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
4420	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe
3572	nuker.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
126	discord.com
127	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{BB13EBC7-9E82-48B7-8999-7E9789D47FF4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
4648	msedge.exe
4648	msedge.exe
5032	identity_helper.exe
5032	identity_helper.exe
5636	msedge.exe
5636	msedge.exe
5972	msedge.exe
5972	msedge.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe
5976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe
1456	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 4420	4792	nuker.exe	85
PID 4792 wrote to memory of 4420	4792	nuker.exe	85
PID 4648 wrote to memory of 3796	4648	msedge.exe	110
PID 4648 wrote to memory of 3796	4648	msedge.exe	110
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 388	4648	msedge.exe	111
PID 4648 wrote to memory of 1832	4648	msedge.exe	112
PID 4648 wrote to memory of 1832	4648	msedge.exe	112
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113
PID 4648 wrote to memory of 3936	4648	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\nuker.exe
"C:\Users\Admin\AppData\Local\Temp\nuker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Users\Admin\AppData\Local\Temp\nuker.exe
  "C:\Users\Admin\AppData\Local\Temp\nuker.exe"
  2⤵
  - Loads dropped DLL
  PID:4420

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb50146f8,0x7ffcb5014708,0x7ffcb5014718
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4220 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7968552897005593468,12548975586386015068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\Downloads\TokenFucker-main\TokenFucker-main\nuker.exe
"C:\Users\Admin\Downloads\TokenFucker-main\TokenFucker-main\nuker.exe"
1⤵
PID:5596
- C:\Users\Admin\Downloads\TokenFucker-main\TokenFucker-main\nuker.exe
  "C:\Users\Admin\Downloads\TokenFucker-main\TokenFucker-main\nuker.exe"
  2⤵
  - Loads dropped DLL
  PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d8480f3a090bc8c7aba0377789e65869

SHA1
9f17b275b98a074cd354a889cfe9532b3e056655

SHA256
98ed9b28cfb4979197b2bd1baf23901933e3d9bf038195437999ae14a179142f

SHA512
e55e0db55dc1a8e9813e0f4b683c3c6eef4914b0e3d9d57f73450adacdc9fe40a2f6000509d044ed6b423dfe3a05c248f5c8bbe148f7b878b86fe23290d5184b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
873B

MD5
02fd8606f28c95468f7bb032ffa94c89

SHA1
90cbf880e9fe625d898e3eb45e2e0151dd0b81ee

SHA256
8d9c37959083d5d9537535e58c80682d8c6379dbbf39530d4074de6825863298

SHA512
98191a088aab2b94be7660bf3906f0cb3ce54a86aec52d40180799ad798af02758eb297ff4a9acaff0e39573bb7685f0117e146161ab466e6495a310086887d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3629bdabf91149fd5dfd2d2ec0632f95

SHA1
e21b009678e2516f228933101585db6565ff6f2b

SHA256
9e27e37ba59caec0e27bdb282d29b3ea91097ba33c281f85d0cf8e30a57f46e8

SHA512
2023ced885ea8d14a6d56e6de500bdb5329f50e0896f5e9bcadad85ae8aeed9fa1ea6e4ca8efd60198695919ae25146dc01946a94558838688b6dcc87d5d0839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0068181c9e737c776511bb76063bc0b

SHA1
0f481725416fb058d1ad2dfa9df9d041bcf68838

SHA256
469625e221aa9bc73942df30674a63d6245c26fc7c2a9846141bf382caa7cb91

SHA512
8de0e85b768d996c4820e82d9c5a2f80d18d467c02bf69050a90fe5e9ab686d022359b8506a6e8b793a5524d1c13eb6e2fb6d6dbc6c8da278ee00c06f679725a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eba7d85e5b0e36eb803666c0c759e0bf

SHA1
edbf998e531a7a7c37d7da4f47bfd5f451184b4b

SHA256
effdd2073e1ed8ad6863a194cb9b87246ed9283947bdb646dacd11661af1f09d

SHA512
8424ae9a861c5188617f9199eef1a28c6163757c2cd32687912fc475a04b4f96330ab872c6659a2f006b40e97a3c21e5f0c74e774c7f55520f344d6f3a66373b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d94d8a7a1ed722a7fa861e139fa6c78

SHA1
4e2581ead5bed04d890b74f016d000f98925d09b

SHA256
6b429419c63ca98e8a4630e51a5666ca40718c78b7863984381d069485f1f68e

SHA512
3c3febce22c331818b9ef35e00fa64ace83766f0434105501c9c3d7b2d9f1fe582b24b0e6477ed93ed13fd56c52542716731b9948aaec702f798e300e560a891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598e9a.TMP

Filesize
1KB

MD5
071f33429afaaf40cfc5da357407d154

SHA1
14202a64e8681a0a4f2bdfee97dd65a565e8c51e

SHA256
7342ad525531630516a5b68f60a6fed5cae59864e672da1d214f7c9be3ca28b7

SHA512
9d3f21b32b420e25086591220daac042392d8a857942e8fe513047ff08d2c3c74514a59380edab3c1bc234f3a576ff98817ec43446d59fe5d787ba634d50abe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac2b9e0bd654810d9b63db422e648731

SHA1
de8f9da95bf224ae8a307b99936bf664211fc112

SHA256
99e09dca63c52d7c2d9102101610f0fc1e99efa00c231e169c9c340432c08f79

SHA512
3b5b009da71d7135d7f9a6790836641612765b40660163756acd65805a5df59ca33efe948e4a908647ba5db6666721612fe822948ed644667e7bbeaa4444575e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6d97d74d877357ae3a2568abf614fc8

SHA1
bc89ec38b5c2740f16ae9eb1c84e1a904a173a80

SHA256
b830f0a2809a912344d6650a93c84c8dbd25b4d7143bfb0e8b320e8e2253b9de

SHA512
a14400f82248d275522cabd8c1265af2e2a2e4c93042fb71484191a283908e1b75a4200473d87d8959ace943f0f66f7a95c90e119f8a5c64df90396ff9692f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\VCRUNTIME140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_asyncio.pyd

Filesize
63KB

MD5
3a5fbfdc3091114488bc30cc1873365b

SHA1
a4da519a41ce499430f5fea6f731f59b41e8031d

SHA256
a055e2b17cba4199b48db6848e44543399870958f49b1afce10534c46298ef2a

SHA512
00e08a09f7124e3e300a834796cc106ce07f8801749dc2ce451d5397ed822c2b3c602c20344b44c608c4fc0048cac6897748daab91d80a1be877a9c44e531dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_bz2.pyd

Filesize
84KB

MD5
5a8b3602b3560868bd819b10c6343874

SHA1
73a5ce4d07479894f24b776eb387abd33deb83a9

SHA256
00d2f34aee55b473bcc11838469b94a62d01fdf4465e19f7d7388c79132f019e

SHA512
2f2f8305fd8853c479b5d2a442110efc3ad41a3c482cd554ebcc405fcf097e230f5cd45dbfb44050b5bd6fae662ce7cac0583c9784050f0c7d09a678768587db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_ctypes.pyd

Filesize
124KB

MD5
e1ef9f5c77b01c82cf72522ec96b2a11

SHA1
e83daa56a104f6ea6235822c644b6554c3958cfe

SHA256
a79cf8259890d5843cf8eaf29db8dbd4bfabed50f4d859756f93ac2b30617023

SHA512
4231ec5b06effae6497bf62853b79420529cabaee6b58f519c3c30bdd42c925e85979c29c2db0747dcff3f99f3b19dc02ece96347e08cf49eb0abb1e19238c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_hashlib.pyd

Filesize
64KB

MD5
8f7edaff246c46dbf09ab5554b918b37

SHA1
c14c33b14419f5d24fb36e5f1bf1760a9c63228b

SHA256
9154b36c178d84a901edad689a53148451ef3c851a91447a0654f528a620d944

SHA512
1947a1010fa1b07671aa471d5821792dee7f2b0cd1937d3f944cd0201a299e6cb37a41debbbd1bc6e774186f6d08ad6264055cba7652b0d5bd22691431cb360e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_lzma.pyd

Filesize
159KB

MD5
caa58290ab4414e2e22cc0b6ff4b2d29

SHA1
840902aaf7db40da17018776e5c842014c3a81ac

SHA256
185d407bcca7399c458133f2ce1efa938352b8093b2de040c91c3c3088ab173f

SHA512
a82e380ab1676424e52a36c08eabd572375dd36a7fe2b9df51d48c368aed6c04b0b3674bc6a9787efedd0ed70bb1869ed1a2f3a1f4238485710092b9cbadd00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_overlapped.pyd

Filesize
45KB

MD5
60af9df3c5d25c193d73a566e763b0b8

SHA1
a87c3285ff6f59528611f42577d30dbf35827b45

SHA256
c63632bf1b28f7f1007ff093a9ef3d034cb9480fc373c29e06a407b223b6ddff

SHA512
57c33929ec284013e88696ab7c099d570d0211d99f8e2027f1d8db9ae66810ccba6992959a2d543929f59bfc67cc4d1cc9264046e02df9cd119c3b1d2ec41a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_queue.pyd

Filesize
28KB

MD5
671a9ac9b34f07ada65bf1635e4626c5

SHA1
d4a6e478caaacdbdb52f57d12e16ba96671d30f2

SHA256
3f1fc09b3f0a5c8c7aff4223d002952ab26f462aa390940a9f00454815204739

SHA512
92617258ef747f93ab2c378f5c9a2aac14668d834df15939c1ef83a555490b9ee3380d7341bee60c33057482736a595593749b8794ddeaa9649339363095108c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_socket.pyd

Filesize
78KB

MD5
e71c0c49f7e2bd39cafeed1dca29455b

SHA1
22cb314298c6c38e3246f73dc7277ed00d6b8449

SHA256
3b0ea76a2b0caabf5b8994d3789778575ecbf2831acaf4d53d274e265d271622

SHA512
4c09599c7c93427b30a011cc39738983c79f0835292e5c0e7e19f6329f33810773d0e97e20f4698d22b6d0b8b643521bc3ce318c890366872ed26b6d3dab5c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_ssl.pyd

Filesize
150KB

MD5
39919e97dc418e0099b2a0bb332a8c77

SHA1
f04c9d78b3d5e2a95ea3535c363d8b05d666d39e

SHA256
b38b09bf0421b1f49338ded8021d7bc56be19902d9b21a9b6e9c8df448f93eb2

SHA512
f179ebe84ae065ed63e71f2855b2b69cdedfc8be70dace0eb07c8b191768eace1312562e27e77492481f214f85d31f35c88c2b1f7a3881cee9dffffa7ffc668a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\_uuid.pyd

Filesize
22KB

MD5
0803ad237eb9e6370d71d0c500ce6493

SHA1
60479ffe844717a7ccd451ae1cfa5208ed003177

SHA256
fc5dc4af3a540c97d33cd300558488884417912629fad2e36baeba6ffca9faac

SHA512
1f8a19fe1c228a5f7cde873a89d3c64e9b3c9b2d9b360bd893b86ac8558bae76a5f08b6a6ba093ff369f0f04e72ec10260d1d2299b796b2c1433ae11ae8b6e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\aiohttp\_frozenlist.cp39-win_amd64.pyd

Filesize
63KB

MD5
f2454e08f168a9af3b6aabf41c5488e3

SHA1
3ba72153103db0292c555eba4f43f37bddd43a51

SHA256
6a563a4ddc233ed5f01f8635d590366b5a078ac73a28a82d837f24bec23dd14f

SHA512
3b2008e5ff3009664d7eeafffc3c8bfe420e337177a3f6926314773d65b6622a09b192e893ec50f0b366f356c9b4768358e352cba96127f85f529ce255eb8c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\aiohttp\_helpers.cp39-win_amd64.pyd

Filesize
47KB

MD5
6815a1c38a30d6ae70027184c09adccf

SHA1
ce5afe856c4445d173c0d524f139d1aed3cc4e65

SHA256
399dfeee9a2f8c6a132c2d4d28931f4c6c0f1d1394de54b182a6457d9143a418

SHA512
efd4fa17a9611ca4337cc667b164e83745bbc4043c226e684957146c9bc2ba37c892940845ec2ff0142d3fe604654a12bf05022782d0c0c3194e4d109b5ebf4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\aiohttp\_http_parser.cp39-win_amd64.pyd

Filesize
230KB

MD5
67946fe0102b3555988a8edd321946c0

SHA1
a93b16df8e9ccbfe2892e4676f58a695cde9604a

SHA256
636a925eb31c3a7de39cb9495613b13570606a0672d3e699cb6983287e0c01e3

SHA512
786a4e6c49f77bf6cffce5c98cbc66d518075309dacc4c3df286d3c3bc21f7c0cf7986bf85e374827ec7951c13acdd031e76c336bd1fb4fd265aa03a8a28dfd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\aiohttp\_http_writer.cp39-win_amd64.pyd

Filesize
41KB

MD5
1a518361de37d98224ff98bf47618ecf

SHA1
f81def8f71d203aaf68774f6e1158ccceb5806bc

SHA256
84e8b37d6fd0162610deb3c1d4887f70e6447850321eea846f860efc2862704b

SHA512
7ffef935ba56e2bbad0c569e63f5d33d83dfc72e10252ee259c6fff9859c4e302405a8c017012a9efa6da40ecc1de1ad3248a89404d8532b78b177a6d2ce305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\aiohttp\_websocket.cp39-win_amd64.pyd

Filesize
27KB

MD5
5fdb53cff23dc82384c70db00ada94c0

SHA1
c52391eadeafe9933682c7dbee182200b0640688

SHA256
d1c463b5c7a878ef5358a63bb0ea9e87311fe1f416f762bd18b4888c170c647f

SHA512
2d81e2eed6b4f37c4178141a24cf4475d27378a5bad3b6f8af022b185050ee9832de5db31271e5ca6e5e397f2e8a2a36edf9ca7eb6e0a9b918e3e8618c22e60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\base_library.zip

Filesize
773KB

MD5
a8a76a1006fe74693350a70d3e32f81d

SHA1
4b103fec63dc983300f36297c412d00a0edd86f2

SHA256
aaa8a1ffa3787ce349dc0996dbd52be33ffeccf8f2423decd05b979be05c331b

SHA512
35cf293162d6d5307aa5ba7d459dcd5abbdf4d43ec44358b279962601b46a680b81e2f39c084ca80d6dc585032b17b6f661797e6be7529b0450916210df3fc10

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\libcrypto-1_1.dll

Filesize
3.2MB

MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\libssl-1_1.dll

Filesize
673KB

MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\multidict\_multidict.cp39-win_amd64.pyd

Filesize
43KB

MD5
d70507ffb5d2f6d527e32546fd138d0e

SHA1
3c43e86ac5afa6c4064b17fcaff45be5a2bbb9d3

SHA256
9fb82e21ee4f4d37d019b7053e6be4d9eed8c92cd12a3f7211125032c6e8cb22

SHA512
15933d164c1df23bfe8960a465b6ceedb34b765861ce8cc53bb87fe37745c59f8ee132891b5dc408278b8ad78d7c098f450291350c2e577436ebf2d49ac53faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\nacl\_sodium.pyd

Filesize
336KB

MD5
f2f8c186dbb91b3dddf6aa7b44ee05d4

SHA1
95eb61564c5191e59ca5e359646e9564d77a6f97

SHA256
ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec

SHA512
ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\python3.dll

Filesize
58KB

MD5
c4fa8029ed8439203120d3e774aadc01

SHA1
3ef5714d25ad62efdebb160f3cb93e136dd1f581

SHA256
962dcad9911d6959d7320b2214ade633b53e5555e66d7e82f3bbcc78e2148e0e

SHA512
7429e7463f38767a3627c5a75b16d8856281063fcec42f977d069445ffe56c3edc78142a95047617de5082dc7142858a837596ead5179a8e583545b7754933a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\python39.dll

Filesize
4.3MB

MD5
088904a7f5b53107db42e15827e3af98

SHA1
1768e7fb1685410e188f663f5b259710f597e543

SHA256
3761c232e151e9ceaf6c7d37b68da3df1962e3106e425cc3937d1f60170f3718

SHA512
c5edc25fd9a37673f769af1a1fd540b41e68351bc30b44bc83a1d0d4a8fb078888bbb31173a77ef47698631c9816bc05637b499c20d63e3d65457d9aa4bc2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\select.pyd

Filesize
28KB

MD5
1e74ba085eb08a3affe5f5fabaaa6caf

SHA1
46e3efbd21dc0a2c7650ed949bc7e7e91b37efea

SHA256
36be2a85c1989dc171bde986950b81d3e9cda21f1d1bf2f81f7fe15ffefad511

SHA512
517a109490c3724a630a85471e28ff3c4f96c9810b96f5baa9b66473ef59ed4055e331c8da064a53bc12892fb674f417b3485e96f16015e1437cbd2ca67e87d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\unicodedata.pyd

Filesize
1.1MB

MD5
06092dbacf3b009ad11376dfc5ed2acd

SHA1
2597d23469d65936fca20906ef41e1f999944210

SHA256
2f9e76a8148029ade3e8f61d014d79a9b1c154cc9b5d6608f50fc478170ff676

SHA512
c782ebb9139a6b358d6e55cca3f018e421747984245fafbd150696b152763f2a6d08a21a0185f49df867dfabf5f066631a55f324abfed4e8bece8f85ead81c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47922\yarl\_quoting_c.cp39-win_amd64.pyd

Filesize
78KB

MD5
b9dbd65dd477f78e292494852ed9cfb8

SHA1
d0c78884460fc4fd9810a00c9cd728629db40da4

SHA256
e7af21ec47fa1aea28ecc7516b389102514e9e5720b4af89e7aa48b489d4a500

SHA512
ef139107342dbb251079a800f275dce170891b5ea829395b256adebee60cae4e14fc852a58b0f476b4b7d3d87cc180046e691a855e4edc62c1baace6b53ab96b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 164384.crdownload

Filesize
8.1MB

MD5
9136d6cefbfe1407d08bc99c78601abf

SHA1
b9d0514cb7c0a4b0ad87cae03335fc19354a7383

SHA256
0f0066405d6f3e8c556e0552d800599489ffdeb3adc5d7c6c8d925e77d485f2b

SHA512
a7872e1c677cde0d40b5b5b1c8870f0582f0b4dd1de99b7721d5b0aee62dbe527f2291cd9224ba28d888c68bcaad4b47376170c3bcd578aea9ad3e1bd5108da0

Download Submit