hxxps://drive[.]google[.]com/file/d/1WW8OClkyWAXI8Hmf1kOG6nWAstlSJ7mC/edit

Analysis

max time kernel
128s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-08-2024 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1WW8OClkyWAXI8Hmf1kOG6nWAstlSJ7mC/edit

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5404	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe
5460	afkbot.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\NodeSlot = "7"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 020000000100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c0031000000000002598c7e110050524f4752417e310000740009000400efbec552596102598c7e2e0000003f0000000000010000000000000000004a0000000000851a0701500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "6"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 56003100000000000259ef7b100057696e646f777300400009000400efbec5522d601759d8792e000000a605000000000100000000000000000000000000000039b27f00570069006e0064006f0077007300000016000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\afkbot-unbranded-v9.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
4476	msedge.exe
4476	msedge.exe
1216	msedge.exe
1216	msedge.exe
3640	identity_helper.exe
3640	identity_helper.exe
2116	msedge.exe
2116	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
436	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3172	WMIC.exe
Token: SeSecurityPrivilege	3172	WMIC.exe
Token: SeTakeOwnershipPrivilege	3172	WMIC.exe
Token: SeLoadDriverPrivilege	3172	WMIC.exe
Token: SeSystemProfilePrivilege	3172	WMIC.exe
Token: SeSystemtimePrivilege	3172	WMIC.exe
Token: SeProfSingleProcessPrivilege	3172	WMIC.exe
Token: SeIncBasePriorityPrivilege	3172	WMIC.exe
Token: SeCreatePagefilePrivilege	3172	WMIC.exe
Token: SeBackupPrivilege	3172	WMIC.exe
Token: SeRestorePrivilege	3172	WMIC.exe
Token: SeShutdownPrivilege	3172	WMIC.exe
Token: SeDebugPrivilege	3172	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3172	WMIC.exe
Token: SeRemoteShutdownPrivilege	3172	WMIC.exe
Token: SeUndockPrivilege	3172	WMIC.exe
Token: SeManageVolumePrivilege	3172	WMIC.exe
Token: 33	3172	WMIC.exe
Token: 34	3172	WMIC.exe
Token: 35	3172	WMIC.exe
Token: 36	3172	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3172	WMIC.exe
Token: SeSecurityPrivilege	3172	WMIC.exe
Token: SeTakeOwnershipPrivilege	3172	WMIC.exe
Token: SeLoadDriverPrivilege	3172	WMIC.exe
Token: SeSystemProfilePrivilege	3172	WMIC.exe
Token: SeSystemtimePrivilege	3172	WMIC.exe
Token: SeProfSingleProcessPrivilege	3172	WMIC.exe
Token: SeIncBasePriorityPrivilege	3172	WMIC.exe
Token: SeCreatePagefilePrivilege	3172	WMIC.exe
Token: SeBackupPrivilege	3172	WMIC.exe
Token: SeRestorePrivilege	3172	WMIC.exe
Token: SeShutdownPrivilege	3172	WMIC.exe
Token: SeDebugPrivilege	3172	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3172	WMIC.exe
Token: SeRemoteShutdownPrivilege	3172	WMIC.exe
Token: SeUndockPrivilege	3172	WMIC.exe
Token: SeManageVolumePrivilege	3172	WMIC.exe
Token: 33	3172	WMIC.exe
Token: 34	3172	WMIC.exe
Token: 35	3172	WMIC.exe
Token: 36	3172	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5844	WMIC.exe
Token: SeSecurityPrivilege	5844	WMIC.exe
Token: SeTakeOwnershipPrivilege	5844	WMIC.exe
Token: SeLoadDriverPrivilege	5844	WMIC.exe
Token: SeSystemProfilePrivilege	5844	WMIC.exe
Token: SeSystemtimePrivilege	5844	WMIC.exe
Token: SeProfSingleProcessPrivilege	5844	WMIC.exe
Token: SeIncBasePriorityPrivilege	5844	WMIC.exe
Token: SeCreatePagefilePrivilege	5844	WMIC.exe
Token: SeBackupPrivilege	5844	WMIC.exe
Token: SeRestorePrivilege	5844	WMIC.exe
Token: SeShutdownPrivilege	5844	WMIC.exe
Token: SeDebugPrivilege	5844	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5844	WMIC.exe
Token: SeRemoteShutdownPrivilege	5844	WMIC.exe
Token: SeUndockPrivilege	5844	WMIC.exe
Token: SeManageVolumePrivilege	5844	WMIC.exe
Token: 33	5844	WMIC.exe
Token: 34	5844	WMIC.exe
Token: 35	5844	WMIC.exe
Token: 36	5844	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5844	WMIC.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe
436	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4972	4476	msedge.exe	81
PID 4476 wrote to memory of 4972	4476	msedge.exe	81
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 3312	4476	msedge.exe	82
PID 4476 wrote to memory of 1284	4476	msedge.exe	83
PID 4476 wrote to memory of 1284	4476	msedge.exe	83
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84
PID 4476 wrote to memory of 1364	4476	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1WW8OClkyWAXI8Hmf1kOG6nWAstlSJ7mC/edit
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff965c73cb8,0x7ff965c73cc8,0x7ff965c73cd8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,17425516493173355443,18104302581048160631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5504 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1608

C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
"C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
1⤵
PID:5148
- C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
  "C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
  2⤵
  - Loads dropped DLL
  PID:5404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"
    3⤵
    PID:5132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3172

C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
"C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
1⤵
PID:5364
- C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
  "C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
  2⤵
  - Loads dropped DLL
  PID:5460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"
    3⤵
    PID:5856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get UUID
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:436

C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
"C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
1⤵
PID:6072
- C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe
  "C:\Users\Admin\Downloads\afkbot-unbranded-v9\afkbot-unbranded-v9\afkbot.exe"
  2⤵
  PID:4988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"
    3⤵
    PID:6040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get UUID
      4⤵
      PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
408B

MD5
60f6f99dba38df8381c9449a40fb9585

SHA1
c0a944a646decac23502f7541e28cb7c8c5c488a

SHA256
cf135e32e98e744d6f688c6fcc2a8970125be728f61ba024f8bae46e4c429124

SHA512
43e25e338a919e923057b3e924839f6ba4a19b064c83439d6e2380e825fc492ffdb12439d8ed980d3d1abda0492b10acf4999003fa48ad5b9508e5b7526f628e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1c93f1fd56e726a689b9acc8f4bffe72

SHA1
ea80e84efda49632d3e518e875a769e34deb3b62

SHA256
46b3df1f5092c9f19d5d60c6f93200e45b28dbccee43fa8c82e6847756a46d31

SHA512
417896d37151b505543582f252f8988c3c96dc88466e95f881a17347af098495b9026b87382312f9cb20c808bf1a45782114d091930657065751d79a78dad106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b85d4072c8dbf3f87aa65ed538ce0237

SHA1
21ee9f06a4a691a22689fcd3831e88d1a6c752fe

SHA256
ad8e3dedddeae1de608a687b8a8ad0f364af5d70f54742f3eff9c1ca5bf073c6

SHA512
4a83908aee738f25a79dd43e25e8dec747c12ffe1d15b5e92d9e78da8e4905f9ea610ddef006dd3afc87cb0ea8469363f7eebb593aedb0baaf00c9a3d7d4db57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0206b30050a643bd7c4d0a0daf3139fd

SHA1
c3cb7ec117d87f935e22c82b48abcb6ced950a2a

SHA256
bf7ee4ccab7b065131f4cc5370c7cb3d82db27d794338ab6c3e3a4e204777433

SHA512
5457bc26c1a5b60c7fb34e349c48e26d8771e0c1d69a0c295290f638481024775acc34fc26952929c7df5453cefde824e0ac5c53341392b5a1955ad2abb13a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c887eb12602fe268b5ae6395f79b6fc4

SHA1
a9070a6096db4d803cfbba0de32cc91114a3f0e1

SHA256
8548f97b728a5089136ab95c9ecea27245a7fdf240333d57ea62825706bcc5b9

SHA512
dd46b74f88b9d8612ae920c7942e112dd51849eb6f65b4bfe8c97989a8b50d1ffdf0e09c05937412dfbefe3a3ff36395b8c70b994cf5487df7370b247e270612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
570839c483c8c77798a30c2c3c344b01

SHA1
1c709baf27832c3ccca882c3f9d6da4762e78693

SHA256
abcf0d6b5317e6776ec9fe997e8baeda318995a64b9bc85d3fe3c780c8defa34

SHA512
39f76bd023cb7377a82874e0ca9d324711f30559223cae8883d0500e2ea91f8a98c0cc53e54324160f48f2c9a0dd1686b6e1ed8db996f260be156d3164ba0fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
8805de8aead10a48193b54f882a7763a

SHA1
b4e55947787eb9cdb5998ee1b77c3bd14a35accf

SHA256
22b0d0412c274a04d11d7fd3f6545eff245e6f032e21b86d920c2844dd1007c6

SHA512
284d835a01a0c98b16f717e0eaf962a559ec2158a673402ab29b96ec37785728bc70496c07d0c683c51a7f1a3880660de6ef52da326aec641578fb7cfb19f458

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
1754ecb52a0c9fb6f11c43476975be9e

SHA1
93045ea061f23421d61b14ab2b89eb618c0e6daf

SHA256
631a106755f13a78032d7c17cd19c5185fe89d93fda2ac108c4f53e27dcdecdb

SHA512
4bd61029d4fe1a55d2a89fbc900107751a0753434d8ea25cc947131205c7f610b44e3e7bd2f2c5fda4db0ae6aac3bb0ec6a4c0b5ae1c602c597e8bf1328d244e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
31b55653d51de75f30be2eea85aead0f

SHA1
b9d3501a06d37110c281fafb433dd2fc26189447

SHA256
1ce185afeea0a30a12b496d95df395c18bd0e99570c0ac3126758476d4b6aea0

SHA512
0bb69ccf98ad9db6fd1e2ec4a2a436f2da42c1e949c8941f780515787a1a560f696aed1a9faf1b3fa2a96fd59f3c51f6e9a59186e1485b47687828a0cab2140a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
a575281e93dcdc2f95857b7e2b365361

SHA1
379a88481d2d2efa2e6e741add7a82b217865b87

SHA256
cdbc9ee30658188fd9af68ad52b5d8e7f59111191b0681ec2ed9095d9c85ebee

SHA512
44f4409cd8eca2c18da44e99ecc87c7dcd20b30f1ee9983bb504cfa4121e95521d11a2bacc63d9fe18008ba629bc464d3c715b9720603813ecd3b6098a395906

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
b4c1a9ef2cf923a81969faf2f74e5c18

SHA1
84d4f2141b89afac5d8d14277b79c4f14e6cbb3c

SHA256
938a52984e7e9ffeef350a794907639d453e346d5bdc0aec8c1360d040cc672a

SHA512
c4402b4a5bdd751bada7a96d48d7a3679447fd455547a874e95a27b0b7686d89ddecad2a5097daa7d0e305557514219bcc6e126fefcad52c3ff16ac69368f4e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
8142799f92638d67267278d2fcab85e0

SHA1
122da2ce08042e8484e2584cba30fe528dd3b94d

SHA256
f36025fd0715ec893c112f06472072c565385b8c5fa675cce5b4a9158bfb87e9

SHA512
1d71763f14ff6178cf17f71fdfb47a46522e20c92ca3b86d1b722f9a704354f3b0e7a73ab6b891d531bed8c9db844c677c4f9dbcddced27487e2439d654ce7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
75c8a3c1dfe2096f1a2c6ba51de7196f

SHA1
eb17720383791d75ccc2ed729900c1e8e8165504

SHA256
3d95961590fe6da5c569bcb0a54651488e70dd7b15c257e1b9faf8a3cc0e63e4

SHA512
8c6af5c49a321d60b14032780bf6d93a51ed7fe97940e06dfb251d295f51f2788cd7931a848cea94607d81acb9bb225086dd879159e67cda0c355173e69543ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
855bea02e0a624407c36b109b841db59

SHA1
d812734104a7fcce9ef86ba9239d106ef8d27395

SHA256
c6515fb573cd8190ebc401aab4646069066205ee9eeca548ae5ddbec3633336b

SHA512
23a14f6c86a8f986322dd1f7efee0b9a20e12e6d141994d3fd165d0df22513d63efb3fab8945879466b053f09fe0d2153c183c1d738530844eec465318e94ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
5f0f6443699fb844cd2a6684ce279b6d

SHA1
ccc04dad19cfdd7f3cf895025d038e0c509881c6

SHA256
523b4c1528aab62c5f8622e4e2c4a4ba0df43114098a05f0c58c69c716c42626

SHA512
bd03582d208403f245e24d47a8f2ac818f5853ca9438912af718386b48eedf4b8d01a3579e67a46b7214fc343e06301d54148893ea00ae822eee95ade448674d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
c5de5376fe71ca643e633505209da913

SHA1
83ac568295bacc264e40586306f2facb2e778304

SHA256
4fff338c18ab8a1a37d1190e3b9edcca55afa86b0ba0f97d87c4c841e4e29678

SHA512
2c04fb85b1b5c047d456b61b178aa486c9a8801408edb8dbd20fef4e1e125d140a30ee6f40dc0e850cd717529fd0e7bcd3e88a0f018ff1602beae4db01df1458

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
26dd73913f6487700025e760df6402ee

SHA1
055e26cc1b985f0215a0eb5e6153e6cc9f76f2b0

SHA256
841aa4632552c47b43d453968da2c8d0861b1eb776d530a4e985d0290516d6c8

SHA512
d073e118f08216d6c7b39ddfb089353377032080f8e0447a66abf62f97939084c2ca957ce1d65ec3479161cf3385c5b82cc7000a29a2d856f319ef9115d550a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
9bfa838217a723d82f2139bd9fa92169

SHA1
e59d149cb6e7149768305a174a14531406c79686

SHA256
e989c62edade6b3333d798e0481f4c2ec08f7d2a0c47acfcca2a869cd4b68a1f

SHA512
55deaf735ec62bf652364d3a281a98516e967a1f6fdc5d691864766b1e4cf2e31ab64f48dfc79eb89bb3cd1ff7e59af5e6eb22fcbe0761e708b5c5035b96b62a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
7f629d273ac801725d19df76990a68df

SHA1
dc6ce7553e3ccecbc2f74cccb6760a9fae910594

SHA256
945dacfe53f62d83acd0537a6712658558faafb18f68b76b88127db78482fd8f

SHA512
af51a9f8704d909185601c642d966cf99f53d2867dd4c5326f602ce279fcde916f9ef1d458740242c02078f9bc8867d8cb8a41332590c45983ddf349d1cfb05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
e80ab3c9dfd2574944f7e823b99d9ca3

SHA1
3b22f5cfaaecde9890dafbadc40a862215a62e71

SHA256
a505bdf2e4dfd5120de230fd9d159ef75aa00fb3f98e24d259f5c0a456713c74

SHA512
8f756d323932b6db5b29c0b50a313fef7417dfe7173bf21dce756de7ec62235812e00d321cdfd0cc20e88b21a9fd6edd8660df68ac87052f6e7fc5549c3fac81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
e6afcee6449426ec7aade8946d995f00

SHA1
e23ca56ec0e593c72d5f409707368fac5531a7ab

SHA256
b26de5e517b05e10ee34fdf4996f82c465668670329e7f19d21f39a7e39011e7

SHA512
a4f08b3115e5bb60cacabd4801577b52fa25d33803b1b7b6ac9e8663ed4aec62b745362bd7ea28186d18a77362ea0f5fa452200d4744535006300b108ce8e841

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
162689d6edafcb3eb00fb50d01ee5287

SHA1
30f20bec95041f904fa2f566700d1dff436d5021

SHA256
32d11f07156248c7906027e0f17e93e51de848f136e6d3fd0d4f9d1ffb2c70da

SHA512
1f7730a291281db1c47a374eef5080c7f4ef47eb51075b05f148545d14ff05fe03510b9b11b807ef32bdee6ec24bc386f5e2a032bb5e5faa8d10375de32af0e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
953139610362f102b41b125ea7208070

SHA1
ee5ae26c8909923691f6673cd2385c567b9339c0

SHA256
562e2619e1e685080faf2122c12ae3c35202ce34ce8330d1ff0a3b566095fd38

SHA512
e7d72b31426438a045521f84b262f2f8093f63438a10893777f7660bb9e570794a2e278edfaf697d3888b12a88854f4c6c4028310b278e60a3e2abf328ba5272

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
6362e38d6c8138711da8f3be9bcc72cd

SHA1
b0827e51f1a45cdfed76e7636ea334255d7ddbeb

SHA256
73fabc60a9b24c1eb65ec886a59a190046af5853800572df1d48634417a15729

SHA512
bac37bf61221355a1b43a7e7b3a65ff6d08790898e7e9719f2a776ee55db0cfe036d721d216bb95454dd1375c322298eea54fba2054d9a41e3aad6d60ec41507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
4649d1ad31dd375bfaea35c9423f1d96

SHA1
a4736638f443aca260205dfddea3635ee2380a26

SHA256
2401cc9407ebb1fa60ddf520d422ec1eefec050dd9871554756c869c9b730558

SHA512
1f98f8945b3f3ac852090a559095c95f36ff234672e871c95c2a8447e321890f5e6b244ee67d3e24a09cce2c809848e2d19fc2c7d54ace97ee0ba5d6f396a8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
251d9a3f3ec2e5a8997ce8d7450e443f

SHA1
f6cac92e67b976f6b480c530b501e9f0f18e7d81

SHA256
b5a61cd60ec9088ee27bf61d37c55abc9d6db3f722616d74fc191cf671a4902a

SHA512
cf956d4fd0713970e050a1259c5e3495125a64e8a75d26f8b3a6c9b64954f0c1e5e349352443652c3bb21feb2ffec4145eb58cbfc16e2600d1d23ee4ca6425c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
575eba56aa4c2e409d643f719cd1dbba

SHA1
86a8b08c70a5b095b603211a706148ca266951a9

SHA256
7e97fbf5cee26ab01227d564f023337736310868c1cf23920e4dceeeb1c11701

SHA512
67778ef6ea653970dd17d4bf4272a408a7626f8f994cd1a781687f9a7398765df6e0079663ca66e9be80a324ec467c1145f8b6e49ccf52cd6fb8bf8bfcdb2f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
d6dad6b6adb40eafdb89da01acf6742b

SHA1
7e2af9f5d2ecd518c8de7249ad681a7b30221a55

SHA256
4f47aad2664ed21dd80d30ffd954a34503ffe2493bebb39da058d452212e75af

SHA512
e226db47322494cd3315baad6ff0ce3537d4992fface18b7a4bd7a2eb8b4806757b3fc1571437fc52efa72339572eb9e254599c0aef475e88ecf330fa8bf5b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
35f6657e323c4e5ac56e7697ea3cc54b

SHA1
696092f39a3f11a44df634ea3ac3ee4fc1b9acc2

SHA256
a885774d4a5419db2e9f7fbd0ac06f7244e046aa614cd6585ab22fc428f2c7ee

SHA512
4478d43814eb87473874eb757c61d21cd1ca2c13a1644b3ab5d29b45e28007f03a04a08b987b57f9bdc2913c4bdbccec32b94fae72f5af62e7c7b94c850cb2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
dace0193b6820ed7812f7346b9382c05

SHA1
ce9d597e3239d88544dc4eb61ce59605a2d82ae0

SHA256
ac3b86a3e66c5ae2cb30d8a386b0574e6b59fe0f549120c16b7790c3489bc593

SHA512
82efb9c2d9fe612c9cc6cb681eeea9b1080fa70fe7f86c8c4bd48ad98ab100aa35b498191e4048da6073ed22ac298b341a61a1be26f52cff2aba64b5c419072c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
ef40498ce0b6cf020d9ea8ed88992584

SHA1
2fc258982ffeca396e50bff27a4b2e283c14b051

SHA256
003751ed79881bce98017b66206a2ba411321edd61fd51768779f29dfa99968d

SHA512
95c8573b336f2f2fb5ec580340af406a0742d73d4a3d160b22436dfc0bebd36d15f6019a4b3da1507b8b8970b954196723114185bef91336aeb226bb2f45ecd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
ed447c74d9047cbfcc66878b063d31be

SHA1
9efa4aaee23ed3135ed5dd8f64f0c267a7bf25e2

SHA256
eb41c514f2660813fa6ac58a28bcd2adfb64552b945dfcad5123f51a1a71f863

SHA512
cdaff5424a891c14a0b91174eff76f1e4d77018e2c74b378c0e9b08e3235bd964f0557e88f3f362336c054422e516470be5ef4bdf1f2a91319ecbcccf18c84f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
ab1a23bf00ace7433c859205d518fa5c

SHA1
26fce2426649b769f5a029cde3c91eea70d5d5db

SHA256
e7fc8d3956ce856b1ce0b8d16c10fa4c886a33717a64b818aa6d2492d7492429

SHA512
999bd396ca2191d40bf2a1729b2a8876c0f62a7ec52768fc56070e22be18764bf8ada703ba1e6b2319e0fa4bf0f5cada24b2cdf6fb4881e95e432678858e3606

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
48ba542c275d6ace740b4aa548157473

SHA1
e207434272c4a2e66d0d0e5e634c96b31fc56d87

SHA256
4d80b38c49c9e507190b133e97c7b06ac926c5e1d93095bef8e35c51e7be4e3c

SHA512
a75df86ea70ea3b10ebf8193d07d7ad99d6b2bbb6fbae5dee39cf2e6cbb0b573adba633b67854b65f01a27d70d263a41d0f8190bea000155c2800a9d2ed37f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
859c13dfb783115ed36eb95037b7241e

SHA1
b26296f4faf33b9fa33eee171654eb378db5169c

SHA256
65eb6a1276426e0bffc0a7686770cae2fb15a0f819cab4b96003a292c483ec5d

SHA512
e419498101a73fd58f82d9f40112ec040455d78d34cb9025f37f5ffd1ff87c5b6fd97b7c1833b07821d8c0cce69cffb9124c7891ffce1c99deafa78b3ec544c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
b83a1737d839d6106bb92d7d4b3dbed4

SHA1
894cd0b8edccd1c661e060b50761d95ef0cef51d

SHA256
61424c4c6cf665ef1c6e092a105721813d495ff17d81c809b505acf9ac0c575a

SHA512
fc44f9afeb553e261d7b0782897985eabd30522a6fdb558f958c53c0e8cb36f20251487853076a35e14212d4fb2b51d8bd246e2d69b8c1cc1c53ef7156bcad56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d50203f25306427ccc9935ec45431b95

SHA1
2c00a5db17df3bdcf8f98814a6117b7beb312003

SHA256
42fed4693a9f2ee8ebb29b34ac92aaef9ff070f609e0cbff74258f65ea53d666

SHA512
a5a0d30bf14788921c16771a6f2f40702c3a1d3e912aa6854095bb74fe8c2d590edbbdef78ea8729b68776567581c156079ffa66f41d7e86d08c77c0d838c9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
2ca6aecd962341ef2565ddc8fd5bc127

SHA1
b43bc1b2d06b489e5170fa72f25bbc21f295bb9d

SHA256
f2d099d580c733d3132ac3cd0179c7bfa0f1ed8f7bd063e411cd57e920510488

SHA512
1a9b4338c1ebc99ce92e378b357cb65b4eb1dbb3cc40248d6e878694375b140d23fd80bc4e889aa3ddcd148752dcb460194bc55939b71053060de460310f8c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
4c344ba3ea55d42a089abee91273bae3

SHA1
eea467320026fe6b156f84e11dfb8fe5b6c43ca1

SHA256
8483828a6781dc3cc4a121e2a90f54abb6f6c42680a0634e02db8b736d16f877

SHA512
2853b3134545820024aff7b753fef7029e998205d45c7c8c68112b86c6b38665f61611eb656d74fbf4197a8891d99711df1d85ca73c642f9f9f036207058191f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
29KB

MD5
a6c2eecc89b696cb2e7aa52c08f3fecb

SHA1
b0751bfe738216d8bcaba4702049ca6e1f540fd2

SHA256
63c233965965c6eab235c0e1e7530788fee44d5cab910a2cd22d325334a3dce2

SHA512
721ca48eba14a77822d08525f131f6e2c432fa338e339ff0747b2d25f61bf8dc9dbe00dc813c15687fd3b63f7dd2f703897eb55cbc13f9388ef44ca6c8c0700e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\api-ms-win-crt-private-l1-1-0.dll

Filesize
73KB

MD5
d93d91324a28653d8580420f347190bb

SHA1
f636ea83c6436abd34dadc07db39ba7cdaa134c8

SHA256
65e8380924c6b54147185cfd84deb0795c617b8c316d3767daa616f9fd88d6c0

SHA512
402f5cf67501b7d809d249c4e4cf94ab8ae8b833ea0f66913906cc0a7720368af204fc0dd98ffc5d38e3872aa08e388722b2b635a104a8619b86cfdaf808abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\base_library.zip

Filesize
1.3MB

MD5
1987e9c2f16a12101400b0f644dab91d

SHA1
af984d9a367ef0f85f49d67eecff296a4a9d427d

SHA256
deb81dd0d479b5a6b29583b573eb3f48d95b17923898073ef91008fd12ad4d49

SHA512
5a9fefd9eb40c7f91a7886b716087f58b870a384fb34ff9fedd1ece8c1aa98b48cd0c87870ddd7b942a5b33e8571a59bba0a67524c477710bedf02fefdf5fa50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\python3.dll

Filesize
66KB

MD5
a07661c5fad97379cf6d00332999d22c

SHA1
dca65816a049b3cce5c4354c3819fef54c6299b0

SHA256
5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b

SHA512
6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI51482\ucrtbase.dll

Filesize
1.1MB

MD5
6a44a2235d33b3f154fc50dc72e8ea61

SHA1
e98127a010bc6555e50e2ce7eba6ead8d8e13bf3

SHA256
91d027417ff2301b7135e864a5df6693488f8412ff87040f4897e0e03bc2577b

SHA512
057595ef00dc41aab49d654dc1b8dfdfaad58a3e2cf764db71090413b04e07c618d4592b390d170a4fbbc02f04c68f11b382258e3bf13a1791c6bfc97df7687b

Download Submit
C:\Users\Admin\Downloads\afkbot-unbranded-v9.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/5404-427-0x000002D835360000-0x000002D835362000-memory.dmp

Filesize
8KB

Download
memory/5404-439-0x000002D843C90000-0x000002D843C92000-memory.dmp

Filesize
8KB

Download
memory/5404-405-0x000002D8345B0000-0x000002D8345B2000-memory.dmp

Filesize
8KB

Download
memory/5404-409-0x000002D835120000-0x000002D835122000-memory.dmp

Filesize
8KB

Download
memory/5404-411-0x000002D835260000-0x000002D835262000-memory.dmp

Filesize
8KB

Download
memory/5404-419-0x000002D8352E0000-0x000002D8352E2000-memory.dmp

Filesize
8KB

Download
memory/5404-417-0x000002D8352C0000-0x000002D8352C2000-memory.dmp

Filesize
8KB

Download
memory/5404-415-0x000002D8352A0000-0x000002D8352A2000-memory.dmp

Filesize
8KB

Download
memory/5404-413-0x000002D835280000-0x000002D835282000-memory.dmp

Filesize
8KB

Download
memory/5404-423-0x000002D835320000-0x000002D835322000-memory.dmp

Filesize
8KB

Download
memory/5404-402-0x000002D834580000-0x000002D834581000-memory.dmp

Filesize
4KB

Download
memory/5404-425-0x000002D835340000-0x000002D835342000-memory.dmp

Filesize
8KB

Download
memory/5404-421-0x000002D835300000-0x000002D835302000-memory.dmp

Filesize
8KB

Download
memory/5404-431-0x000002D843C10000-0x000002D843C12000-memory.dmp

Filesize
8KB

Download
memory/5404-433-0x000002D843C30000-0x000002D843C32000-memory.dmp

Filesize
8KB

Download
memory/5404-435-0x000002D843C50000-0x000002D843C52000-memory.dmp

Filesize
8KB

Download
memory/5404-437-0x000002D843C70000-0x000002D843C72000-memory.dmp

Filesize
8KB

Download
memory/5404-407-0x000002D8345D0000-0x000002D8345D2000-memory.dmp

Filesize
8KB

Download
memory/5404-441-0x000002D843CC0000-0x000002D843CC2000-memory.dmp

Filesize
8KB

Download
memory/5404-443-0x000002D843CE0000-0x000002D843CE2000-memory.dmp

Filesize
8KB

Download
memory/5404-445-0x000002D843D00000-0x000002D843D02000-memory.dmp

Filesize
8KB

Download
memory/5404-447-0x000002D843D20000-0x000002D843D22000-memory.dmp

Filesize
8KB

Download
memory/5404-449-0x000002D843D40000-0x000002D843D42000-memory.dmp

Filesize
8KB

Download
memory/5404-451-0x000002D843D60000-0x000002D843D62000-memory.dmp

Filesize
8KB

Download
memory/5404-453-0x000002D843D80000-0x000002D843D82000-memory.dmp

Filesize
8KB

Download
memory/5404-455-0x000002D843DA0000-0x000002D843DA2000-memory.dmp

Filesize
8KB

Download
memory/5404-457-0x000002D843DC0000-0x000002D843DC2000-memory.dmp

Filesize
8KB

Download
memory/5404-459-0x000002D843DE0000-0x000002D843DE2000-memory.dmp

Filesize
8KB

Download
memory/5404-461-0x000002D843E00000-0x000002D843E02000-memory.dmp

Filesize
8KB

Download
memory/5404-463-0x000002D843E20000-0x000002D843E22000-memory.dmp

Filesize
8KB

Download
memory/5404-465-0x000002D843E40000-0x000002D843E42000-memory.dmp

Filesize
8KB

Download
memory/5404-467-0x000002D843E60000-0x000002D843E62000-memory.dmp

Filesize
8KB

Download
memory/5404-403-0x000002D834590000-0x000002D834592000-memory.dmp

Filesize
8KB

Download