hxxps://github[.]com/SoftwarePixel/Rune/releases/download/latest/RUNE_CE[.]zip

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-08-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/SoftwarePixel/Rune/releases/download/latest/RUNE_CE.zip

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 19 IoCs

pid	Process
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe
2788	RUNE_CE.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RUNE_CE.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
4300	msedge.exe
4300	msedge.exe
5060	msedge.exe
5060	msedge.exe
5984	msedge.exe
5984	msedge.exe
5428	identity_helper.exe
5428	identity_helper.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 5584	4300	msedge.exe	80
PID 4300 wrote to memory of 5584	4300	msedge.exe	80
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 3132	4300	msedge.exe	83
PID 4300 wrote to memory of 1220	4300	msedge.exe	84
PID 4300 wrote to memory of 1220	4300	msedge.exe	84
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85
PID 4300 wrote to memory of 5356	4300	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/SoftwarePixel/Rune/releases/download/latest/RUNE_CE.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd702e3cb8,0x7ffd702e3cc8,0x7ffd702e3cd8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5838856732986765563,7640862979506003773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6008

C:\Users\Admin\Downloads\RUNE_CE\RUNE_CE.exe
"C:\Users\Admin\Downloads\RUNE_CE\RUNE_CE.exe"
1⤵
PID:3004
- C:\Users\Admin\Downloads\RUNE_CE\RUNE_CE.exe
  "C:\Users\Admin\Downloads\RUNE_CE\RUNE_CE.exe"
  2⤵
  - Loads dropped DLL
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be01e2db13af91152efa70373ece94f5

SHA1
d0103939e7b7506b54a25696a192bf03988b721c

SHA256
7978d56c02cba4056a8b353e4dba75a79b99bde7eb6da9dc376a056ed4438d54

SHA512
ad0474cf1d92df30b8a3febac91bc562adef52b65fc1331e5e598163eff8a4ba62155c576159d59a93ac1cc749640ad88fc58eb6e845d9b0c2029acf9b5819bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
176d4267391b7d2e94a0496a2c20a4f3

SHA1
d5676d8b935ee5390fb14d689789c18c5a7b8c69

SHA256
52b855a8421c745a488f883b3cc12de526d58c9942695cbf4f3eba934c5d25da

SHA512
a85e7ec57d145498647a7381bd21a6c8bb4a3272e2446a5edeb260b9b073e9c472c027ef6003f31a75f272efdc7603592ee4a701bcf27b7c909849987f15cb89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c1c4f475eed572b021385c37c245bc5

SHA1
c33cf4e39b20f0ca435d59b7a3ab6109421de0b3

SHA256
6151ad5d26139574ff6e8329b459a43fc1f8b11c51e8312cf5e6d7b4fe6e2567

SHA512
21d1cffac68204d859ef48e23b91e8362342bf73c6359a501a1dd487816ac7b0bb2417590e13e23f815a94c361ed413d7bcd1d8d27716f334d8b201672ca9c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4162dd447a5c1f1be2eb8505a0666bf

SHA1
2cbcfff34cf8e0847a69b2223467650a686fe091

SHA256
8ba35a28e96d047f476c795b3fd20b148e0f1cbff887bb06249431154436ee4c

SHA512
8cf089b41ebf97691d828094d48e40d4e79b84b14447b73f2fafe1632bee3d23a006232dc0873dd0f142728217a58bc2140daee9e41da8c7deb0164439755935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f026cd080f72f18fd34fcc32822c25b

SHA1
59fc018901ac6ba7001ac6d108d77c52db1f629f

SHA256
1fcef16709fdf5de065a3963b374b60fc6ff3f3e6009d7e93222056034cbfd30

SHA512
b97351fb78534d84d12f1d96b0ca8eaa121ee211ea994d3291045fbb33c6d3d2c65d44f2207a6afa58ed9930d3115b3eef014b49e163ca65966e7111e60dbcd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_bz2.pyd

Filesize
84KB

MD5
7f2bba8a38712d00907f6e37f0ce6028

SHA1
e22227fc0fd45afdcf6c5d31a1cebffee22dfc32

SHA256
cd04ebe932b2cb2fd7f01c25412bddd77b476fa47d0aff69a04a27d3bfe4b37b

SHA512
ca46ceaf1b6683e6d505edbe33b1d36f2940a72fc34f42fa4aa0928f918d836803113bf9a404657ec3a65bc4e40ed13117ad48457a048c82599db37f98b68af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_ctypes.pyd

Filesize
124KB

MD5
38d9d8ed2b7df64790150a2a523fd3b9

SHA1
a629c8e76136fa5678c758351e2dcff5324f51e7

SHA256
11daef02afe45d9f3987bab5c2b6ef75b2b6f6f79704c45675d532f090f14b8b

SHA512
7a37a98bb9824680e3f0030e0db795f9eab1cc4d2b6605e4f6c37d432b4de0642481dd7b6c6f0e53264f2d940b4800555ab0d84145d7de35f4a65a26ca100fe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_decimal.pyd

Filesize
265KB

MD5
1139cc9d936b6028305749568ec5cac7

SHA1
8aee810bc2ccfc3c36bef6ed59b3826bb7070299

SHA256
67a47d85cc1a21069610c85da64fc031231d43af7876dfc48361c57d88efee0b

SHA512
1dd4cf64d51a4d9b9f35f1932428f92a3ef538db62b503097a9dfc1940afae59b0d890aca149a67ff1bd5d343d8e4f38cadd49065404e9cb2902f1ed6dbb754b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_hashlib.pyd

Filesize
63KB

MD5
75ed91d3b7a40eca5b32a13b90191ead

SHA1
320bd4b6116f735d8508382738e50ba8862b8029

SHA256
202535a5ceb0bf70c2046639a3884c24f2cccb1bd92827e61b5a7a663d9399ba

SHA512
0eb81335c97842233751e7b4c0d6581accaf00a86f3e06fe35b2c80bd6badf83a321eaf4a449a31238ed3f60aa09890769bf54775cd7efd5112255842e1582c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_lzma.pyd

Filesize
159KB

MD5
ad02ea81a127a401f4df84c082f3cce6

SHA1
9c6c851c52f331d17a33936c9aad8dcef2542709

SHA256
4213fbb6936ad3eac1e1ba28f10e15719176bc3a59ff01ddc6828dd7eee52132

SHA512
cdccd9e5fffc2a2836f7677985d63c0a8a90fc91f1d98a0f2355c11141e21ecd564bbbfba87e717ac80f784a68b6f43430476fbd72cec9820c691df6612ffd16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_queue.pyd

Filesize
29KB

MD5
f9718fe21174d8428f022aaf60bf92da

SHA1
db7e85eaa7c795792050af43d47518ca7fa7878a

SHA256
95e1c419e08d8ab229b8c64d51fd301cd9d75a659dfc05e75b0317ca0a4f22e3

SHA512
000929c994446f22e4f11a011c21b7401bbe8b3b1a624b80a4eeb818f94190b3db2782b00e477e548814caea5234d4de5a8a766d72365c26654d655ec4546be3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_socket.pyd

Filesize
78KB

MD5
0a6c6fd7697e4c3757014fa6bf6dd615

SHA1
f14f79831b8b16a7b31f4c7f698317c023d446f9

SHA256
a611e9b4f4e5fe67e945b771d79cf15c48441ecfa11ce186cec9bf233dc20c0d

SHA512
f5fcfede06f0f81229b946f803b6e292fd0c909191f3c2a82ca317ff7c2e08d1ea98aa2d11ec85edd5449994a2a7c61318a15d47806cd761e25739494f3e18e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_ssl.pyd

Filesize
152KB

MD5
3baf56d4e63a800fcaf2cc98fc120709

SHA1
2a33341eda4b4549452b6db9b259f8ae6ec9c806

SHA256
d7610dd6be63aada4fe1895b64bbac961840257c6988e1f68bbf3d8e486b5a45

SHA512
e48899ed5581fe9f45c02219d62e0acbc92906af5b7a3b7d9be1bb28b41f5cfdb0d3496abc6d0c1a809bb80d2a49c5a456d34e4667995fb88ef8aca6958881dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\base_library.zip

Filesize
828KB

MD5
26a2822bc3bc5cc1c33bc81476b6f9da

SHA1
a4815b5c1362535b361f90f16282d974a73a37a6

SHA256
9781591595b70dc4a1522ebd462b4f38bfcccad4952d93dc0ce7fc7b27da4b1f

SHA512
5f09b98ffb413b80d845fb184f151f317bf560c60f731fc9c0e4faa5f7185a8feb16d52dac66f865ec201a739e49958537555ae3661f31ec0e1446f3319b97b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\certifi\cacert.pem

Filesize
268KB

MD5
59a15f9a93dcdaa5bfca246b84fa936a

SHA1
7f295ea74fc7ed0af0e92be08071fb0b76c8509e

SHA256
2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524

SHA512
746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\charset_normalizer\md.cp39-win_amd64.pyd

Filesize
10KB

MD5
20633f9ac535bdc0d0547690a3a41ea6

SHA1
a5d22d542b041ff5ccb8b366a1cf70c23e288304

SHA256
c7b57773314e4a92a9fdf6a63ec2fd47a8de0a1c21f535cca5f28ec3e46ac6a6

SHA512
1f7ff9c2a62c78a02ff76ff357a04822c57be224aaebf8b2f356f524c857e3c1a18534540377f42551d409a9076fd52e69af4afaf07abf8bebf02310514174fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

Filesize
114KB

MD5
a335587dd28adf9941c2e0ba8d5fab52

SHA1
b6d6737dc83fa37235e369e3e5647dc0b94454b7

SHA256
4dae21835c688bd3d8ad3e633bb0ad78c64a5ea9de7faafa3d531b3dc12423db

SHA512
c7300bc9cb7726e9af62dd97e1b78a5173c3a4c4dcd566e1acf1483f2e68469517474c89e0b8a63f77b4f57d79c8a7e51e022b54cf71b8506ac6e410de24eb5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\msvcp140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\python39.dll

Filesize
4.3MB

MD5
19e6d310c1bd0578d468a888d3ec0e3d

SHA1
32561ad9b89dc9e9a086569780890ad10337e698

SHA256
f4609ec3bbcc74ed9257e3440ec15adf3061f7162a89e4e9a370e1c2273370a1

SHA512
4a8332c22a40a170ea83fc8cfd5b8a0ed0df1d59fd22ebe10088ba0be78cc0e91a537d7085549a4d06204cbe77e83154a812daed885c25aa4b4cb4aca5b9cc85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\select.pyd

Filesize
28KB

MD5
196c4d2f8bdc9e9d2dbcce866050684c

SHA1
1166c85c761d8188c45d9cc7441abfe8a7071132

SHA256
cd31f9f557d57a6909186940eafe483c37de9a7251e604644a747c7ec26b7823

SHA512
cb9a02530721482f0ff912ca65dae94f6930676e2390cb5523f99452174622d7e2e70cafaf46e053f0c3dfc314edc8c2f4fd3bc7ea888be81e83ff40d3a30e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\unicodedata.pyd

Filesize
1.1MB

MD5
684ae6992f55ad6c64588367e42f44f7

SHA1
66d8868286924ada60966a620dffe87b2c978711

SHA256
91834e28cc0acbd966dc6d323b95113e0050301b7cd6cd4abe43390f2bbddb34

SHA512
70453ee98cbf6365aa7a326520cdad438d6a1d6f463da6180cb5e20708647951831d232b577be50a16825912a9e40386c64a9987e3265fc870cddd918b31614c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\vcruntime140_1.dll

Filesize
48KB

MD5
cf0a1c4776ffe23ada5e570fc36e39fe

SHA1
2050fadecc11550ad9bde0b542bcf87e19d37f1a

SHA256
6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

SHA512
d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

Download Submit
C:\Users\Admin\Downloads\RUNE_CE.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 321885.crdownload

Filesize
6.4MB

MD5
5a8d151bcca4fba349d3eddc1f85ec41

SHA1
7ba8eb83be8983a4ee5a9bcc3d24cb3a1da5187f

SHA256
ea304ec63f03c2bfb436824776f7dd4f01fa8687f902c97dcba9ca5e55f9d7be

SHA512
5f6e5ff774cbcdaf78944c6f7563ecb2d155e4da89f603fa608fc258e9c271eed2c94d5f0e73f71cb3dd7f89d890c27637111b4f2fc7df7865486ce934859054

Download Submit