hxxps://drive[.]google[.]com/file/d/1bqp4nuuWzma_Kijljc7GhY9azySTO1F9/view?usp=sharing

Analysis

max time kernel
249s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 17:31

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1bqp4nuuWzma_Kijljc7GhY9azySTO1F9/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
6936	activation_window.exe
6924	activation_window.exe
6416	GoodSaleApp.exe
1952	GoodSaleApp.exe
1312	activation_window.exe
6456	activation_window.exe

Loads dropped DLL 43 IoCs

pid	Process
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
6924	activation_window.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
1952	GoodSaleApp.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe
6456	activation_window.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	drive.google.com
5	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "184"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 144819.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
3948	msedge.exe
3948	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe
6836	msedge.exe
6836	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5728	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5700	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 3516	3948	msedge.exe	83
PID 3948 wrote to memory of 3516	3948	msedge.exe	83
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 3268	3948	msedge.exe	84
PID 3948 wrote to memory of 4156	3948	msedge.exe	85
PID 3948 wrote to memory of 4156	3948	msedge.exe	85
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86
PID 3948 wrote to memory of 2384	3948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1bqp4nuuWzma_Kijljc7GhY9azySTO1F9/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd860746f8,0x7ffd86074708,0x7ffd86074718
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:6592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6836
- C:\Users\Admin\Downloads\activation_window.exe
  "C:\Users\Admin\Downloads\activation_window.exe"
  2⤵
  - Executes dropped EXE
  PID:6936
- - C:\Users\Admin\Downloads\activation_window.exe
    "C:\Users\Admin\Downloads\activation_window.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\_MEI69362\resources\GoodSaleApp.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI69362\resources/GoodSaleApp.exe
      4⤵
      Executes dropped EXE
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\_MEI69362\resources\GoodSaleApp.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI69362\resources/GoodSaleApp.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11285349439385349022,1365451978452815496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault46a99107h3425h4b51h9d35hbd5cb4839061
1⤵
PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd860746f8,0x7ffd86074708,0x7ffd86074718
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16030877073464718519,10302457308434386072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16030877073464718519,10302457308434386072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:5748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5728

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5f62f700f6f64398b303f422cac3e110 /t 4388 /p 1952
1⤵
PID:3372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5048

C:\Users\Admin\Downloads\activation_window.exe
"C:\Users\Admin\Downloads\activation_window.exe"
1⤵
- Executes dropped EXE
PID:1312
- C:\Users\Admin\Downloads\activation_window.exe
  "C:\Users\Admin\Downloads\activation_window.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6456

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3960855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\28883cb8-4ffe-41ed-a9a9-991141ba8e92.tmp

Filesize
11KB

MD5
02d7cedc728f7019eeb248b34934158a

SHA1
1ba9e3f232c0869b8f3366f5457bc035c5f4d687

SHA256
c1fca936c0971b80d7304bab5827201fc6ee032d629eedeb75761df8a0a2efbd

SHA512
16fec1eb9b0b0c05094bd17cbcdc783f9895d70066636e82563bde0f2ccbc3d642c831d50439f9ec687d2a755b9c6fc51fb182a95bc9f0e828ea6937dcf1ca37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8d7ce4f8-0d95-4d0f-b54c-85f152809749.tmp

Filesize
8KB

MD5
37c4b360723df97acf5e6f9ec51fa17a

SHA1
aafd81a80fc8e4de91f59e6dd54c721362f07e47

SHA256
3269d307f28e55f83ee6d15ebad2ec488cf4bb70667aac14211c5ba9ab9b8099

SHA512
db8457a847b70b4339e61d3279f4f28c154ca122724d01a1f2ae59c33110acc7032c28627f587dca7f0613f4ee54a4dae330ef94ac8de34e3c862aa3ea089859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2151a6e37ead92dea4a234ac32b9e4a4

SHA1
54c27c70a5f44d2baeaa22ec381232f9653fb6b2

SHA256
d24db5f4a2896960d5d47f2c2bc886dee4baeabafd7b2435e76455c11e9e7d8a

SHA512
7012066d9ef29d5939d82231dfe88a260e1c8212cf85c2d3820e3d751785eab4c025fe34696abfc5a003484398e6a9883133a491a2dfe1c872031c9074f5636c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
05c484a5d3113f6b8d060974b854070e

SHA1
b2df53a293aed7de918fa18fb3fd4778bb31d7bc

SHA256
9f6a61e6ef9e2d4e16220e0b0d7fd99a21b4d820f698ad0bb332718b5d24dab5

SHA512
47d779d3da8dfcfeef5850278229b4f3453c3561f1939528e69262866b1425914dc0ca52cccd8c2bf76adae6aba79be7b8cfabcfab77ce352b90976f0da7aa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ff430c72719c0305dbc66400bc68cffa

SHA1
f5ca05ba4d023fd0c56bfb754161f6841770b070

SHA256
e0aeb6be0963954292a6f3333038d7d412b7de23f6ed1b17b151f1f82eefea33

SHA512
7772c5b56771fd41f7e58f9e7aaf2bc9471278fda6b72f73c8430e8246fe111be40ba7c68c53c52003fa14bf052e8d932846a074b2c255cf891796bcee528642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d99643778fd9e883fda12a9d6a51998

SHA1
a72c97613b42ba25abc14e14a04b80b9af55e206

SHA256
12251a1a3d63100b77aae3caaa17f2409dca3d974c5cfba2c0080b6ffb6aedd6

SHA512
ed5d44b9f323c93f315d69569a68cbbaa77e45ca8079cba297a30d807ef6959898966fa2a7224aa93d94bb4d773c64b437b59b9470617d51e39fce87f35f655f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db4fd10e7ddfe510cbbbff90b6a1bdc5

SHA1
c5247549c178e303ed2fb1c584914fa476578ae1

SHA256
c181af6b3ee4e78d8347d3ca7c791f3d6a0436f2e8eaa41afa98124907a32f2e

SHA512
55a51063dba5dd5a8785d044b7606c284861fe0ba774d95f82b46ca82167dd1aced4a68c81aede5c6d89fd0fcb49801de5df67c873d5f0dd821b9278a42dd1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71a3c6b35836c23f0b5e90255427e84e

SHA1
665b9a68832a23db475ef43e2a72c406eb71f5cb

SHA256
c488686bc2524f2d6f09815d1dcae6759394bcd89d8c81c853448f353f68bd79

SHA512
d2a4f9418df06b51b003ff184bb3bec594373bdc54b6b1c0713e54b20f802737af6673cad6c26f9b50db152ee73cd0b05b911235c6e86a68b27ec43ecb3cc21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c7c43ba192cf8ae09f9f1396472d604

SHA1
61ca96510d6defd011e01c8c0f2c30e0cf525098

SHA256
bead965588be3d95ebf285a07dcd652e32ab83eeb209c8bd5255272af48be464

SHA512
cb34de9b7cb2148a8be9bdf60539bf54e82135d2ba9eb29c363b8c71598e55ccd4bee4b28e9d99cdf70eae3a5501245e94b17f354cd54493e886c3d208f1d7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb688d44540d59d0ae196b8f4ed6400e

SHA1
1410be39d7b80a9b06c2360b08e7619721ca33fe

SHA256
b40022fec2c31eb151bdc0a1299ff073085f869e2b43c8a93dd49e2891609a78

SHA512
0b3deaef43c2466de25d201c71dd8214ab8c863a0a7fd1687df0a975f05a0c0c5b0e197ca27e938e3f1e35dcd5fa3b5d28fc42163defdffe958efe8fd5e672b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74a801505745eef8354e0874d0403872

SHA1
ac49383a0fa01b8337cd9d73836003ceeba7429d

SHA256
717fe44aa0aa9bfb4492eccd0ac3ed1a73f0d18a84c086ea2192469ba24ad0f9

SHA512
3c37249694b46f66733a16cd05ca2fb2c100170668d7cbbfe9c811b16650cf941760c5abe243792941e83f7ef582b8fe555813345a4f2c0a1efab8ba15ae7294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79663236481b3eed9c047651987a1721

SHA1
8ea4044ca6b364406518cdbac143e8c12d1e1068

SHA256
3a1c43306aa07221bb24ff4e04dd273ad53e011d003ee8b023823ba9138d62ed

SHA512
21af73d650084fc82c10ffbcb7e08cb21438302898e671ec7b5410960da5a44ba582431c6fb816a216fd31874e465170ccc3b1019543780aad62f3975b7a9127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34c5898429565305f276bd618872e94b

SHA1
574af94d9451b6750a9fddc8d7268786d31dea4f

SHA256
28927024ce58ff785cb693f9f915012aba58434a707cb0e519096b7952a3d2bf

SHA512
e198543c30e41b0ef75910fdafd3eb1c990d25164f2275804c2ea8324529f0292f8f992d703c3ff72074beb1ae14df02b2f9e70c67c9436d0925d17b78ffe299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c176e5beb4750986a9aeda45054976c7

SHA1
2d665465f4cf71397ddfb64339a9edd1657e054d

SHA256
579923097dc9aa1a95e686e19f12ecd1a927722eb234a6140f6b31f053c50a26

SHA512
4eace55c9e73f91d22a33f7388ecf14a09d0b8f38e30e4f577158c87dfbebeb6e1d47054dd751eb50de42f2ec1a5802e861b547af182f2d83816e4170b608735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5bcf4e741211c1eaf97ae92f332f615

SHA1
d1ead607801aff68170f9e1c899e9852e070c4d7

SHA256
859dd11e0fe9924efe2efaca75eac4e482894f49b329745d998593c2c2ff2789

SHA512
cd1ab9364148c802d121b5104529fbfc3506473687960021ab5d866db483ae8e91895055f02ad26e3f33c5691f2b35dd8c0d92a2d8299feaf76084dfcde2f960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c18ffef9-0daa-4bcf-b5bb-a78922efad47.tmp

Filesize
7KB

MD5
9df78fb2e49bde87067d36b1a0ceae5b

SHA1
081e0e08825d27b37b89103295ce086596f2b616

SHA256
7cb488f46771e6a57fff77fb872cff6bb1cb80b245c33cdfba80a5a3a23a91e4

SHA512
84e27e532d5a68775591b9d78fde183ea026514e413e5d73dfb78c2e256495ffee6c6f31618096225634cb897afd095392b0f51b88dc4579952ecb98527fbe4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f53eb3f7fe9fc12edf9482a38125f86

SHA1
64909f078db5dbd00ccecc7c3855dc6030443805

SHA256
62f35a53cc3e90bc49045e569b8de6dcdc7fefc9a23700964b6f58d6f8864d9f

SHA512
c93c8e6d7f4d9f08e7466bfca8276cb08ea25fbb6bef8d215c8ec3161a0b4d2291bafab31b80e3f437fecd77c9887c682679e1aca01fc140e0f3947bfd588ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48de2fcc7b5120671a54aaf3b65fe449

SHA1
c0d93e5de98054f5ed542d16d131ab36444c68ce

SHA256
3aca92f86e0f80d61f7855173f53e038c53213c4968f46d39104056b790fb732

SHA512
d66a2fb5016037af992eb7bc90dbc1fee1d9637a2e2a097c1c215649a2ac8f828e5cdb22ebf261912f94e5fb6e0861048c9b3974cd98b63ce59d1e01f292b86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e63244c5387e42f4ae87ca18eacb6f30

SHA1
1bad37ae8214fdce2a4c3d9f70a54a22bed2abad

SHA256
3b0f9033fda6e5028c76d5c84d57efd3153923d33c2748d028658dfda17ad4ed

SHA512
964304d3dcbbc8f0d38834768e5b131d9813b63fab724f6ef8fc588adc69d6a7e917437bae8bd020858189459afc8051b98b5b054ce8986d92150e25a3534d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
722adfbee807af41e079a9d565a73745

SHA1
f169e30df7b50beb175e1ffe9439820968919700

SHA256
130d287c6a75b833e0b329f73a3b5d8de50998b4f05a670d22a110143ab1d1b3

SHA512
7538d885c7e37eefcc721e3fd15e27f86424259280a1e8974ec2f9d7dcfed8a12321cc16bc0326a1f7db79720545df2538e3c39e2f166402b9c5dd0a39e3eafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
12cb83538361b137cc99a616c13a8055

SHA1
85d6a39618c99320dbd56e7b550737144bbd09d6

SHA256
93a3f32fd6b68a40610078c00af8f3856504513362e7d5a71932c7842f01d1a7

SHA512
a6f01c30815089cc360d7caae1b674395d9887e9af04a290e666567aae046782bb75a5a1be49f9389d5dd2a6770e218ddedd132ca3fa6b401a848182155f83d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13122\_tcl_data\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI64162\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI64162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI64162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_bz2.pyd

Filesize
82KB

MD5
c7ce973f261f698e3db148ccad057c96

SHA1
59809fd48e8597a73211c5df64c7292c5d120a10

SHA256
02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

SHA512
a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_ctypes.pyd

Filesize
121KB

MD5
10fdcf63d1c3c3b7e5861fbb04d64557

SHA1
1aa153efec4f583643046618b60e495b6e03b3d7

SHA256
bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

SHA512
dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_decimal.pyd

Filesize
247KB

MD5
21c73e7e0d7dad7a1fe728e3b80ce073

SHA1
7b363af01e83c05d0ea75299b39c31d948bbfe01

SHA256
a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73

SHA512
0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_hashlib.pyd

Filesize
63KB

MD5
f495d1897a1b52a2b15c20dcecb84b47

SHA1
8cb65590a8815bda58c86613b6386b5982d9ec3f

SHA256
e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae

SHA512
725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_lzma.pyd

Filesize
155KB

MD5
4e2239ece266230ecb231b306adde070

SHA1
e807a078b71c660db10a27315e761872ffd01443

SHA256
34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

SHA512
86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_socket.pyd

Filesize
81KB

MD5
899380b2d48df53414b974e11bb711e3

SHA1
f1d11f7e970a7cd476e739243f8f197fcb3ad590

SHA256
b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e

SHA512
7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\auto.tcl

Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\http1.0\pkgIndex.tcl

Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\init.tcl

Filesize
25KB

MD5
fe92c81bb4acdda00761c695344d5f1e

SHA1
a87e1516fbd1f9751ec590273925cbc5284b16bd

SHA256
7a103a85413988456c2ad615c879bbcb4d91435bcfbbe23393e0eb52b56af6e2

SHA512
c983076e420614d12ab2a7342f6f74dd5dcdad21c7c547f660e73b74b3be487a560abd73213df3f58be3d9dbd061a12d2956ca85a58d7b9d9e40d9fa6e6c25eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\opt0.4\pkgIndex.tcl

Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\package.tcl

Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\tclIndex

Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tcl_data\tm.tcl

Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\button.tcl

Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\entry.tcl

Filesize
18KB

MD5
007f42fbcdc57652ac8381f11af7fb67

SHA1
1bb1b0fcad6f5633d1beb8903112f180b1c4ba7f

SHA256
65ba33a1e0b21e8e074780a51189cee6fd9926c85273e9e7633987fc212a17b2

SHA512
a27089719adafc48b5abb905e40d0c6a0a2507526223d72c1cff36ab7c15362c6f0b8ee5775181ba1730852802afa64631ee3720e624b630e3274bfb32f6a59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\icons.tcl

Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\listbox.tcl

Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\menu.tcl

Filesize
38KB

MD5
b7daa21c1c192b8cb5b86cbd7b2ce068

SHA1
ae8abf9017f37ccdf5d0d15de66bb124a7482ba0

SHA256
312af944a276cdbf1ee00757ef141595670984f7f13e19922c25643a040f5339

SHA512
b619e3b8be5ec4545e97b7a7a7f7fecc2aafa58438f9ca3819f644720cf5ff5c44da12ac25988570e595d97cad799f87d93c24d5e67a7a953b9f5312952fbeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\panedwindow.tcl

Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\pkgIndex.tcl

Filesize
376B

MD5
8a0517a7a4c70111080ed934329e2bc5

SHA1
5b465e0d3500a8f04ee1c705662032f44e2ed0d2

SHA256
a5d208887a94832328c3a33928a80f3b46aa205c20db4f050a47d940e94071b4

SHA512
d9f502a006a5e0514fd61426818ad1f4168e449588f9d383d6b0bf87a18be82c420863a9a28e1beb441284a0b1bc2a0b3d3276a0fe3196341aec15a27920de5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tk_data\tk.tcl

Filesize
23KB

MD5
184d05201893b2042d3fa6140fcf277c

SHA1
aad67797864456749adf0c4a1c0be52f563c8fb8

SHA256
1d5e7518afc1382e36bf13fc5196c8a7cd93a4e9d24acf445522564245a489b0

SHA512
291bdf793cabc5ec27e8265a8a313fe0f4acab4db6ce507a46488a83eef72cd43cf5815762b22d1c8d64a9eedea927e109f937e6573058e5493b1354dd449cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\_tkinter.pyd

Filesize
62KB

MD5
b4d0a483f8007beabd0d4d5b41070057

SHA1
1dd6a829b9b6e66e4062d7a84e6e0187e828287c

SHA256
06ea475cbb786bd1db1c1bbd62546446e571f717303fcf868148e15612a04a65

SHA512
aa1599f480ba2825bcbcfe79513b53c8c2393b9fbee34947680b0066b9c75bd4a255fccd3a6625dcbd00e2234810777742135375b01abfa1a0f5a3b49d5f72ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\base_library.zip

Filesize
1.3MB

MD5
73f91fe1b7771f022020ddf0ac619cde

SHA1
d9ecb3061627c94f2cf6c1b7a34fea2cdbd13df7

SHA256
763457ec96d1d2afddffa85523d59aa351208bfdf607f5c5f3fb79a518b6d0c2

SHA512
cb85666c7e50e3dbf14fc215ec05d9576b884066983fe97fa10a40c6a8d6be11c68ca853e7f7039ec67e6b2d90e8c8a3273039b4b86d91d311bcddcdd831b507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\select.pyd

Filesize
30KB

MD5
bffff83a000baf559f3eb2b599a1b7e8

SHA1
7f9238bda6d0c7cc5399c6b6ab3b42d21053f467

SHA256
bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab

SHA512
3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\tcl86t.dll

Filesize
1.7MB

MD5
b0261de5ef4879a442abdcd03dedfa3c

SHA1
7f13684ff91fcd60b4712f6cf9e46eb08e57c145

SHA256
28b61545d3a53460f41c20dacf0e0df2ba687a5c85f9ed5c34dbfc7ed2f23e3e

SHA512
e39a242e321e92761256b2b4bdde7f9d880b5c64d4778b87fa98bf4ac93a0248e408a332ae214b7ffd76fb9d219555dc10ab8327806d8d63309bf6d147ebbd59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\tcl8\8.5\msgcat-1.6.1.tm

Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\tk86t.dll

Filesize
1.5MB

MD5
ef0d7469a88afb64944e2b2d91eb3e7f

SHA1
a26fd3de8da3e4aec417cebfa2de78f9ba7cf05b

SHA256
23a195e1e3922215148e1e09a249b4fe017a73b3564af90b0f6fd4d9e5dda4da

SHA512
909f0b73b64bad84b896a973b58735747d87b5133207cb3d9fa9ce0c026ee59255b7660c43bb86b1ddeef9fbb80b2250719fd379cff7afd9dbec6f6a007ed093

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\unicodedata.pyd

Filesize
1.1MB

MD5
a1388676824ce6347d31d6c6a7a1d1b5

SHA1
27dd45a5c9b7e61bb894f13193212c6d5668085b

SHA256
2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff

SHA512
26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI69362\zlib1.dll

Filesize
141KB

MD5
b4a0b3d5abc631e95c074eee44e73f96

SHA1
c22c8baa23d731a0e08757d0449ca3dd662fd9e6

SHA256
c89c8a2fcf11d8191c7690027055431906aae827fc7f443f0908ad062e7e653e

SHA512
56bafd1c6c77343f724a8430a1f496b4a3160faa9a19ea40796438ae67d6c45f8a13224dcf3d1defb97140a2e47a248dd837801a8cb4674e7890b495aeec538e

Download Submit
memory/1952-2338-0x00007FFD85AF0000-0x00007FFD85B1A000-memory.dmp

Filesize
168KB

Download
memory/1952-2339-0x00007FFD6A1C0000-0x00007FFD6B51D000-memory.dmp

Filesize
19.4MB

Download
memory/6456-5464-0x00007FFD893D0000-0x00007FFD893FA000-memory.dmp

Filesize
168KB

Download
memory/6924-1212-0x00007FFD74300000-0x00007FFD7432A000-memory.dmp

Filesize
168KB

Download
memory/6924-3642-0x00007FFD74300000-0x00007FFD7432A000-memory.dmp

Filesize
168KB

Download