hxxps://drive[.]google[.]com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk

Analysis

max time kernel
569s
max time network
570s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 19 IoCs

pid	Process
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe
5192	Loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
95	raw.githubusercontent.com
110	raw.githubusercontent.com
220	raw.githubusercontent.com
4	drive.google.com
6	drive.google.com
94	raw.githubusercontent.com
97	raw.githubusercontent.com
111	raw.githubusercontent.com
122	raw.githubusercontent.com
219	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\TOSVDOIAHWOIHSAKLFHWA.txt	attrib.exe
File opened for modification	C:\Windows\System32\TOSVDOIAHWOIHSAKLFHWA.txt	Loader.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{0AE83CA4-1EC6-4919-AB40-12D8D8A560CC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
4180	msedge.exe
4180	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
5436	msedge.exe
5436	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 2204	4180	msedge.exe	83
PID 4180 wrote to memory of 2204	4180	msedge.exe	83
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 2904	4180	msedge.exe	84
PID 4180 wrote to memory of 1992	4180	msedge.exe	85
PID 4180 wrote to memory of 1992	4180	msedge.exe	85
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86
PID 4180 wrote to memory of 2888	4180	msedge.exe	86

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5148	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/18YC3N9BLx9Dr7gS2E-nYbWih6B9a8kGc/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6a6246f8,0x7ffc6a624708,0x7ffc6a624718
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7996 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,11655697031258134260,6718790405766295007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Temp1_Loader.zip\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Loader.zip\Loader.exe"
1⤵
PID:5788
- C:\Users\Admin\AppData\Local\Temp\Temp1_Loader.zip\Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Loader.zip\Loader.exe"
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:5192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:4216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title MCC Loader 1.0.6
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title MCC Loader 1.0.6
    3⤵
    PID:5268
- - C:\Windows\system32\attrib.exe
    attrib +H TOSVDOIAHWOIHSAKLFHWA.txt
    3⤵
    - Drops file in System32 directory
    - Views/modifies file attributes
    PID:5148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/1PtmUJzB#8H_fcQmoUcNCzgecUb8Xrg-hXW9AebrwIU0DbBi_-cA
    3⤵
    PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0xb8,0x124,0x7ffc6a6246f8,0x7ffc6a624708,0x7ffc6a624718
      4⤵
      PID:2752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/2bfnhb4kmrgdn3a/Rise+v6.zip/file
    3⤵
    PID:1452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc6a6246f8,0x7ffc6a624708,0x7ffc6a624718
      4⤵
      PID:6128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:6104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
1.2MB

MD5
51cbcadb5af9bd38d0db678ed330cd2e

SHA1
12b51d65938c73bba1d56b16d32fce033ad21853

SHA256
3c4aa481e9f908cd8b70af5a59a1f3256ac10d0f25ce4603782e698a881ac095

SHA512
e845d3fce3799811edd6de35883c8a25ce25cd7aa850cb0f92004f1a52fb55fead9b982a4c323ced45c3df295f20735965161d6f349ac2427a4835ac659db094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3cf31747a34c0b6ee23b8cd621f594f5

SHA1
c8ef846aa1ff0a2c2ae237eb5f1d81c24a9676d5

SHA256
dff8b7b34691b4755a953b3a6ee797edb766c1b5336d01ba15d92a264b33be94

SHA512
fcd1835f81b3d70ffbc4314de7e11d0107d8f362b6753beedd1dc05b4129aaa27a0665d7485ebf77d15d1a73f535f33ca1132c9ec06856dac5bb7166a3a2b7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a67106a182392700121a3b3a54c18526

SHA1
74d55a171ad90a3a2f87b554550a341173594722

SHA256
2865c9e11deb85ca5c9665d163a0711dcd71255a9519f1457497301d4934e788

SHA512
cae9a60112b9eb02a8bd69d38c0b3678d554c2aa40e8ab60608d9c406c7e0126be71de8bada97d7777e2588f4d28e1dbaf6464d52087620d47c82fea773fd8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a8e26181dcf4e5a98f0a9c3ea8ed820c

SHA1
c840bb028889654bbe7bdc10430c7b72fd160a5c

SHA256
6fb325c14a162e77be666afd64f4c520e944ea329354eea44557e54526e01bda

SHA512
5f652923774944c95d2f4915e650a8b7d913fd0abea45b6001363b9af66bd90e81651210f9f7df1eedbd2d815590677966a6efc2c11e4bb4271fafebb9398f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ed060a31dfec6f1913830463c30979d7

SHA1
cf5c9bda488a0737f0b4ef7ed5e81f3556d0ac33

SHA256
a1038b83360d83a8fe9c15783434502bcc8ad8556441d50097a0cd269d58db0c

SHA512
51ba4bb8ff36132ba3b5654e61806cc38bbc6709fe3e29bf64551466b2e3fb1ae4fc069e8a24417dfb083f53d2d89a896499ec0afd579bfa0089bcac9f7a386e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b844e103c8c972d99feddbfd8972e9aa

SHA1
85ece5d28f7317a576d17f96951dd25a9cec224b

SHA256
e559fde88735cb348b45a1149fdc6777593f9d908d40bea7e970f8bfba241105

SHA512
35abb9f6ca1f5aad8cef5bbdb367ae2dae752d088fec958a1f4a0f462b136811d87450538d544484e496873e78cd5f43dd6b18aa6c13cc82239a7c8187ac1e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b6f9986dcc8ae814e8bfa7cd5f0121d7

SHA1
37d6e74cd1bf7547e5a1d9e53d2e4efa41470289

SHA256
a1b2fb957d5121d462585eba1c6ef8c7366f50a14049b7050cfff4bbe7de1e36

SHA512
0827e4d49764729a8c5a615af6af223f525c4ec54c92ade4649c5228e5e37603554494ecdd02466c47f0c9d71572cad720b679be6cc1a70af13a5131e0c5d35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bb2419fdd65de6e5072fb345c710abb

SHA1
3f693a324fe35f05501304a417cb5c94d4f052cd

SHA256
03fd87a11fae8e6e0d429190e32cf9a1fa86f6aa4cd967398633ac4fb2849854

SHA512
94c3027e131a288cdde30cdb7aaaed9b9dc252bab1df15aa6e7f46b9f9112a44b9cdbd6d8dd092f30ef1d469b3ca8226c16e8783bbb356eec9bf6cbf28712f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
88ef9ceb5c2a6f6a244ddb15176adb37

SHA1
26fa6f302b7d530a0e5a0d33c4f21a82831ee00d

SHA256
774abd2685ee357291ef8011f2b706f72a61b8bb3885c0e173ff8eaf7cc27f99

SHA512
40a6ba0229b28478dc860958361d3f588ff8d879c7a9617d27df15d90c792bbecf8a0a25234ba138d93e27305f98e91377af0c4c1187299540d7fa74b343a314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
113795667f61a19f133569d725d7d9f9

SHA1
a8502506d96d3b774258e92f20244d2660fbc6d4

SHA256
31c85d9fca202c419c9cb85f35bed32c16946854893cc42ee950c41f98815168

SHA512
48a3710f04191752a1b97abae8c8296c870d10463475d29eb04f2a42f0d3f9646dd29712f2fdecb99c082819884956e985bfd0e7f8493c1858d713b11f7988f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
2153609db4a2610512d7b0a573db7076

SHA1
4acd6e839521f0843317b55918229832928f5dd6

SHA256
e7c0b98f19a251fe87fee5002c279885e8f82b55317e0b9f9dca28daf76bdc1a

SHA512
a2946a4c8b03e60ae336b69fd5a34d93dd8eed383cd632c75357b659ca7c96996cbef1be4dbac3e9a953b3a201b20ff386ff742fc655d2455fe2e69b04f1c67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
f616030bc9d7d747d66f122a67a6dcdb

SHA1
96ce5c203cabb622d5bd6a23d1f29300cb6a9019

SHA256
4a9ecde8ad8ac925cdcdd3ce3534c6d3c897a8bc0ec1907f0008c3e9ee6b61c4

SHA512
9091f6c9c036b1af6d2160cb17015162599edb30ff6ac31f2695254264cd5b1c31c70a0650f98c5840b294764297137ec4584e94a5f1feef617d08a5222aac43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b9f32cedbb5df6f0613e804e28103764

SHA1
27672838395537e13357639bd068071a119b4da8

SHA256
ae94d7b017f9b507312f0e14251db0833bbec65b6e492852ed19099a26a52e13

SHA512
23e360fd14c8559ea2a8b4cc1da649cbc5bf44c98262e1dba24740daff047d80069a2fd4a634a572755dfc52678cc4fbb9a271628c0268eb4373ef9524cb0dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
340148d54e0c0d8c9b0586341cd8c9e6

SHA1
bdf1e9e425efc72011034b671d1c8bc366d999ef

SHA256
2ddc183b3c0452e8f653860803a1cfcbe0c4c7d944710a31abc6ec78e90fdddb

SHA512
335dd9b402d92a3c61ae8af204f1b7bc6a730924007352d82a8865554630f289c19e5ba126bfd856b0b333580d12e58fe7fa0eb00d55a9d67176a48b17b51f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70a0480a184e2ed7eb0b69485b02bf62

SHA1
da2c305f4702b4e9c8604056d1f9bcd512431c5e

SHA256
3e12de78b8009eb49e0aeabe60e8b009cce18ff073ff61b90054636cf18f4b76

SHA512
643ceaaa28b9d2f5a85419138e0dbfaa97e382f71264d7a8973748217ef3b6b8fb86a76408696c16f09ec50142a575bed79931252d41a28f95159a070ee7249f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
095273030072abe3a105a1b62c52932f

SHA1
9b9305a2ea395cf76e742f0fff83cf64d1f65636

SHA256
32f7e722181599ffa9e40ee6cfa7574d48ce276f89bcceb31813711f704cd231

SHA512
9fcd36d9e1b35456fe7cde60c816049308158cdb0c0a501ac92262482aefc57ed0f1d2e67662b3ab580c58864aaca4f1fb49c4f1163f14f382e8727117c9bfb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
871866c9e3224de72329403746fa2b70

SHA1
49decb50d31c66da0cee0cfad82d03dcbe850cd4

SHA256
61b7efe0b408dd03c90790d050c8dfbbfc90d02b0f97baefcda0c8260fe382d3

SHA512
2eaf788a5f573ac3fea5e477606c9aec746badeb91b346f54ec417a05d212aec18310f28b2f2bbcb10069c8ed6be37913652b654f7c7b4d499c34f44323812f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
584157e61d2a8441e11b415d70d80995

SHA1
5c018cda20388d0e94b5a3e32ea9fc95c6b52f21

SHA256
d939eea74fd49d5b1eb261c53362fab00b3e16a28a2edf5cd9e90ba5939445a3

SHA512
e5d141186018347eabaa2308c8760ca31016a70461e98018917ccf8918fa36160115b157e7527dcb33aa6a29848ff1ae88df10110f900c5413212bd18d8c1c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68d70ff8d50c841e1d2e7621db6d8a4e

SHA1
6bedf94ef1298b54d56832e8d5790dbeead0c36b

SHA256
8cac7f608d9b6becb0342249f4c486946fccb0d76033ea35992d04f8090d5915

SHA512
b9624025b6f899f917b93036c06c2a78ade669958abd0c6469dfd639237b07e35c4d912f972c7056b74c2ffe3c5539e1d005c3b76f086dee4d30440234dfe5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6d7ffa7e6a4e832cdb965c72d94d17d7

SHA1
765fdcd3968c9b0abb6647b697fd0dec514da869

SHA256
3d1ca03be5117bf1037cb09aa3bf2e011bec08e7f28f597ca071fce81d4deeef

SHA512
64b92d212961433a4de1eca7c27752130dcb515ac6b7da3762d21e3b0126a1ebfeef6b587c068afd2d75af57f18eebb58e21e39cbe4f58fffabea233d566daec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f92c4feeae161beed39397281351da68

SHA1
e7e9d5aa4141142f1adb36b25aad70f6aab1254a

SHA256
cecf79cbe5c5f93a5e9fe377eba2c293879f59c8cb07f06c3915f1cfb27c089b

SHA512
8f2b1cf344967623f635ac9fbdc7c473820d63dc624b19afdb1e70eee4cb7d9a6e98bd9c4bf97482569a9336bc5cf0461426054f8e679dc01f7c02ba2f7e628a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3a12102a7922655fabf443f3db4ef1bc

SHA1
fafc1e341a15eef909bf4692a6a307bcfe9d2a46

SHA256
2ca672fd4770b352de122a2833ed6ca07091cc485b368da0aaed6bbbfda8db16

SHA512
c560a722b18c02775fb4f7bb15aa1edc2b6b1c1b33373b47c7de125e68a48ca1d41e94b4064e2ae7d72ce6cff18d87e6f7393488f7815357572929b3bc29eb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
42078deec7292e70309a9c04a1d33867

SHA1
985cb80721ef5c2bf054fb4c4b92b4067c76a9fe

SHA256
b4a215681a1ee94f2899c426e8bb1f552f74b6ce9348b9752a780e8ca0d15155

SHA512
771c1cac51544aa471cd0859d7c052486ee93cbb09532371bcf8e542d3026cf50961d033f00ec5523096076d0b0539436f0e8db892a9d510f4d3dcb1ef737be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4da4.TMP

Filesize
48B

MD5
29d23e86ffc1fee54d34ad2fbe66ec8a

SHA1
6b3b86036749789a04ad62ea4ea146f7d3c3e6f3

SHA256
865d5ef495e220020b090b6c7204c9e81aebab5cce8a10607d5d81008748d619

SHA512
962e55333de033bc386acee7477c704bf6733a6f65ebe8927b8b758e36833d2c180ce46b1213b5c71643c655be8993f5dc2e2d474bb4a80edc319a1732bff6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7693ab8f1cd252b3000010cec6ef39a

SHA1
c477d3a25ef69e198c531b27d3bf106d1db81764

SHA256
13649f818a9732c593b799730164b93e75331a6c87e0de51506bc20a0aec062a

SHA512
a14da4c55ea0b9366db832bb70215174c86749b6f9019e4f72e34cd71c1055d2ccc51656ce881303b848dba7cea37668d9bd5a0f5bedcfc7fa53163b9b0a461a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc54cfec1895585761d7a278e90713f8

SHA1
6927dfbf63c2d0da501ff025778e89ddf9221e9a

SHA256
0a13151fcf5c338429092d4529e4441a2ece5ce8123f0be7fe6a681f495f697b

SHA512
16a0732d23047a749493141941cd4a14c3ac7d71e854017b78235c458a9e66b47878c16349d2fd2a1a4f6e72cb7c72a71a415331fd5febb09db60ca2634d6ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2479e58a7821ee485123896af42fd2ac

SHA1
f1d48e3e6ab9cd371da45997eb77988cef7e275b

SHA256
60738eed12f5f07c50b42a3741838ecd4345ec4c74e1b2370e039460240133b4

SHA512
93a9bac064c65361e1eca79905ffbadeeff420fef6d5f66745dc0a1edb103c95b71cc5f22fafd212616517f2950bbddc8b790dde08e636bdaf78c98bb02c2156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5b1f0a2a19a1e37abb174dc8d9311678

SHA1
5e61f458c01b04532a663ddbc6695527fc1004e5

SHA256
1d6a162870a1e7b3a28bdfa8d2c587768d7a812918a2cfa328e2ae0495fc9549

SHA512
111bafaf8b51399f33e09b6ca4fddd1eb89412a9c91e6c527b06603cdeb4bc9fa1153948f3e9d3dd5718cfa8d83d0f04bea59650757e4f91ef0c5e8edfdf50f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
729a4f26e984b1956d340c49c2fb83fa

SHA1
5c218daff3e6b6db92eeed8d017be5dcb86e1a1f

SHA256
2e4f9bffe246a9eda5b57a1b356a186483c0fcecf4f39d0a8916dc25239004e0

SHA512
34320ba7d3c0236ae571820f8b5f708c72668a451a496901a6808af495ba0303828174cb90c50b23faf4103e6646fa8d3952c1deee3828dc1fac8dcd3367b0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a8593606c30e983c7ab52a03f161f1ab

SHA1
962c7fc7da4f201f7e4f9513f27a64863d07f1be

SHA256
43ff10a1cb825d03a42eebfd495986c41b828814d187bda7424148b1da30dcc7

SHA512
3b8cd39abadacfdd3340e4a3c7ebe25bf4265d88d9cc3f4389b4b9bb9a367db2b0ba72d40795d487857960833643569355c7a64d3a4559cb95171fd9d5ae9d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a09e99eefb09a2d364bd7d6ae623d5eb

SHA1
0bf75370efed661b6c74dff10df9b0e1665420a3

SHA256
8a6a29f5a4c1611bb013c7a575537026ba96ea292e28e4182986df7745eee1e8

SHA512
a1890ce0b0dd4009c5de592d24bbe6114883a26b0157b0b27272c39487fbae5d40c8b9572e6c86eeadef0cdfd797a70e074ddb8e4b3adb6c2d5716530edcd968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e7f5e0169356474dcf9299204085ebb3

SHA1
d4d1899bba7eddedf223078d6dcfe49abd7b6269

SHA256
574b2cdac53496c7d6e50b33788e182e06375104fb384f574132aa182342adc5

SHA512
12c85579a876c9a183b35cb1d8aa6613135571a92bfcbbd7cb3c727ccd82ad5c0348152956d32e97f3dc19dee4746004e8bf4ff772d3ee8e1824dc00a40a307a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
45c11fe3e7787bb491efc81cf4644fe9

SHA1
19b568397926a45b174248e0ae4f82a26818d0da

SHA256
01dbe6210168bffc134245d1df777438630e056c61ce8503657ca64bf485be55

SHA512
3931d4e41de6b53762f7daa6ba5f9961bb1ec1e0f1da9dd3e2c712558327316e3af00af01e6e025d5717f338984f0f8e6ec898739d475aacfe2899888e75d24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b9c97bbda46e0e27abd4171e06aa755a

SHA1
3a9796694e9c7ef46e190ee0b00d5e6bbde0cf3e

SHA256
b21a5f0c4a2a20019156c0d26bf8186e38d6c4ef5fccb855237da2401d71031d

SHA512
dafabff1ba3a4ebc9c63673ca9558deec7b2dcd2284c03ebacb1cf55d16939d7d92da9268402bebfbe6e70b088cfa49d0cbd9503103905be3180c4755a8e662c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595d87.TMP

Filesize
1KB

MD5
39c4db24f7187e8b1266bf7a8ab65d87

SHA1
52729dea746bb302c12839eadaedd69e2160d0c6

SHA256
9a6516aaff65491b147eec42a424f879fb09401f8a69b1be0d6578eb8a110f6a

SHA512
bfeba40c9c62cc7891f41f6365a7d7b4d4447a9f0271fb3ba77e5760639369270c023c275d4697b443d4b9865737e513a2f03e80d831e04c33cdf3142d97a375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f61aff84cf716e42b64577abc39dfb99

SHA1
77ef37393dd9fe831903a4c0f9decdcb6165f213

SHA256
01029eb74e01d38969b69bcf57ec6ccf6f634eb1e6cbcbaed6d4418932e10c7e

SHA512
3b0547ed1d2679b9b8c19d56fe7861dbc8f4437d13b37615da8fc6acc7b306b25d9c0ea0d38d1cb899582972982616cf41318c1bd75466cea9ba67f09fd1f8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85fae7175bb4e560cb218576ad331b96

SHA1
1df3c8b8bc0f43687b24415aeedf54c13b6338fd

SHA256
81bc34ffe30b914a24b89ad02fe6f92bc9b062d9fc1e5a569f939d84c3c6338f

SHA512
bdb98c01a6cba1c81efe1f4780cb1653d38517f0d528b4e8fa4482ef8a82c5d958826a9afd7ca5be51247fe07f0cf8a6ec766c34e90efb11ac5735e789aacd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f43c3e23c647588c06dd3a7a8fabf0e

SHA1
8afa2273b352eaca3cc8088fa980278861ad1706

SHA256
47e1d179cfc46a1c778909b45856256cd9f753b71ce692ec8b885fad2840b3f7

SHA512
8e476ffd97b3581e77e7952c6cbd7ccd87aa08f2987c039eca53971d9c1d6302d826c462f0ff77e2e1d60eabac9c638d9c91e4b3084d7a0c58e89b169469c46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-console-l1-1-0.dll

Filesize
22KB

MD5
09b2a90adc73421c3b7a70bfeff0baac

SHA1
4c9874195e917efb5077887be2f1677e58410861

SHA256
b2093752af55d7708dd9e0540c66a621c128870dee43efdb2a36d5128db463c0

SHA512
fc4b852127a34678d7dc735bef85494847a16a4a6505b8a12722672faf0169f234652ee24278c51ad681187760e41a27fe46348252cf29fbfd2c9a9e561aaecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-datetime-l1-1-0.dll

Filesize
22KB

MD5
8dc8a35c4e043348eceda2657c263e5e

SHA1
d7572375b2ade6a4cdd0910f601340a39da6aba4

SHA256
f1ded4bbe9ac8fe71a3e0b1e72aa15d6fa699f986a6183681b36b38990df9037

SHA512
6275043f611001debad6efbe8b402f9d4a7ee405e6e1306b253ab26616a399400d845cf89355756e3d81dac245c367a5df42dc2880a728560f97ae43d1df4926

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-debug-l1-1-0.dll

Filesize
22KB

MD5
d646d8ea7d6c3271337a827551618e14

SHA1
63deaa4158f99509d88e39406cce3b9c57947de7

SHA256
41ff412526664f93fc6997dace8ccf56c709b34bf745e97091eb5e1a7c7e491f

SHA512
af9151905265a89164ed20301961c250271f8804ee087b05a575a15d2cc27084a258bb41eab1bc6376d858fe3f1871ddd32f9f79155624fdd89080037f6ac865

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
22KB

MD5
2b408cfb2c072c30f6c9007623932d25

SHA1
2835982048a9bf3528a532ee766651653f36de8f

SHA256
48435a9a3b4206b595741c34be6198a759569917cecd3c526f0d63ec0a55b0de

SHA512
3a9d593652a5e9a92881120448772d847901b4eeba1a2ce0161a66cf82e94c1dc2ce3acc17a95e595942b3e0854ffc466efb15023b37aad0925ebd0e0bd44771

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-fibers-l1-1-0.dll

Filesize
22KB

MD5
f5fca0b8661f1d2a8e72d3dbc95abe77

SHA1
9c45d68e7c64c39bd6296157fc812d765999be36

SHA256
55fb31da2909865d9b3b980afa37bff007fdb624524dcc337594118641953784

SHA512
6599eceaecda56ed2dada54aa01a8dae8a1c4dce09ab3c54d0b77885b9b5cc24f67bda6f5285a52a08b69d9e759a52781a829cf130d9224955397c41acaae468

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-file-l1-1-0.dll

Filesize
26KB

MD5
a5335665d8992582f89958087b60d3a9

SHA1
97fb0a21234fd243d46d21992e6016bf0af2f3d8

SHA256
9f8d03558282ec8afa80282d0736625db4c28ba2e1d358734fd9c4a29fe4ed1e

SHA512
b286004cc38d2873b1579b097785cbce24fc9d69989a0dedf05ca338981c6a13678bd71903a6a99f38013e1cf43729e48a3e50827f2dddce3695b9192264c477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
8d1531275b769c1bd485440214bfaf82

SHA1
c8bb901b148522595cd78f1e12f61730bfa3d9df

SHA256
0b7a730b6b10c9d2e2fe1b9b4419b1fc60db9074a0c6f830e1b2da4d0f65fe88

SHA512
55914f424c400208b0d2c4d6cafa355aecf4697d3a6bf4032fe298214ed3565013c969b1e23d91cdf995dad46760c80e3a0a3abc062b3084b2bb4bc83a90995f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
50d07886dd9136e8da57bfde8fa1f69c

SHA1
17526cd01e870d4087c5aa423e4971c72882e173

SHA256
67fd0522cacfc3f5fb90373dd5fb388b6f63035d9a380cac4a3dd3d7801724ed

SHA512
7d1b12529f35e1bcd7a858fef4001a4a5e0ff15506789fb3ce56b58427d16c32a9c1768b87b2f66a1b37456a05f8e05ae0b0eddfb4335ae0cb8eda00550175c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-handle-l1-1-0.dll

Filesize
22KB

MD5
32dda59c16c53eda2027347b5e741e9d

SHA1
e9ad7505f468b62144a8a8551c2d6dc9f2f82a5e

SHA256
595ebe2feac7f57035b0ce803412bb4470d0366637a191cf4e48d5f5fd8bbffb

SHA512
d7c06ce6ebf509b90592d6262ad9950cd8916f715add79a384f688869de596c8e0546d1597380eadc954a9e5dd2a9dbb818899372ab51104e865644269cdec95

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-heap-l1-1-0.dll

Filesize
22KB

MD5
5ce4e2adef8fc502db7155483584338f

SHA1
9d7aabb46f1cb7cffbc04b324bb4a10c17c45e97

SHA256
23e4d57c2a94c8412308218a091cde0f4aaf3af360449e31fe524b153a08082f

SHA512
0b160aa88aad8e06d157cb4468cc1479ed31e01064cb8cd0900d34e3a708dd0d77dd239e357fa7618eb75325502f5f8fcb90fd9fc6ed2a9c1d7557cdf1876353

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
22KB

MD5
6455ba4882ce135f21239aedf014acf5

SHA1
2db779414b30759d8394184e1f7254818df62ed9

SHA256
57dcbe7343ac4427af6a82ef24dd7afac04bce59b82fe05aa506fde656f513bc

SHA512
81764d46251bcd76f8c127af3f00ecf13f673b46624beb3a5eab5cdc6d69a0dabba91327e30e976a3fbb0dc6280b0fb4e8e7f237615b27c484b8ac5fc084d056

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
22KB

MD5
7dc3a99fa667f8a00e9689133e4e38c8

SHA1
c37c13d833d6a11212dfae32fa19277baf5000f1

SHA256
d8ac0559b5cfbb8414b39d509bf96999567166ff63f4994c5af07cafa3ec4b08

SHA512
e772c4ba5181c2f543029aa3929f0b3ffecc2e25e350a900f798ae58543938c61e45a233593caf6c45ecc21877ed79e0ff2bd5cd2f61e7a3cd16d2e4e9520212

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
ab169047e1a0fcf3c98be20b451cb13e

SHA1
a286836c85ae43ed5c79b9875f97abdadf57b560

SHA256
3cbc6f8cc2a014c9c6e87ca05dd0e9e0884da58afdc53b589b3d7172c4403ed7

SHA512
c8e27ebd9335f7f34919e841f9834fa687f822d4289b47c20283e37f4a499008668bafd12e1f742597a6c8623312fc41881c18a56b9062a2a609dbb55f0cd17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-memory-l1-1-0.dll

Filesize
22KB

MD5
87b17a424c4e5eed9d5794ba33317dd8

SHA1
7862d1b492dea9e6fe9c6e1e1706137825853947

SHA256
706bb10d0517bae082df6c955c3915d1104ec128bb62059f70cf9564541cfc01

SHA512
75f6dff05a6e06cd103b3b65a40149dde45abdefca67e352ee1ad4202da28efe9dfc530ed2a51995fd1ce019512339fd908f1762244ad7449a5d571ebee41e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
22KB

MD5
360557f082d00dfa55bed5bdcb7d9593

SHA1
f00534612643f0093a689d64cfc61e084e942e12

SHA256
6e2b713382e574f24b17e8a1c911e8256d50b82dc044ace459b6e0c679a3dc32

SHA512
41bc1078e1fda3527ae0cd48051a0ec91d8efe4de1b6ff0903779d7c7ec47b5327aaefbd8b5e9c7543aa786521406b15dfe1bcc65fde6fb3d4eae51cc06ec889

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
22KB

MD5
4887dd9dbaa261a8b8ba0c5bf5da03b8

SHA1
19b72460ba53f5d8d95edb83f28d8df2e714d344

SHA256
a41e6074348ca71f102eb9207ab8844c6c470f1260003dd453907f77d14a668f

SHA512
aec187be29253306cbb0d4b0d535b1f9a967ba5f9e868e38fc23de931bdc363119094999d143cb19b2231ad7e97907d1de92f8300ec80afd038079ce7dac5a36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
22KB

MD5
6442313028b28d89f68b8e637a7c6510

SHA1
9d010e45f4faaa65a155d13211750517391a21a7

SHA256
bf1fb2e33c4fa6dfa0a50e2ccf1a1976a02d636e4e45406d2587c271b333da14

SHA512
7397599d60b7b1999e739454fbc1f23c511a20370a22aeb272f007778b2e67b9bcf05638a72985be7c9d133af1ea8744c14c0c8a55ad1451251ee35947f9da24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
5132f7fe729791081561426904d45e76

SHA1
56fba2baed4123bf4be7be1c5344f95e6bd9db9c

SHA256
a5aa6755860602c58c0edb1353c965e6f0ba58e7276ba6fb5a0b961fb274d125

SHA512
b12e981ddb608049456dbfc0bb77350819f42caf0da457ad778bb9ded3979503ce6713d366547ac3f949ebdc01d0775da1d726fd367b11b8680a472017f59cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-profile-l1-1-0.dll

Filesize
22KB

MD5
2cf91da8fcbbb1f9edbd457196cd2b6e

SHA1
3b2ad932dc29a4fbbea664bcfd64050d2f2be037

SHA256
8a1e68d655fb05b18cfaf8f4bdcfbfc53cfaa7cd941e5aadbc1769c461dd1fb9

SHA512
63a12b7f220be481dd5240f44b6cf3a8c2d734dd460c2db551ac1a985e95702ca0c0caf99a0f4d767afb730b5105f9f41be03e491090893d5a16fd871364622f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
22KB

MD5
fe4c5f591405fb55676180a29c079f43

SHA1
4ca10f86a7a27b86c74205af7dfb8a4d05789e33

SHA256
78dffd464d72e82674647840c3361d860244d010f0402d87a7998d8afbf8cce0

SHA512
b3bb7911c33dfde7e04335eae357a8c9481eebbf7a74b341e37bfa54be400905ce1ad951cff21896f9460922290201242b071014925a4de0343a940f9c6a71da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-string-l1-1-0.dll

Filesize
22KB

MD5
0519e2e84483ce47c37a160eb4d4232b

SHA1
dc986257568e666f2b84a3d1fc137f55c95426ae

SHA256
3a76a88faa313726977c44656c3004664c6dd171ff58cd935e9a5ca282a04cab

SHA512
931a7c98e72e56217b3ca10bb1c8da59f1a2d797bf1623345386023f42772ebb58e87e61eb142aae272641ee4f0976ed7e9e0b6ee4d8ce18fd6c745e848cf988

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-synch-l1-1-0.dll

Filesize
22KB

MD5
f77da542def06fbb430198b37506a09d

SHA1
d5a86f3e051d8f5647861fc6d0b66f9be2a41980

SHA256
0ecddd0a18b9759f79bc014b121f4fb97cc2299b15fb00bb54117d1f5decde74

SHA512
aa88dab30faebfb2de590c2ca5d4e64507bac1e09693aac38249eaba24d8a41e0d510e7a24cf1709e6bfe32cacb9a9ca8b210fed28868e2efc02e37abe570c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-synch-l1-2-0.dll

Filesize
22KB

MD5
a9e2fc6fadadca47a3d67174d054cf1f

SHA1
2bfd066deb3cc84fd0cc0b6b13c1266c68bb33dc

SHA256
abd80237d43ce594f6ca781571085b25db7325cf7549c8d95302e302408a9954

SHA512
fa7e9d43c0e7f924f219c1b478a280cb53f3625d4479c92dd6ea1e9ca403d30d854068bfb7310b3fd44f1effae91d88087ef61b4649160516e9264b1e92dde76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
22KB

MD5
d8ad62c97e8fd8c00959a8812a763f1d

SHA1
a32c26b69d2a7d900a0de544203aa0f0e225a51a

SHA256
52049f5431f10856708fd7c6ed42beadaae65ae3092c0aa56f79704f6d5ef963

SHA512
87ea1a72a271faae38444969d7e9995c3cd926e5d85562eb33c7d8186274b2df663dd5e31af8c6731d678ae463843f8797b8e586830bb45c1b6b7ef7a1de4b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
1ee744ceca8da8dba0dc27f25125242c

SHA1
4c168b8673cfabbbbcf00195cf0db7b640a0289f

SHA256
c67dd8ed74c0a207c980caa6bb453e62180a71af175feeb42c2c926ecb911e0a

SHA512
d17b8f1419e3f77729c686d4fe79feb08368953e0997ef67217e829456e1c13dde5d9e7a0c35d117d1ae4d40f37e160cb6390b45242c0308d809dfdadb3155f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-core-util-l1-1-0.dll

Filesize
22KB

MD5
ab75ac7acd7344fb84904f78f7eaf8fb

SHA1
48fddb6e311e8041f15cef98538a8e5bf4ee1eef

SHA256
e5f86dc2e31f3d8133a9bb22ccc57ed93d2154aa28251c1c26a989e4624237d6

SHA512
2cdb373117ae71ee56ba51c45998926cc125311098fbafd467556c40ca4d594f953e01b4d6b4e006eabbf966dfc82bafee4d4c14cd84009fd5e4029a289464bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-conio-l1-1-0.dll

Filesize
22KB

MD5
4e9dd52db3106bd2c7d79c9d29e78f86

SHA1
88b0295fdda5b307be33853572d65d123a8dd8ea

SHA256
312415ce3f3333f09fc207a69768133253c50b3e167ba303923fb357905591b5

SHA512
138dc82cbd5575d41c361a6a1fbf021386f4302ae1d936ac247a86be2bb1249099abc36c0945cdfd91010110c0f367d88d51bdce721e44229446a4e705340f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-convert-l1-1-0.dll

Filesize
26KB

MD5
c8ffbe7204e1fe53a396ad8c9c99e9bf

SHA1
8f08f205ca5003b79ce238d257a7a6ea2513b206

SHA256
32d3fbe9d4cd6c7f3adac383d5ca67b36d3c9b2e569b204d54ce0a27b317296d

SHA512
58bcfc777f39f54b141a8474a8e08692e53e41783aa9f168cc3858d5137cca601661bfdefb846618c7c8299c31078c8c7ef508b25bbac88d84898e36dd5d426c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-environment-l1-1-0.dll

Filesize
22KB

MD5
97d2bdc7b5daf5568f4333513b536adc

SHA1
c16ef9c9a40c4b4d79c019869e8838cc6db897c4

SHA256
cfb7bc2a80acbcc697e3e5d1f7ae43e069554b33ca944b0dffb8f631232cb05c

SHA512
86aea6582762002e3f19fcb4074de18c1f7a0fc9045b647dcde9a996c80085fdb12a47901a6c1cb6571077b32870ddd615425ad3eb6e5424863757743211bd87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
22KB

MD5
d9e64b48ec7135200f1396e017d1351d

SHA1
65d0e077bb80da2a71c1d2aa5986f4233ab2f04f

SHA256
f66c1e092b1a96333245b18dbd7267d3e712b5cb7bb6c9fbe9de44d304582631

SHA512
51adfecc9ec6c03af264f73645a2f83614ac8b5c453d1fb64e2f32ba8ddb492189762a302ee317eba844776ba49acc27afb760469734672730cd1670251b1fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-heap-l1-1-0.dll

Filesize
22KB

MD5
1a70583c28fcae749bd262a34ee968c8

SHA1
5e4555f4f4250a7e8b336d25145795e597dd53e0

SHA256
be91f29c0def06c532d900c397ac7b79213f466e3c30cdb2231c7e08a9ee2baa

SHA512
7ddf949b913e2a4e079e303995aaa6b26d06ecb66499270fac3cc6578dc37e03671d8a069c8657f20ecea26e8dc106eaa8b13e045d2b5bceadf4f7bb899d0d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-locale-l1-1-0.dll

Filesize
22KB

MD5
4cee8303c0994cc97c0b426c719032bd

SHA1
d60d2a4efd2d1db5d3c9f64761ad6bd1802874cd

SHA256
7478756d70840c9bdfc3c38fec5667f309a70970e6d5af058a25e6d9efb2aef1

SHA512
eb13ecd1517e66f0d787d2fd6a88abc6d89d2d3392839d6cd5b277a52fb45dbc2fa4b849a0ee6c6d884d074ad2cdebd9f63511b08f8a746b5eb10978b8fbd646

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-math-l1-1-0.dll

Filesize
30KB

MD5
33d4c8d4f8598d32f25c4c78b681c3dc

SHA1
4f9b6b99640472531d1f6c11f030e043916cc6f7

SHA256
bef4d133abe009f50ce9d67f31acd963a1a77f41b0ba71b4707be8f45d974289

SHA512
b163e8d20e99288cc823a649396549671bd9be4dba323966f3567f10e357d90d9318f589c1f45995c332b8a491fd09655caad3a25676e0fda3bcd20e64a11a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-process-l1-1-0.dll

Filesize
22KB

MD5
9fdb0d60d5bc511c84f47d84da43a3ca

SHA1
806137977ad4b16b86e333c1453f01f8c3e49690

SHA256
d18f92bcb20f14c8888491e8c38246d97b5f138951dc8e4056c80c6ba5e0c5f2

SHA512
af00d5cee6e3c3ae70d0c35837222f74ab030da72899997cea71c9c1ff9fb3d611e6e6b2a8ca75d59ab4b7ce12382e1e11ffc7cfb1c4cff2eaa2ad7c81fbf5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
26KB

MD5
b4076e1e955e3b9c33f03edb77b67b04

SHA1
fdc44cee07598ab865f8a7ba1e96ed32b87f6525

SHA256
009a2fbcd43b701177c02c779fa01ce7b7e8e9d8ed5db3e305880e086bbf2aa4

SHA512
85766b23f3e95f010734933eb45c61491b268efb0f13e86ddf9fc361a558588968c7884cda5865b717738044bca4f1f9c9295149f70b58b3809dfcd58ea43907

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
0c513371fb7e1345f2c7a8c737bdb938

SHA1
30a40972e250080b68614e4fe2a721a3cae177c1

SHA256
bf28630e9a216e6f29ef9df48689d8ed364684638c0aa54f09ab53e9367c4cc0

SHA512
43fc864273d0f29a4c0bf7439022dd776a52b721ad74d1f0ddd1f02e87556eb93821f04d72d353fc40a54ef51b19c8b42c41af17240809deb3c2e72121e6678c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-string-l1-1-0.dll

Filesize
26KB

MD5
e5341ed2725f0076968f08976d7cc32f

SHA1
88e2bf83e6f282b9d96cae288eb3a61d9a22694e

SHA256
5e8e44dc9d9166dd68ddc71af62714daa4106eac603638f83bfaeb316f8bc711

SHA512
d724add4cfa1189789d06f0cf036351d4d05763716dd6cdfa0a3f952cb1b1436c3cbdab1c8800ba06f98f5bbf0b90a3e0d93de6cac0052e15b86295320ff07e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-time-l1-1-0.dll

Filesize
22KB

MD5
731bb5b95efffade22fbe82b790afa73

SHA1
b31d46f7762f9af9b0b5a1b8c3449036a475faa3

SHA256
bbcc243488e48b4b77abdcddfa45264bb1311384284db3f5b432abe8c16a6ced

SHA512
cc77510ba367b1be7189b5362ce49925a749587cd3a81ceae0dd7cd6264fcbab8eb688475a7207e6d37b71d8b87fd0a616314597610d5d3eaa49ae9b4143c1b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\api-ms-win-crt-utility-l1-1-0.dll

Filesize
22KB

MD5
9dc2fccadf649a038ef9f4233c4f2a58

SHA1
1a97d6496240a567190cc816a9e7ff0da1056e4e

SHA256
32d55661717f9f7090c4220fa99d5cf3ed712372591935d12d4584eb44d354dc

SHA512
0829d14165ae112f2394a64f0200fa674e3c8708527ca4ec573982b0d049ac31f9147ce44564b0e12f9d4f704ce637a1990503106270d417f0aafc0c5ff5eb67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\base_library.zip

Filesize
1.4MB

MD5
2f6d57bccf7f7735acb884a980410f6a

SHA1
93a6926887a08dc09cd92864cd82b2bec7b24ec5

SHA256
1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3

SHA512
95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\faker\providers\job\es_MX\__init__.py

Filesize
83B

MD5
eeaa6ca5cb7f4bb1d7e75797f9b5af37

SHA1
0ac3743facacbc2090930b41cf38bcfe2951eb37

SHA256
ce99db30f577944104a7365372ea8363cd9d0087a6e9d88f7b835a1926da336c

SHA512
b492e6fa3eb607683a6c6f5696835aeae5e4c12fd2d44346bfd954d25c0bcf5bda808c175b0b17e26a0d5daf4f91d8588de119f5b747a80b3cfe53f68bbecd7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\ucrtbase.dll

Filesize
1.1MB

MD5
28146c66076a266e93956111981cad4e

SHA1
44797bab4d3d3a8ccdb9df3a519cd3dbef838c31

SHA256
ed570898508c9d9186052157106b6dd9722bed47a27ecfeb424386c8970d81da

SHA512
078c8d6595b0afcee215a44ef9caa82f990ef2bf5dadb8fd84d83ac89839abeee1f9ce250e80b77cbbdde5d13688ed345da1f4bf22958490e645c074d2453f85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 13979.crdownload

Filesize
11.8MB

MD5
5c12c277f20d7052d238170c0379de04

SHA1
fed7a3721abbcc987506a2b8b0057ab263e69877

SHA256
a267f536dccc5a1c4bceccdf6e25d9c363539e37de1f4d4f897df85cb83b6366

SHA512
bb606621a2ace658b6e7d2dfea4dc08a1ab80ff942f26312ccc04829fb5c72c6d46a2be732ee3688a826e93d6a0a908538026023aa6ce121b606d1a06f9ac0c4

Download Submit