hxxps://drive[.]google[.]com/file/d/1_fFHxWCmU8DsQZ5cmki8n5HHLnoWIs_3/view

Analysis

max time kernel
98s
max time network
106s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31-10-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1_fFHxWCmU8DsQZ5cmki8n5HHLnoWIs_3/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
6092	java.exe
4924	java.exe
1404	java.exe

Loads dropped DLL 18 IoCs

pid	Process
6092	java.exe
6092	java.exe
6092	java.exe
6092	java.exe
6092	java.exe
6092	java.exe
4924	java.exe
4924	java.exe
4924	java.exe
4924	java.exe
4924	java.exe
4924	java.exe
1404	java.exe
1404	java.exe
1404	java.exe
1404	java.exe
1404	java.exe
1404	java.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
9	drive.google.com
10	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\96e9c0db-c874-4c2b-95cc-53b7c96e304d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241031000827.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
4680	NOTEPAD.EXE
5812	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3048	msedge.exe
3048	msedge.exe
2420	identity_helper.exe
2420	identity_helper.exe
760	msedge.exe
760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	5772	7zG.exe
Token: 35	5772	7zG.exe
Token: SeSecurityPrivilege	5772	7zG.exe
Token: SeSecurityPrivilege	5772	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3272	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 544	3048	msedge.exe	81
PID 3048 wrote to memory of 544	3048	msedge.exe	81
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 464	3048	msedge.exe	82
PID 3048 wrote to memory of 3212	3048	msedge.exe	83
PID 3048 wrote to memory of 3212	3048	msedge.exe	83
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84
PID 3048 wrote to memory of 1936	3048	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1_fFHxWCmU8DsQZ5cmki8n5HHLnoWIs_3/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc56c646f8,0x7ffc56c64708,0x7ffc56c64718
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1236
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6d5f65460,0x7ff6d5f65470,0x7ff6d5f65480
    3⤵
    PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,7554162767144404468,515696397652974619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Rise\" -spe -an -ai#7zMap10417:70:7zEvent8427
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5772

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Rise\Start.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:5812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Rise\Start.cmd" "
1⤵
PID:560
- C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\java.exe
  ..\files\azul-1.8.9_345\bin\java.exe -noverify -XX:+DisableAttachMechanism -Xms4096m -Xmx4g -Djava.library.path=..\files\1.8.9-natives-win -cp "..\files\RiseCompressed.jar;lwjgl.jar;lwjgl_util.jar" net.minecraft.client.main.Main -uuid fc5bc365-aedf-30a8-8b89-04e462e29bde -accessToken yes -version 1 --assetIndex 1.8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6092

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Rise\Start.cmd"
1⤵
PID:4400
- C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\java.exe
  ..\files\azul-1.8.9_345\bin\java.exe -noverify -XX:+DisableAttachMechanism -Xms4096m -Xmx4g -Djava.library.path=..\files\1.8.9-natives-win -cp "..\files\RiseCompressed.jar;lwjgl.jar;lwjgl_util.jar" net.minecraft.client.main.Main -uuid fc5bc365-aedf-30a8-8b89-04e462e29bde -accessToken yes -version 1 --assetIndex 1.8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4924

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Rise\Start.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:4680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Rise\Start.cmd" "
1⤵
PID:4684
- C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\java.exe
  ..\files\azul-1.8.9_345\bin\java.exe -noverify -XX:+DisableAttachMechanism -Xms4096m -Xmx4g -Djava.library.path=..\files\1.8.9-natives-win -cp "..\files\RiseCompressed.jar;lwjgl.jar;lwjgl_util.jar" net.minecraft.client.main.Main -uuid fc5bc365-aedf-30a8-8b89-04e462e29bde -accessToken yes -version 1 --assetIndex 1.8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
439b9725a7d7606ccfa16b0907f3bed7

SHA1
6530836d3b1bb03edf4efcd878ce13d8f43d958b

SHA256
e3bda718a71bded05fd216c34147ddc26411ec19ed4c43aa6d982b2a22cb3d87

SHA512
cae14de73104627584b2d881ba48e0627dda4314e0f09aca07224080062f9ce0afd41a533c24c7b77a09572e3370d92e07a1d9dd4cb0914f020580820a3fe6b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
b6de923b630c0d7eed3a7b4456895deb

SHA1
a2107d307eac06bf9737ae7011abf1678b9dbddb

SHA256
76115a0213e9a5d4bfd57e38d6d35ba10e675a1ee1fb12a49b5305f5e506d6f9

SHA512
7aca381ff9ee1b85ebdb48668a57ba81ad43c094630a80cfa40e85afe406c0c7d86d755c470d2d7c164e68db8506d592d86c7239bbe0b974b8b75b8b5668bb27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6542c3a2f64d0662ac9c225fe33561e5

SHA1
5e8950d19f0f4b150ed4ba343ff9f7f0076516c8

SHA256
2128315f1c98ee8b4e265bd7166d3b5f412f943aead300241d48e8b26003a7f2

SHA512
0299300b912cf9ea3365b0f2c0a66f64d25b6c3ccdd2167e867b6354a38c6e03c2e50fec8035bce1807698ebde8a53ddec6e2d77b3369f7f120b201f808d800f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587819.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adec1cc2216884b5ce3af2eb995ffcda

SHA1
3c8d89b770ef9a05882aa2969380f4a53b5581fb

SHA256
8eca382a0d28927553de6d6dcd4732366bb3ea4f9d89ef6466bc715d76a5a0b7

SHA512
9cac99f1ef02100e0e16ebc8132c9be5c73c55d545318363cf445e4c7b9d109f747c6e6ee9533aaee3bf8d14741fbaf34848ac270ba5248ddd40d3c0275d6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebf8278b932424c5776c3549c3712289

SHA1
0ffb8647967a812633c8fea7fe2fcdea99e57f25

SHA256
45e840e36909fdb6451db73afd3bf97e6383dc515ab078ac2d08c6917edc74e5

SHA512
4db0c8ae6aa4a94f5abf51bb9cac5fbc072847ccc4e8b7faec51dd19fb50d63eaa52a8667eb173856f6a5a5b444c63d7f6d8a272e82ee6cf6490b34118e565f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aab651c7-d1e9-4a01-a4b3-5e908a14940c.tmp

Filesize
6KB

MD5
bbe208c9018b2c2fa58762614cdc3aee

SHA1
617310ff8e96cedfa33a89f6ac84b18308dd10e1

SHA256
abb2412b2e1c5df717ef8e8789b2a952235f0f85e7c3a1b9a6731f016ec00268

SHA512
0d0f5d457759312afdcc54bdafdd0c8ad0ec04c3dd145c7f4c03a1036e6aacd4e47deaa07698a735d1cd84cbe8bff2653cb5fc4932cacb9892c01dc44fef9557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
32160f25ef823e4259de7e7fec25ff13

SHA1
139b35643887cb441e941a18cc8fb6a407181ac3

SHA256
aac92b699cf6c453d9fd4da8fbe21d2e054308b76d11ebe306a02b48e3d40cce

SHA512
9fd06c1b4a1cfce4e76999e89d2ca8336e5c6d0cb66ab52f1aef8a3eeb122b54b356de815af86f2d7537d1c58a43a6cdb9cc19674fffb64ccf0242b07e6dcdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a4ccc751aa29e528c37fec31e8a521c5

SHA1
f370c0a553c190e8311a2d5997ed1d3f770b6be9

SHA256
c029a15b6bf33d338e3dec201b9d11acc21a55d55d0a8fe2c44e0936b7e356f9

SHA512
66b6b03c7d1fd47656359499311da091ffbf5b397a2b68967da70276b341a8cb04b75b83b8c3f61760baa751c7489df060a5c1c7322e09f176bf51ccade570a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
05342b90af025afaaf8ab92f8e6d3076

SHA1
1497980a4faa5290369c83be466c9c12626ca73e

SHA256
335e62ac7ebd12a33813674c1095c6e1f3ed68842dad2823e2366993712c8356

SHA512
dbd562720f8047daffc7026e4ec3e0172eaa3dfef7b59b760b6d106851896db54f93e08f001a5ebb0effe6f453722a6c46c4f9d478c62c0af1b85df904bad91c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9d8b932c6cab26179bf6cb15ceb0c4a1

SHA1
955c0582100aa4d36ae034de6c1e8ba129a8597e

SHA256
8ea0cb72c9ca0cde6ccdaa57b6e54f6ffa7c6a4cffa934b3f32b94c6301c73ac

SHA512
868431e330e919ec3fe3edbb44fd66c4010c1f809304d435e292e07ba3a7422a07574ca8111955a8c281dd5eb51309c6320af3fa8a31640407f0551c87786ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9b4e05ff5032fe774a12844530f36b9d

SHA1
f5d8e20d0680643bf1bb3f1adfa4bde94489f405

SHA256
c61dd65ecea91b2e65aa402b3485d7411870844b4673df87576ef7b5174d7067

SHA512
4f26e77395537a2dae011d0c7c1858d9d84a8bc6c83d36005a138505d58fbc1ed706ad9dbc15736f99d6f2887ed0ba4d5f24cec96f74930a90fe553a6f8eb031

Download Submit
C:\Users\Admin\Downloads\Rise\Start.cmd

Filesize
339B

MD5
ffe49b04533f3813cdb321439b94cfc8

SHA1
d6fb5a4370be3dac3aefbdcf60cfdb229cc97c17

SHA256
b4422c74a10c554877ebb2ebb970ba2bf3f7fd60679be0ad771c1b00f52a938d

SHA512
6aa0a571e9dc3cedf6f0f5c012462d766fb9ee32281eda9af72c5c4d7d9fbb41b253209ec139cc99f5c21339ca9c208bc56190fd549e3382f59665782f6b59ea

Download Submit
C:\Users\Admin\Downloads\Rise\Start.cmd

Filesize
346B

MD5
8239b5906d3ffcdc5b39339650aae341

SHA1
73fd1423e03baa36de84124849f6bdd8cf2acf99

SHA256
a9ab445e32deb5ee6f1a8b36b8aedaadec6d144415aaf42047ae7d20d698692f

SHA512
19b4d28d47a38226fab91c390647d6fab8365194b09a05d8561673dd1ea37ea9c8dd08bd733042c7b1171589f14675eb5a3749b1b12b40c877a435841f5cbfc5

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\java.dll

Filesize
162KB

MD5
d456f04dca10fae8acd90b8a3b73868f

SHA1
c498a8aca1dfc0f9697a8a0a9a24039db014dce8

SHA256
3c2ed1572da3e0eb240d8407eae5cef1c3b5ea510e88a33978fe408d6e33f788

SHA512
5380d131a03e23b4efbf90766307842cff2138e820ee9047c65c5d2cd633eb7503e4aeeb5463afbd32324a699add8069df566d9a002990854af1ff25f98253aa

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\java.exe

Filesize
304KB

MD5
2ba945d79c0bf0b58abb0349feffb866

SHA1
574bc8bc7bc3e6a06ff2f1275e69bb4d566e131d

SHA256
2ab91cb317f899a46abfd48f3868ce51d8d5b80144a3fcd5409bc75a9453db38

SHA512
a1f8d94c51d959a4c12b5f701e76c40349f719c88913317282c810d6e711af83723566e651e90b55077eb13037f58cf7cb893fe8ff32c13c0a944856f534a6bf

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\server\jvm.dll

Filesize
8.3MB

MD5
2169bce3a35b1176c10cb2b61a290e76

SHA1
f6b3a15c0841076d3d022dea9a71c150365ebdb8

SHA256
07eca45e986083d56ec3ac9dbd21a8b052b22f10bc49e655be1137b0ba27b8ff

SHA512
d906e9a6eb1df1e4c7d988f0c38671e5a7b483540c3066a1a4778bf5fe05bcf5f7c2fd10af533de67b5106dbe986f0f3d36b58cabda9f58a3925cc81afbd3f03

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\verify.dll

Filesize
53KB

MD5
3d28205df05c112d3f04ade83d246c8a

SHA1
33d5a3739a65dbb3fd79aee0c6be15a9c14040cd

SHA256
1a2804ab343e9fa5377930892683a40502a291bec793c83dcb6f0c903e08c259

SHA512
12cae02cb2874437bd030efd4c7cb7aebb7777fb35f2957e9ce8dbb0e7b3b0d9c732ce204c50f558c344aca864bd45da47ec93d41085ed49e8e9680e751bfd8c

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\bin\zip.dll

Filesize
84KB

MD5
922d316548f0eec2512c8463f5581d03

SHA1
686855a729329829a178539119f84fabb5b29fa6

SHA256
5cc507860ea72fd2058c68ca67a9b996a5490fb2a0b1285848dbeb3986ed68b9

SHA512
cc5245cae3fc2d380bcb0c8912034bab37b2300b661d01f256dccb6096ce8ab1e83d22bed1bee4c3b79aee9660a8daa0a85c3f108d8ca06f2bc9ed3ce0f4cb2b

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\cat.jar

Filesize
14KB

MD5
462c1062f82b8e24a30d61776bba99ab

SHA1
8f148032ffd8903175af7c1833ce6f551008032d

SHA256
6ec90d4f4d8f2f0eb83ba2bd54f0725c35d0b251ef164e798f167a73c0df104b

SHA512
b1ba5063ae3bcfb248596d92281136e65a1106eef6eae819f2b14d2c0e3b30532ad6710e60cccea9d9ae9bc37e192d495e50486fe85be4a8a1716dbd6e58d744

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\charsets.jar

Filesize
2.9MB

MD5
c5f3e1f1106cb1b8ab5ed543d5b80d38

SHA1
e59d8a1016cafa9c8be9a6565cb652829d2b0617

SHA256
9cbda2d00346f87983c76dbc02c1d2f8ab36fcc13ebeae5e45ea1b0b81928469

SHA512
8fad60b535ef5f72b603575793ac46dd2cf221e60253406453e9b472ddb6441e34a74e3c792e8dc21c3f8fbc0d9a41b058be6ac431d616df007bc40883fc4b27

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\jce.jar

Filesize
95KB

MD5
8a6577cbc01d57e6516d6b798cb72135

SHA1
35e57539d922207e6f6aa53ab188b114c50ba19d

SHA256
9a08c7043cf96d36f7838be459899d82856dfcab461e7a0fdd54f7f64335f705

SHA512
6c851e43112468d2d4a53561b81a208817628d61c619cef96d0920b721705534e298ffacd93b9b6ecf12fb89abfd2bfd54a4bcbc9b1988f930fbcbb439d7bf03

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\jfr.jar

Filesize
870KB

MD5
8160efb56957183d2b4392d1ca386b83

SHA1
fb1deca67fe435453fd32619fbd6cc4d9d055e2c

SHA256
14a6dfef330b831c4a7b6d1a977e0524542ce567c759f609753e375394411a1a

SHA512
1001666355cfee6406a9b621fd47a197e0abd5698f2300444ea66c6d7f27bc5793fe7143a9cc3b588fe1809e18b6eca697a3c25e72a662ab0883394f326689d5

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\jsse.jar

Filesize
1.8MB

MD5
099f546a37acc4271f3bed37ad329787

SHA1
5a8cb31a694bbd8cf67f543533675d9c16858c63

SHA256
4748db39b004a57e1039649587864ab34c683acc6e226185963323431b73cac1

SHA512
77d725355959fa4da923c4ac56ca287d735b5e8c48c193e1b8640905fc28925c0884a98d027b4562b7703993cb46a4958ee0709903ba2a1f995cf3b74fb233d0

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\meta-index

Filesize
2KB

MD5
5b097e5035ee1aea6ff03924328f00b5

SHA1
3058f7710a0fd725f63222dcdfe1f04b8b1e3ed0

SHA256
98f4efb75a8e4a008dd3826c67c6d2b2c04a74dcf4a313210660111ec922514c

SHA512
bb21fcbe26ebb08a7b26fad26a638198b2995426e340c9df80c7ff18d9a99d74816a71e00506f5ad2c5fbca792f3047ea94b2972883018f98267612e9d979660

Download Submit
C:\Users\Admin\Downloads\Rise\files\azul-1.8.9_345\lib\resources.jar

Filesize
3.4MB

MD5
e343890b09137844dce9367afc9221c4

SHA1
657b9267ca69f06b013658f094586c133495b2b7

SHA256
251d84172d2aa385f118aeae4cf21e1cbbc5b292186c4764a687c680dafbc365

SHA512
9105184a7321339a19425e789c82e9557b4bc01b57e2134ee60a01bc5f32a348b3670eafe684cb73ebb8d79cd0add3f90fbd20a496ce8df3028aded9dd19c90d

Download Submit