hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa0dNZENpNUZYd1RXblpTYWV3Rzg5Y0V6OGlBZ3xBQ3Jtc0trZEF6cE5yRlZlNVhCM1F4T2RqTDFoVkFNd2s3VERUTzk3bkpTQ0FzUzJCQW8yUlBuNTBHS05iOE9BdmxEZWhXZnZPYXNPTEY0dFNra01YbHQ2NXBBNE53eVc4bjFnUGFuWTVBb2dyY3lXRkFUVFc1bw&q=https%3A%2F%2Fadaf[.]xyz%2Fadaf%2Fhm%2Fdownload%2Fv32[.]72%2Ffa153e734342da8e4d8870ff76bc6eb208f179cfb6fb2048acdb6e00ca950879%2F&v=bVEKuO3kDmM

Analysis

max time kernel
178s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0dNZENpNUZYd1RXblpTYWV3Rzg5Y0V6OGlBZ3xBQ3Jtc0trZEF6cE5yRlZlNVhCM1F4T2RqTDFoVkFNd2s3VERUTzk3bkpTQ0FzUzJCQW8yUlBuNTBHS05iOE9BdmxEZWhXZnZPYXNPTEY0dFNra01YbHQ2NXBBNE53eVc4bjFnUGFuWTVBb2dyY3lXRkFUVFc1bw&q=https%3A%2F%2Fadaf.xyz%2Fadaf%2Fhm%2Fdownload%2Fv32.72%2Ffa153e734342da8e4d8870ff76bc6eb208f179cfb6fb2048acdb6e00ca950879%2F&v=bVEKuO3kDmM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3180	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4376	chrome.exe
4376	chrome.exe
564	chrome.exe
564	chrome.exe
2500	chrome.exe
2500	chrome.exe
4232	chrome.exe
4232	chrome.exe
1788	chrome.exe
1788	chrome.exe
4852	chrome.exe
4852	chrome.exe
4896	chrome.exe
4896	chrome.exe
4620	chrome.exe
4620	chrome.exe
2744	chrome.exe
2744	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1860	7zG.exe
Token: 35	1860	7zG.exe
Token: SeSecurityPrivilege	1860	7zG.exe
Token: SeSecurityPrivilege	1860	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe
564	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 2264	564	chrome.exe	83
PID 564 wrote to memory of 2264	564	chrome.exe	83
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4952	564	chrome.exe	86
PID 564 wrote to memory of 4376	564	chrome.exe	87
PID 564 wrote to memory of 4376	564	chrome.exe	87
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88
PID 564 wrote to memory of 3908	564	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa0dNZENpNUZYd1RXblpTYWV3Rzg5Y0V6OGlBZ3xBQ3Jtc0trZEF6cE5yRlZlNVhCM1F4T2RqTDFoVkFNd2s3VERUTzk3bkpTQ0FzUzJCQW8yUlBuNTBHS05iOE9BdmxEZWhXZnZPYXNPTEY0dFNra01YbHQ2NXBBNE53eVc4bjFnUGFuWTVBb2dyY3lXRkFUVFc1bw&q=https%3A%2F%2Fadaf.xyz%2Fadaf%2Fhm%2Fdownload%2Fv32.72%2Ffa153e734342da8e4d8870ff76bc6eb208f179cfb6fb2048acdb6e00ca950879%2F&v=bVEKuO3kDmM
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd5f54f50,0x7ffbd5f54f60,0x7ffbd5f54f70
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=812 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,7392771056406500418,16887505257531699577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 /prefetch:8
  2⤵
  PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3740

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\" -ad -an -ai#7zMap6032:98:7zEvent24005
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_Geometrize2GD.bat" "
1⤵
- Modifies registry class
PID:4672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3624
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\main.py
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3180

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_uninstall.bat" "
1⤵
PID:1372
- C:\Windows\system32\xcopy.exe
  xcopy /y /f ".GDHM/tools/backup/pthreadVCE2.dll.bak" "pthreadVCE2.dll"
  2⤵
  PID:1172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_uninstall.bat" "
1⤵
PID:844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_uninstall.bat" "
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72.zip

Filesize
12.8MB

MD5
afbdd2a8e142ebc86f3970fbd93abfd5

SHA1
36dafed4bb93de147b09ceb22a7ae6a6e0bc3bed

SHA256
4a66231ee69122a7c8f98185e1c82252d34ee433f967f6d9fe482207faa180e3

SHA512
9b71d473ecfeae36ded8c5aa421e7ea6d9f2f2aee6aed4d350b85fa74ac32bf0eddc927ab625ed2a0390bfa987d3164637591ee5e4edca37d83706766e7ab5ce

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_CappucinoSDK.txt

Filesize
1KB

MD5
4c1afd6c3557e5f88b5fd1d5956efc6e

SHA1
27824da7e4736a9209488ede70b8d976f15eab74

SHA256
b98114eb459fc3b3bad33b2c8974818aae20d19461fc503e98e4a67759d36155

SHA512
6509de74e4126cacc21e12c42d3d9360a6f20d508590f76c59639ddd09f8b78bae1de5192ff8942b2ec4de9161f32e2ff39f15ef3f1db2cce08e882d54d62f84

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_Kazmath.txt

Filesize
1KB

MD5
e5d6bb80edeba4613caddcb7827ca979

SHA1
31935cbc37064b2a08bc1bf2aafa5e67675158d2

SHA256
2a0605635a196480193824fa904869c6e9151746a58ed131b3bca44f5060176e

SHA512
b1b0e51f7f84b14c54a2d01d959ccee0f477e5eea3e2a36e82fff0f41b3c6f2f07851d8a0777a55942a4ec187e6d1b55f38e8303390a16bca0e4bcf048c1f050

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_StackWalker.txt

Filesize
1KB

MD5
8ba56693048bbe379888f5edf6c50625

SHA1
03a6b43b0676c3d9a3ce311dbc7a76bac8fb17eb

SHA256
5f3ee830ca68fc2e4a74e1d15612b1e87d3cc33214dfb1b30d3f9293d6a2f5bb

SHA512
2abb6da39724d87baffe32cac62d4582aab86c650e7c448c1b91a4284af4dd4be2fa19209f9451b893414e1ffaed7c3ff7b7dd95cdc2add0be7a150ba43df28f

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_bada_pthread.txt

Filesize
1KB

MD5
0c2d0c1fef518d9606b3455e24598f43

SHA1
099c308a037518c85d93a845e1e188d54276dc92

SHA256
a07390d985c0aa1c972657e429a34a2a78ca05d7ba2ce282bfbbdbf175c01290

SHA512
9ec5e5a6c295e8c13da75b0357ba8ef6b365fc0596103c0f886e66915ab14a968e3a57050377907b961bd14a175b37ea2996506e35a9f9a6f65cb73a07a4af5d

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_cocos2d-x.txt

Filesize
1KB

MD5
7a54fd859ba40c6bc5fa57f607e25fea

SHA1
7b3e734fce731cdb54a0b7c5637c06c6ff8bbb5a

SHA256
03c53bfd36ac9de711f82e2d9d35b1814fb2b8034d56d93a2e3795ed94a23f84

SHA512
e78a51acd11a9793ca4fb28e9779ed66df72ea6ceddeeeb0a4f25e8e8f0fa6b485f170a1a0af628c36f22a16070569ab4e7420a7237eed61caa3cda7c0591faa

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_cocosdenshion.txt

Filesize
1KB

MD5
b20b2a6c6fef933e2eecc2f8929fc754

SHA1
63018cb66254d617c4f8d46c32a44a7259166913

SHA256
729506543f408f5176db96e2a2dceebeb0f3d2b4be6a58e643b40f197aec9c88

SHA512
7eb187546a27e67f56d0bea06c8eeb523aa210e1e459eea553b3655befdbf392eef5673c77532fdd3d5b8d55a73c8774ae488bc9708bd7f29b51c14ab9e075e9

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_cpp-httplib.txt

Filesize
1KB

MD5
ff12fb52f98c66ae06b517c34f661d86

SHA1
c71cc1dd6a706af3232b128fce93534ccf29e50e

SHA256
13c8d6914e9a460ffcf962d35460285d4c1ddb492f893b5294ffa1f50346a003

SHA512
dea6043d0ad73ee470455061729b57c3199bffe251d74565837d1e6cf4742d4d1004bce40b9a23c5084583d404000fe6b828fcbca26d1486ba1df0a525f99b89

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_curl.txt

Filesize
1KB

MD5
ff3ec0622304b363812eb3ca377e58a6

SHA1
ba993a7fc65e22aae790a50942922786c27b1554

SHA256
7d1306ecfea50857313a7d02c6a92a62188627f0ff2b589573498e5b76f1a2b7

SHA512
2827ea4be23282f2b616ecc4700bb398196b870b898a1b36348af37b4373f15ffb3c17b1bb1cada3d10208c8ab3e4eb8bd2572a905364a8e315b4420e9ddb93a

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_detours.txt

Filesize
1KB

MD5
ade977df711aa3a32595e4ff2e70b04a

SHA1
61de082822d235456627ca9a74805d73b8de562c

SHA256
32c6c4986dccab45f35d41a08648c7aa1195258c14927d098ab89b851b5d284d

SHA512
c6f6c7d15536de9f881b8b4da07be31b30c279a4abac1129dabf4fec2bf8a08243153c444fb0f798a0561f2ee88984eb4ce82f064a7686bd9fa1f25e7dc5562e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_discord-rpc.txt

Filesize
1KB

MD5
8afed83715ad7f0c268f17da6ac471c7

SHA1
2e61ac8d8a3c731060c015f67545fbf0ece2de88

SHA256
cbb9a7861e057b2371cc8b903cdf0ab5aae2bf2c7f4cebab3e4be7cbd66bf730

SHA512
83c04cc00a7c3c735a5f50c9b78322eeb7128f859eb03e7e1283314b892124874122c3e2bea3fa87a21d72dfa9766c82308e701d1fc2d7a935cba2af041b4cfe

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_gdh.txt

Filesize
1KB

MD5
cc818c01fcbc2e438ca9de72ea9a8bfc

SHA1
34cfddafee26efb927c343eb769c7678292f8110

SHA256
d1e8b746db4303522816e43fa5fd172dbc84efb915033085978f76c5f273895b

SHA512
d2f93d7be909ae57068b1beda9c26bf17ae1c6acd2d566db655588831a7fa46681ea6afb1aa3452890cb69eb4631b15de4e42994c0301fc9ac5b56fa398d06a8

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_gdrpc.txt

Filesize
16KB

MD5
e7ac688a68f8e54b6c0581a286ff50bc

SHA1
6413fd7cbc656db937589a8b5d2156057323e180

SHA256
400b931d0d2acc04abf1dcf4909152b48737ba6f6a1a357aef87f3018b3c9cec

SHA512
abcfebbb47f68c830524878d7eaafa18d318d0ba0eb5128afe35ecd907e93f8845ae0f91bd968603aad0e2f71f045dfb6dd68badb0cff67aa5a405018b72d6ee

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_imgui.txt

Filesize
1KB

MD5
9a7b6c586f0f8beab0c87a36f84b5f89

SHA1
58b683a46bab495269a5b62725ae6b2b33e46cc7

SHA256
2395d629b9ea22b0c013bf507269a83d7a3f469172947e0ac1ade7283ab26af3

SHA512
9265dd7cdfef18f8a57da2d553e73836d3401a4cac59b17dbc844ed1bdbc3c2073b05bd8f914e9bacc82083851b63719cafb2df6e1706f6a6194ccb3ca7c3882

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_jsoncpp.txt

Filesize
2KB

MD5
c56ee55c03a55f8105b969d8270632ce

SHA1
e7dc5afaa09a15b1084146fcd4516f177d9432f6

SHA256
76c45ece83a26117f86f4e349e7df118708e061e87225328fb478ce1e8b3eb86

SHA512
d238c32419a56cbefb4df4d5e1f40602bc3526d8987512ce66c676936dc9a41923a922279da1377526830bf78dfb85fd255a7e9779c6ab2ec578e895415789d1

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_jsonhpp.txt

Filesize
1KB

MD5
63d5ddc7544b316b408fa9a6aaa1bb45

SHA1
20a8585c03a612cd60d8b82e7846005b1df66822

SHA256
0fdbf4dbcff7913008d8e7ac70c7ee61eb65815e15acd5e20d7f65023a487783

SHA512
a70e6ed2faabcd4d7e8c5d831158ec1a460ec92d2759c9dcaba791e746b62099ff46b97732d891b3b8776076ade4a42f2510c490c3bffaee6228f428f8b0bd63

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_kiero.txt

Filesize
1KB

MD5
4ffe1c3c5929de11990aaf54dfecfd60

SHA1
ac37ea116fb590c96bead1fe626e0cc2252f4c6b

SHA256
1581cd826b4a150348aa065d5eff8e8b228e8b7bd277c2fa97cf07a2f3ae364d

SHA512
714640f63517eaf276c4adad507eb28fd003d598c407deabf2c96e6774f4a89f5bfa8290fba71a60c7e49e8a630fb08fb3a3e6e24f270a02b1d5503666f20471

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_libmem.txt

Filesize
1KB

MD5
cf6b05f0529d58abd55cb3677d421150

SHA1
67ecdfdb3a20271b5d5e5883bd8ded069134a4bb

SHA256
633ca5eb6f272736b05295d5954798feba25e38bc7bb9fcb9492490527b8b461

SHA512
686f48a29004678f0cf07554ed22dc676369b7cc5d0e9a57ab50b8f8e4249de3b2b5c3c1198490626f5eb683c9f8048006c64985f6831c95e6449da11f556d0b

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_minhook.txt

Filesize
4KB

MD5
1cedde3a0a83b3dba047635402467021

SHA1
7589609e1c376b1d81021ae354a41768d4c6d6cc

SHA256
5ea3c9e7a3e105f28b2fc0e5ad92ec77e7d6e323ba8ee9934a660fa401425a4e

SHA512
b1d27ae4f237c33a26344983f2fb99e5998e31311b8ccdc431f4c0db2c705e9f05110757bb6e9b4306c9cff9aeb727541fe838cbc33b4a93741dbad04575ff7e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_openssl.txt

Filesize
9KB

MD5
8c21c96fb567a8d721b729af4efcc54e

SHA1
7e5e7965024444cd793f28a2ade8874e4acb4edb

SHA256
ba9ffc09b05035e0792f3e200bb81cb17a4449c0cbe24189d568d98c739cb329

SHA512
60520ab811361334a9acde719bbf2d95a981aa46c72f604f1bf1e3c81a989c8cc6a7a58555ae01952bb07ce8710524682df6b22437a07e6489d2d4c72ab8e81e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_spdlog.txt

Filesize
1KB

MD5
695ee679c3adcce14fb81159de8e9eda

SHA1
91def5c178646599aca8dfe4fb4aeb5fdcbca580

SHA256
cf5cc022ec13752819d534ac0b3c5af54a6ca2486c74c8851f47bea7d6456368

SHA512
739fa3e964f1ffac6ab42dc0d03a6d5801fcba1ddc2749473d12d9fabba4a8a727c9e3964c0c9b5f64e4d390a1369f6b7e2379645eb98b76adeffd07a210435a

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_toml11.txt

Filesize
1KB

MD5
0c2ceb1a5ae1f22b075e1fd3d64d8a99

SHA1
f7240b3d222180492391d91193bba53886697220

SHA256
1f7c36b7768fb1d5be17af1f7be532b304d22d6c1f0a412536062971911b8f50

SHA512
f07fa050ad1f4bc718bfbf2aa3ec943922f2253cd136611a621308fe6e30b574954392d999ef1281c94b1cd3f02a64316bc2b05476530bebbf4629baf17dc9f7

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\licenses\LICENSE_zlib.txt

Filesize
918B

MD5
66c2bc181a02adc779231ab9e6334c20

SHA1
1035d8c6f82327cb7bb64e014be3675fff27a5b5

SHA256
8e5bc85006f172f86398763c0f61d80ecbd630d04fecdd28605896f4cf894c2f

SHA512
f1c4437e40ceea06fca64d9409df289634b538a4add819ffcd79a85a188b7b391590cf636f8add58b52dcb998fb5b921136e7d65cd95b24cca20d1e62b7e4bfe

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\mod\bypass.json

Filesize
7KB

MD5
b424e92c5b1dc100fc08b4e08ce0568e

SHA1
c8823fbe005fbfcbc5154ff17f9f80f8f8e88820

SHA256
8de7c52199e1c57916d8831f7fad6245b43340187e7c50344bf85c5ede3833b1

SHA512
c370326b10d473460864ceb317627fb666a71c891012a6dbde1da33ebbc23209d6ed401c292c3285723c73cc1e2e65d142d415128de92e033e6a9628f6be309e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\mod\core.json

Filesize
11KB

MD5
0d4a7978a4c2c001c82de3c5cc863551

SHA1
507af8d632fb46e362a8e7efb61b2088288524e1

SHA256
d3200050b51491606a958d870b069d2f8d7a2af82a2399847f67d2ac8881fdbe

SHA512
24eb596089b2861cd52821195bf250b08bc44f39f794c14e28c68dd9eaeb69705ab9d85d8065f717361fdf21e5e5a5ca1af001b47e6e2e00be929c3d8fefd622

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\mod\creator.json

Filesize
12KB

MD5
af1616f031005388c641616c94ada540

SHA1
d2d285f91ad3203914ae53baed60dcce0628250f

SHA256
c25d15b8b93ec49ea761824390688a2a8b2a37e34c1d9ab6b344095dce0a1866

SHA512
a9fb7ca4d278435dcf8ba7cc06e6f851976e446435e74d75edea09eeea502baca2568cd080c01d9f93c59e283f21f3e36630a7cfcf5c71515c30fe456a100add

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\mod\global.json

Filesize
9KB

MD5
4c30b641e089bcb7352aaaf482ec3342

SHA1
6fee218b223e24d227e05c810d31b1b2d535c8b7

SHA256
d9fc12f2619e0f243143c966163880300d437e842f65d68934d2daeb36fec59c

SHA512
5d014824fb99bb29ff7fb42c66603d7a9e085087fe8af39988558bbc2b0a8fe8bd6b28b19aff7e4995bf4a7185a0f96ba1d1856b6e5860060a970933a5d57c09

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\mod\player.json

Filesize
10KB

MD5
ee4e2f5dec68449bc2a67ebb20d431ae

SHA1
f4a0e4592318510e5b4e9c7504e3ac5261a08e09

SHA256
69a0d9f30673445e61c9ffc1d141bd6285a610bff86881b3a04c0bb962ae2147

SHA512
ac9ec0fe45d4324c99fd7ffa04baddafff58dd35da94c61dee2785e9d0d13334911c6518fff392c16e1d6599f9bb1bab09e4819f735e184004ee675c1ffe826e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\gd_object.py

Filesize
531B

MD5
0fa8ca4e2b3d05ef1d84a662c0d26100

SHA1
05749e40d79ece74d278fc8ba5183f204c385a54

SHA256
4f7a510a12a3a11d49c3eddc82cf41df01d42a0488f1e7983046fcf5d00c7ae1

SHA512
115d1e76934c00bfe4b64dc443231a0011153abdfa757d9c97cadc8f29f0645b6bbd27f8598cfd21fa91086b14a0b26d542ff218f2778fc89e57a6bda664c02c

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\gd_object_dict.py

Filesize
3KB

MD5
ead58fb2ccbe66340c2d51cd64c692c7

SHA1
ae9b7014f94326ac34d84381807b3422365f27bc

SHA256
e5182e36e568382510b457182e88576ff5a92d791a53e18bc78c48e779987f24

SHA512
4cdbbc03d5497d6ebd2b0154dd9e174fd90c80f3dcc6b489fcabc0d808b2c2e335819e74fd8034a368cc21d5a6e72c6f70e27fa120097ece9294fc976b843c8a

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\gd_pipe.py

Filesize
1KB

MD5
f30a7a6b0a0fb1044f22c1ee999ba947

SHA1
2483df5f407b662887bbe9a6c407f9f589b87fcf

SHA256
18afca93a8db5ca84b5eebc68d218bf67e154fd8f4e3942e703b25969952ba00

SHA512
cf8e4ffc12c7c116e404bb20fc76d917ea8a36747c9df1c0d444eb818fa19c01f4d477a7117c6cf15dd9c5616d33e2f0ad16d9eeb89253ed0637c15704401a89

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\main.py

Filesize
3KB

MD5
8639dda34c89465ec08656574207f213

SHA1
34e84e8511168b7235b9e94c0a7d5515aff28500

SHA256
644f4a6170892b8bb5cfa8779442dfded8273e050778243a7a054cef53aad639

SHA512
a8db085cf6c01d56f9f26a3df9e1a33118773d4c68e126b4fb69738f90ddb8b394d4386d06716306f2a0a977283087398cf5ef1e645ee44bdc364b8717060a52

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\pipe_name.config

Filesize
21B

MD5
4636da212fea97bce04e06986fdc32c6

SHA1
17855e06f8a53b98a395a42286fcac14c88446c0

SHA256
e0f87100b6c0d890415056bc2e60e9847139c599ef7a02055a4124360d077d72

SHA512
eddbb5dfbe5d4026a7ee84ff77a6f4ac6731e8113eb5bd4f35f2622dfba798aeea98e2cdd6be91dd106a701d0873aaed7586d641bf410037bd1b8b02dd87db01

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\requirements\install.bat

Filesize
31B

MD5
ed479ebacddedec77a46c27cc0e6a94d

SHA1
7b1855527317d0124ebeb726defa838d54e9b663

SHA256
f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc

SHA512
41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\requirements\requirements.txt

Filesize
28B

MD5
703915a53526070870e2c4add8ebbc5a

SHA1
85bb48f8edf85b0571a530822bc7a937cc68aca9

SHA256
243a342e751a8ef6a3f4f4cb11a090d278c0012164521da3eec9c844cafc98f3

SHA512
90fb62a9665d95ce6b786b6c88a6402d6962060e1daafe005924e613736ac848c08c3adf53abed70adfd29cd807aae50fd26527ec701dc51bb85391e7f85cf32

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\Geometrize2GD.py\sample.json

Filesize
185KB

MD5
31f62958681a03de151c5db1365cdd00

SHA1
058f0130ba780bc85b6c7ec501788cae7246fb69

SHA256
32691b851d5b8d2886a5215860cba2a3b0ed4641f8e4505dfb0cf5ded8820195

SHA512
5f5e7d43d18fd5c42ef10eaaae09be2dfd4c350fe3ad5248713f961cd87ec98fe10959e6587576edc968e68e92d17efad6713beb0ebed1310c1d89ea2d0781f8

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\backup\msacm32.dll.bak

Filesize
49KB

MD5
b716117f2a7a40be7ee08581763d08a5

SHA1
18807ae8c24fbefb08dbc2392c9a7a3219e95778

SHA256
330018168f76437f51c21964c5c5f96193c655b586597ec599145c905389f88a

SHA512
d5b4e6c745ae4075317c1288130dee6a39ef50ed7d57efa1592e31e573f9d56226ff8a43d6491249a9d272c6f25b17027a6f770347a7cb4c1f988d243d77f498

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM\tools\backup\pthreadVCE2.dll.bak

Filesize
76KB

MD5
ae4ae0ef65becf8684db223ceecbfba7

SHA1
1826006ee9ca5090eacfdca63bcc370e2be701e6

SHA256
27a8bd5814bf5e67858856f5090952e558c6e03fbebcbd66f7d8eb8fda2b369c

SHA512
880b38c69a38c02923988ccafba630e8a5a12ec885d713fc863f69174b475e408427fb68acdf6a3415a3bbd6cb80a1eb81eb752b18ef03a4590cdb36c9f52e3e

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_Geometrize2GD.bat

Filesize
102B

MD5
d7c369b332e714b5baa430cb51cca873

SHA1
fe1aa2cc7294f5d013f8de4f381f5b9f4dc7847f

SHA256
0b6560ddcd1bd5103bc6256c9729e30eddea38ac0d1cd38a563d6f82e6bf1d14

SHA512
1312d1171c018dfdb51ef982305dbd447083c8e9a311fccd4fb44d9a1a44aae74edec30900d6fe86e2300629e10b998158c50287b8112e218b5cb7da6db544dd

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\.GDHM_uninstall.bat

Filesize
1KB

MD5
f7b092f7222cf202bd695a4f9078efc9

SHA1
8460d60578594d1dc2898879e4405dce354e73b8

SHA256
c731a192bb1addc58ce09eaeadeab89c4415b2bf2ecc89062fd8c5430f16f88c

SHA512
181ae097ee3c00ea709e70698cf551e6224ff3eea6fbc3eff90d5519f5fc3bbf75e0d86c80259d96a9aa87aaeae7f1a80774ff05dc0400ef44c9156ec83bfbf2

Download Submit
C:\Users\Admin\Downloads\GDHM_TASBOT_v32.72\GDHM_TASBOT_v32.72\msacm32.dll

Filesize
58KB

MD5
128bd36f234620528c08a2e08ab032f7

SHA1
a8c26d8370cef42df32a612c9543362c34a49811

SHA256
cf36a85ec2632de3ecf739105f6959cb707ceb3e1b359cfa59498a07b3fd1336

SHA512
25b29a2b9e6e791d33f79227991e8860304817546f7a39682b92b5305876d8cbb58823f72a1c3cf7cfccf54b5b014eed7bf53fbe18fca1d38384a472533400de

Download Submit