1a4019189c4835b794036f2ac2c63063eadebde1da06c80b9bad9cc72e5ee216

Analysis

max time kernel
365s
max time network
370s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17/04/2023, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Default.exe
Size

19.4MB
MD5

2cceac8120b5c246df8080ad7a4dbc11
SHA1

cf1e3d10bf9f89850a590e45d835a6025ceb090b
SHA256

1a4019189c4835b794036f2ac2c63063eadebde1da06c80b9bad9cc72e5ee216
SHA512

d78c6721365a06124a8043b00b37f3aa545fc951744873fdc8aec8b49728512579de93be318049c2c93d415058f6cf6902d13282591b9d2267079bff6916a9dc
SSDEEP

393216:BxAlnc1IquqAQIdSgsitlA1rQQN5q1SDDNW7jl7lZy6oErJ:slc1FuqAaitlA6QNAEkJnvFl

Score

8^/10

persistence pyinstaller upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2460	Default.exe
1272	Default.exe

Loads dropped DLL 64 IoCs

pid	Process
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001af41-269.dat	upx
behavioral1/files/0x000600000001af41-270.dat	upx
behavioral1/files/0x000600000001aefd-274.dat	upx
behavioral1/files/0x000600000001aefd-277.dat	upx
behavioral1/files/0x000600000001af13-278.dat	upx
behavioral1/memory/3704-280-0x00007FFEB7550000-0x00007FFEB79D1000-memory.dmp	upx
behavioral1/files/0x000600000001aefb-281.dat	upx
behavioral1/files/0x000600000001aefb-283.dat	upx
behavioral1/memory/3704-282-0x00007FFEBCD60000-0x00007FFEBCD6F000-memory.dmp	upx
behavioral1/files/0x000600000001af13-279.dat	upx
behavioral1/files/0x000600000001af01-284.dat	upx
behavioral1/files/0x000600000001af01-285.dat	upx
behavioral1/files/0x000600000001af05-286.dat	upx
behavioral1/files/0x000600000001af05-287.dat	upx
behavioral1/files/0x000600000001af45-288.dat	upx
behavioral1/files/0x000600000001af45-289.dat	upx
behavioral1/files/0x000600000001af21-290.dat	upx
behavioral1/files/0x000600000001af21-291.dat	upx
behavioral1/files/0x000600000001af44-292.dat	upx
behavioral1/files/0x000600000001af44-293.dat	upx
behavioral1/files/0x000600000001af43-296.dat	upx
behavioral1/files/0x000600000001af43-297.dat	upx
behavioral1/files/0x000600000001af48-298.dat	upx
behavioral1/files/0x000600000001af48-299.dat	upx
behavioral1/files/0x000600000001af07-302.dat	upx
behavioral1/memory/3704-304-0x00007FFEBB710000-0x00007FFEBB737000-memory.dmp	upx
behavioral1/files/0x000600000001af07-303.dat	upx
behavioral1/memory/3704-307-0x00007FFEBBE30000-0x00007FFEBBE4C000-memory.dmp	upx
behavioral1/memory/3704-308-0x00007FFEBB6E0000-0x00007FFEBB70E000-memory.dmp	upx
behavioral1/memory/3704-309-0x00007FFEB8600000-0x00007FFEB861A000-memory.dmp	upx
behavioral1/memory/3704-310-0x00007FFEB85F0000-0x00007FFEB85FE000-memory.dmp	upx
behavioral1/files/0x000600000001af1a-306.dat	upx
behavioral1/files/0x000600000001af1a-311.dat	upx
behavioral1/files/0x000600000001af12-305.dat	upx
behavioral1/files/0x000600000001af12-314.dat	upx
behavioral1/memory/3704-315-0x00007FFEB8480000-0x00007FFEB84AE000-memory.dmp	upx
behavioral1/memory/3704-317-0x00007FFEB8380000-0x00007FFEB83AB000-memory.dmp	upx
behavioral1/memory/3704-316-0x00007FFEB83B0000-0x00007FFEB846C000-memory.dmp	upx
behavioral1/files/0x000600000001af00-319.dat	upx
behavioral1/files/0x000600000001af04-321.dat	upx
behavioral1/files/0x000600000001af04-322.dat	upx
behavioral1/files/0x000600000001af0c-325.dat	upx
behavioral1/files/0x000600000001af47-327.dat	upx
behavioral1/files/0x000600000001af47-328.dat	upx
behavioral1/files/0x000600000001af0c-326.dat	upx
behavioral1/files/0x000600000001af0b-324.dat	upx
behavioral1/files/0x000600000001af4b-330.dat	upx
behavioral1/files/0x000600000001af20-333.dat	upx
behavioral1/files/0x000600000001af20-334.dat	upx
behavioral1/files/0x000600000001af08-335.dat	upx
behavioral1/files/0x000600000001af26-337.dat	upx
behavioral1/files/0x000600000001af26-338.dat	upx
behavioral1/files/0x000600000001af23-339.dat	upx
behavioral1/files/0x000600000001af23-340.dat	upx
behavioral1/memory/3704-341-0x00007FFEB8250000-0x00007FFEB825B000-memory.dmp	upx
behavioral1/memory/3704-342-0x00007FFEB81F0000-0x00007FFEB8215000-memory.dmp	upx
behavioral1/files/0x000600000001af29-343.dat	upx
behavioral1/files/0x000600000001af39-345.dat	upx
behavioral1/files/0x000600000001af3a-347.dat	upx
behavioral1/files/0x000600000001af3d-350.dat	upx
behavioral1/files/0x000600000001af3d-349.dat	upx
behavioral1/files/0x000600000001af3a-348.dat	upx
behavioral1/files/0x000600000001af39-346.dat	upx
behavioral1/files/0x000600000001af29-344.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000600000001af8c-905.dat	pyinstaller

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4552	WINWORD.EXE
4552	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
3704	Default.exe
4956	chrome.exe
4956	chrome.exe
4344	chrome.exe
4344	chrome.exe
1272	Default.exe
1272	Default.exe
1272	Default.exe
1272	Default.exe
1272	Default.exe
1272	Default.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3704	Default.exe
Token: SeIncreaseQuotaPrivilege	908	wmic.exe
Token: SeSecurityPrivilege	908	wmic.exe
Token: SeTakeOwnershipPrivilege	908	wmic.exe
Token: SeLoadDriverPrivilege	908	wmic.exe
Token: SeSystemProfilePrivilege	908	wmic.exe
Token: SeSystemtimePrivilege	908	wmic.exe
Token: SeProfSingleProcessPrivilege	908	wmic.exe
Token: SeIncBasePriorityPrivilege	908	wmic.exe
Token: SeCreatePagefilePrivilege	908	wmic.exe
Token: SeBackupPrivilege	908	wmic.exe
Token: SeRestorePrivilege	908	wmic.exe
Token: SeShutdownPrivilege	908	wmic.exe
Token: SeDebugPrivilege	908	wmic.exe
Token: SeSystemEnvironmentPrivilege	908	wmic.exe
Token: SeRemoteShutdownPrivilege	908	wmic.exe
Token: SeUndockPrivilege	908	wmic.exe
Token: SeManageVolumePrivilege	908	wmic.exe
Token: 33	908	wmic.exe
Token: 34	908	wmic.exe
Token: 35	908	wmic.exe
Token: 36	908	wmic.exe
Token: SeIncreaseQuotaPrivilege	908	wmic.exe
Token: SeSecurityPrivilege	908	wmic.exe
Token: SeTakeOwnershipPrivilege	908	wmic.exe
Token: SeLoadDriverPrivilege	908	wmic.exe
Token: SeSystemProfilePrivilege	908	wmic.exe
Token: SeSystemtimePrivilege	908	wmic.exe
Token: SeProfSingleProcessPrivilege	908	wmic.exe
Token: SeIncBasePriorityPrivilege	908	wmic.exe
Token: SeCreatePagefilePrivilege	908	wmic.exe
Token: SeBackupPrivilege	908	wmic.exe
Token: SeRestorePrivilege	908	wmic.exe
Token: SeShutdownPrivilege	908	wmic.exe
Token: SeDebugPrivilege	908	wmic.exe
Token: SeSystemEnvironmentPrivilege	908	wmic.exe
Token: SeRemoteShutdownPrivilege	908	wmic.exe
Token: SeUndockPrivilege	908	wmic.exe
Token: SeManageVolumePrivilege	908	wmic.exe
Token: 33	908	wmic.exe
Token: 34	908	wmic.exe
Token: 35	908	wmic.exe
Token: 36	908	wmic.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4552	WINWORD.EXE
4552	WINWORD.EXE
4552	WINWORD.EXE
4552	WINWORD.EXE
4552	WINWORD.EXE
4552	WINWORD.EXE
4552	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 3704	1580	Default.exe	66
PID 1580 wrote to memory of 3704	1580	Default.exe	66
PID 3704 wrote to memory of 4516	3704	Default.exe	67
PID 3704 wrote to memory of 4516	3704	Default.exe	67
PID 3704 wrote to memory of 908	3704	Default.exe	69
PID 3704 wrote to memory of 908	3704	Default.exe	69
PID 4956 wrote to memory of 5008	4956	chrome.exe	88
PID 4956 wrote to memory of 5008	4956	chrome.exe	88
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 816	4956	chrome.exe	91
PID 4956 wrote to memory of 1276	4956	chrome.exe	90
PID 4956 wrote to memory of 1276	4956	chrome.exe	90
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92
PID 4956 wrote to memory of 1316	4956	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Default.exe
"C:\Users\Admin\AppData\Local\Temp\Default.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Users\Admin\AppData\Local\Temp\Default.exe
  "C:\Users\Admin\AppData\Local\Temp\Default.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4516
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:908

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Recently.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea91c9758,0x7ffea91c9768,0x7ffea91c9778
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:2
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1836 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2444 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4716 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4524 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5176 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5080 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4580 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Users\Admin\Downloads\Default.exe
  "C:\Users\Admin\Downloads\Default.exe"
  2⤵
  - Executes dropped EXE
  PID:2460
- - C:\Users\Admin\Downloads\Default.exe
    "C:\Users\Admin\Downloads\Default.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1272
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4824
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic csproduct get uuid
      4⤵
      PID:284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=948 --field-trial-handle=1824,i,17347159706624538588,5834856125471452891,131072 /prefetch:1
  2⤵
  PID:4464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2084

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:712

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:380

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:2348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1348

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:3392

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
058e7817f5b0110272629058a397864b

SHA1
26b03ed941ce6a39a716672b1d0fb3ef219d2ae3

SHA256
ab8cf58222314023ed5ab2d93c9583786d0ccf6da53ae4e27f4d54bc081a9eda

SHA512
445fa5182c7666e20fa15791791dcf85628bef53e03e4f4605707a0b721abab485b5e1a2fdb8f94b23e4000f8c9a3e4a8a42f0b1cd240585d9d47b2e4251350d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
44c80762832ca9b241104ef49496b1c5

SHA1
95e4cfb8a40a2580a49b10045ad3e960577725c0

SHA256
2fd4e48da6329dcbf65a3664269f2a47e1d6aef42958ea9a5db676b9eab2f6d7

SHA512
41838f65b5ff4e6fd679876fc1fb06ea89d15c747b35823212778f45c30782c0a754468acd80df4ba26d097d8450be6207ab4117a78e7674d34b5b424d02803b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3aa5523a8d326bb8d5a003760c179819

SHA1
983e4cfed98f1e6bddeee181260a2be938facfbc

SHA256
3769378af3210136fa6a30b14ba21fa25e68c35093fa586ffffb5ee8d8622d22

SHA512
807e38db3e902ec6d74ca99ba138524f7428ad36e3f30b2ef3f50a236432cb834a18db40c99a5cca92d29b6f5d5f065db036975b3f5cfb6487d5ced411a0f171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed1d8eab6324fd923900d5c4dfaaa4c0

SHA1
ca97e829d2083dc13cb7f0a0359b056675df7898

SHA256
250f8ab1b97445347549ecc629377013e4a08488737ce64f0d0f05d061e73018

SHA512
8c00dd6e5d04f60c807fb2c32f006088779920edab29ef69bd637eb2954c1aa0c095bf7f00ada263368596c696e019023a97b400db1333bd953272cb11cb26fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
53059a36924b480eb915ebb68c6a6eee

SHA1
c02317986e4029998a37c4651d98b083859ad582

SHA256
4da1e7b34b8a6975ed7b261defe2c54aaa297cef467433044fc5aa4685266847

SHA512
8d6b5ebe6f126e1de75a16b75035cf64cca8b84dfcac0da588cf54f0cbbb138976a06bf2e46fd1cb531a75b4b722c32c598310cb09a7c2e0ec4ecc0fb3ad78a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
067205cd74c9fbd7d6abf2694322b6c8

SHA1
e09767607a9cef06cf7900b80f57b87a135b32f6

SHA256
40be572dd0c1642505524d7b1783bfc1f190ee35caba4cdfac5b3ef86ecd2534

SHA512
55f2fa1659c75cf02ce236afaca46c4701a6206b447ac3eb2b8b8410085d01ea78a82ce98a15134abdc02c70128a826a2fd2bec368d6fa074318876b71101c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1432718b444e75695b963f1ca134e013

SHA1
962dd9dd9bd0a62d75a54272d99ba390c8bbe7dc

SHA256
186cea30b7e70574ba0303e3cc693a2e42da54bf384d6066f35796e311067df8

SHA512
f6621907ea02af6c29ae0786063276ef76132b8bc5f08b5a3e3f8c146a69914e340631aabf38e2de59f09749fdd26f1486fa157e1a9db7072e15c1e963446184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87d56ea1a15cd416b01030d7eb40f7f8

SHA1
849dad4def8fd50a343aa2e909bc2e2baa2b233e

SHA256
8ca947d84f1e1d7314d9b1f15b2a26731e24f6d23f2b01ed7e06d0872bdbd161

SHA512
c78695bb72a777983dd762186a9043fc8819fd3d8ecf41efbc7fc713d335659b4a7de0a610c01d209d55bcd0938c645e751de09e2b84650cce57ce264e986077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
faed7e7df7e2e1c1952ed885892b6e08

SHA1
54b3bf20bd11e6084a2d9b6d2980302aac4c8fc1

SHA256
c67566dfa63fadc5a079307ed0d83a6f9d99f5a6fa0c21e9beaac18739ec3c3b

SHA512
31a2178b2099332ebf915a4fee0f664899946ae29fcd70670ba36d0fab66e5992a7b7840b5716eddb96235429577ff0e859024ef16fda0abf46d37c789076dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3fc8cd79935f817129042b5d929cc2c0

SHA1
88a25b5539c9ba071d961992b103dd2f8c652ed5

SHA256
fabd640bbb9808b9d7729cd9e44847cc529cda73f13e5ef1c4fd82d36ef8ca2e

SHA512
fbd0fc873548f8874c60d6dea07a54f78d7308530164c8c3a85bb865948935ccb8aed7f56e8444c4a0f642aced8b33e0f9e7b84e563e099e28298fd6448f9fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
46ce6d495e60eb26be74fd325599b62d

SHA1
4565c637422a85cdf92aae43031cc361164b60cd

SHA256
2b08be8df6d535e142561ca6b867323bc0e7bd69388aca3aa280b674056f8ee5

SHA512
f878c210e58360727e5c3dc3470728245c67899dc261ea6d107210926b36057ed8698a0db8956ae1e9e2d57110c914df8056bf52fd57cbc4a139e9b59e287854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eb6e291c-aa9a-4735-af89-e5894c8c8d17.tmp

Filesize
5KB

MD5
5cb74e06604010ab3aecd833b3f2bb3e

SHA1
9f2b8868fb2c1c262c024781011673ca82131147

SHA256
e994c0b532228d5d2c3b09cec4537974d54f002a74cefcaddf77169a0a444eaa

SHA512
91edd58850955cfe8b23ffb2c1b92ae74ab39d8816cd565d86f577b4dc4174b67fa4d9a7d3a4cb6a6090ae2e89d03a6bdb8c71c97943805fc103473e26573eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
a192714423932b03a713527796c0c50a

SHA1
2a6bcdae97d9dc6fc6dc195d7ba4f5d53df09c3a

SHA256
517aa574075beae1d81ee562f49132d36b41282bbc8fc16619980352f57598c4

SHA512
014b2226f603a2dd84f9da1e7ca642195d70f44762d5ff537c4950f0dabaaeb43724b58b1d76d1e1d00427ed25979e689f4bcd8b575a6703d21bab67ca1704ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
bb41ad48b8e8183b5bf68ae7575d9078

SHA1
1d9dce6f9bc9c492e573b56d0d5bbea73431013d

SHA256
80dbf4b654662143893f5513a1ddb01bb205c9db310207027722528852abe349

SHA512
98d584b5e4cdae5cf4b76e55c9910f967deda8fa8b8803b28eebd77cf9cbf6a4bf11a9b0577739ac3811688f19368af80d68d152c4b20b1d1a0ee095c16851e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
6bf443fad19fecc2d5fbe8534b21feb3

SHA1
cdf2d52ff0da8ef6538e6612d32cc7d1553b302b

SHA256
11aff4811049a2b2dd0487d7865c80e0b3e339ac3f7eba5fb791bfa82b6577ce

SHA512
0d7713cece8a664b2e250da4dcb0c24e7e59e407384e95348186b6e3a4c05d0ca5ba98b10d9cd7ae5cb62b1165a84947fb4bb4682e566cee746da162eab93d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b5d01.TMP

Filesize
92KB

MD5
3a75b04c367f64922853d870cf694bc1

SHA1
9c04797e4d26a055d631df0d7d757b53854b8a26

SHA256
49c970296d6201b0aa5ceb7c35b7897238ae39d089dec0a944c441bf84f88c35

SHA512
4796ea628b913edc2eb36152d6aa6951bd558dc4bcbee475d64622a1abb898c27991c45f7fd7a1022ca0372ba18d5578353c2e9c078287fdd25e291a58229f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140_1.dll

Filesize
35KB

MD5
9cff894542dc399e0a46dee017331edf

SHA1
d1e889d22a5311bd518517537ca98b3520fc99ff

SHA256
b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

SHA512
ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_bz2.pyd

Filesize
46KB

MD5
b9260cc7af4aef9d963fcda8d5dfb4e0

SHA1
d70cd121390fc10bc6a92aceaaaa423e17ed9616

SHA256
81fb59146d137d2779a339b694ca6ab4c67524871c71215a2163bda9299b9656

SHA512
b5487dc52c1ffe4ec0b061167bcf089255bb71f2f10c019373071d332d07b8aa8b59165211753277a9d49e4dc00d91383c96861662112699248d78b2e36b57a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_ctypes.pyd

Filesize
56KB

MD5
9282f4745e0d3eb6bf53d68593df329b

SHA1
99ea6c4a72d56332234205f22d78857b57d1ea48

SHA256
3b15671bc264895b8cf77532d5fde81f473132a58cc0a176bfc329e0beb5a936

SHA512
80270481e9607f4dfc5f1142701cb7db2e339fd65bda81bd5fbcc8cd981622650393465c88de4bed64f240b1197039209dea409837dfdd261396c9480a9842fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_hashlib.pyd

Filesize
32KB

MD5
4c7833eae367708b9f7e7fadee8a0818

SHA1
d2fc74cdb6f22fb7b34f33a4f29d9a56555e143b

SHA256
890570a45f1dad041e6e5056d9af0e085341ad96cfb025d9cd4a5d609304f4b9

SHA512
7879d1a49cb3a2d0378b0cd9e1f7aefbb2880f7226028b5d68ed4ffa96fa310ce2ad5fb8a586b710ed6af232fd40d7ede0d60f0eb74eb045f58910217defce51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_lzma.pyd

Filesize
84KB

MD5
30a8f473c3ed46e7735e90bdca6f2bc9

SHA1
a6088612b2796d29d7006f34428ac571368d80fe

SHA256
e1d4074c7b53b16a38de8f4df6f9107046f967e29bd908d162d7f59d15433602

SHA512
ec3c1dd8f1f93aca989b9cde4c0bd24f4e7654760f162609dd2cdedb035e6cd44edbafff1dad113bd4ab403d25b854f30281262c08e60173378d1971722300cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_queue.pyd

Filesize
22KB

MD5
21986da28b68bf4b1dd54f9bea8ff890

SHA1
5e8b36d26de22780d0e8798b003b50616845ec21

SHA256
7d86839fa58ac30dd93211500ffe50434350c120720d720c8b6104aad7d04df2

SHA512
ada73dfbba0ae6b5ea271ca3264379161764a39f844746dbf3373b6a265f3c132b175622e3af546d8e574589b4dd647325f214aabffdedf95c8d0ea277273179

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_socket.pyd

Filesize
40KB

MD5
e0173c045d730aa6ef4bc8c5af88b757

SHA1
0eb0c788a641a8d113f6334e47ffd1be71e9426f

SHA256
65f8e3be77dc7b67f5f32f20703c136d83f0bbe283fd3029ce1919ffbc5547b1

SHA512
10f22ff2b26420e207d4bdbc864e8e5c65190e9e751533b415939b576bc52776c8915dae0de7ab8c75a43911d12152724743fb51dc9afd26bbe3212304f8265c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_ssl.pyd

Filesize
57KB

MD5
b291db26e53e26bd436e237455d73551

SHA1
ac1394f314ffc00ab64728d3dd1fca8e068c71db

SHA256
116e8224f04657f5736d84d515140b5536adb2fc4a3802ad3500818ca3596ded

SHA512
4494a11667fb364f4846543abe7477db8d06e41da9f9757311a255370e29a482201c1e6d8563672dbfb39100a24486552b06a2caa398990ce9a7dc4ea7850129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\_uuid.pyd

Filesize
19KB

MD5
434631ca1d5f8cb859610e98cfd0f6a9

SHA1
10a6617dabd1bb3e613ceeaa9f41945e74528caa

SHA256
01267665f92ea84cd11902ec3406d1a984228979d14a18594d385de01fe0b3f5

SHA512
3b4ea365f5ac640a33b05eeaad8bd9a184814a0f07da60bc0e496fafa4281267845bc7414b8d86f571f724b77bc2d05fca730ed51db39507ac3cb4b0dd79fb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\base_library.zip

Filesize
1012KB

MD5
12af38b7df0ffa56b3a8adedf9b58f84

SHA1
10654be295c1d0878350fb8626abc9f153f16aaf

SHA256
f0397a89c66a60a8ea433af55cd0e238b9eba581c81d9577acdedb107fb3e368

SHA512
bcb12b8ee9807ab99ec3ef4eba167166639902acc2b6e901b521fc096467724db7335616e2a862437e171d40736ceedc6fc6a93fd706d89baf8b473292d67531

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md.cp39-win_amd64.pyd

Filesize
9KB

MD5
7746fa637f66147a9351489a4472b0b0

SHA1
0ca50cb0670b4f7ce4ce0b958d3508f4d4363f30

SHA256
ed5f7a05bfc736624316509252719a6a8ca354c6a6be29a36e06e72c54f4ca70

SHA512
8a53c3b9c638a0ec41be22a53926ce8555ac61862325130b391ea68fadcc5f31f048b8bf14bb1af6ef5baad7cd0c1afb0a9b8c517ebc165079c65da96a8462c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

Filesize
38KB

MD5
1f8cf2b2b233e1e410ba546ffb631e3d

SHA1
763e3b3b468b202d8b1c50d5ee92714a9d796a2a

SHA256
e8182cd21805e80fbcfc703df66dca8032ebaa3d7e12109b7498cb4eaf60c019

SHA512
49b7ced3c46aa6f1b0e6eb3d8424b70ee235ae46cab9974a27a2fbb860a1ba4bf3240a3e6d0db24670cfcbaaa3b589344b425eac4295d907f63bab51e7a4282b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bb0032a76ecd23af83e86c95638fe712

SHA1
3b284b94d95a923a72680b7b11636771d8379dd6

SHA256
5320582dde4442758d22477930cee156d623be3205d7659e955727c6754bf3f1

SHA512
4c89e95ce8844818f799cae8e66e748642f2adb16ed790e71ba0a511661e6a142fd7603fa12be56eb10ade8cc3a35ae2e1533f6b94b500bea5d346734d53391a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libffi-7.dll

Filesize
23KB

MD5
ce7d4f152de90a24b0069e3c95fa2b58

SHA1
98e921d9dd396b86ae785d9f8d66f1dc612111c2

SHA256
85ac46f9d1fd15ab12f961e51ba281bff8c0141fa122bfa21a66e13dd4f943e7

SHA512
7b0a1bd9fb5666fe5388cabcef11e2e4038bbdb62bdca46f6e618555c90eb2e466cb5becd7773f1136ee929f10f74c35357b65b038f51967de5c2b62f7045b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\libssl-1_1.dll

Filesize
197KB

MD5
444e701aa6771896ede85b80e6bdca4c

SHA1
c7c009edacd3eea18515c0f1f64382af8fe18866

SHA256
e14d14b9e3c93ae3456fec463dda2328e2f74d667b7779951d2006578df85ff1

SHA512
408fc421286269236e096444b08b3a61660f9b6a09c4b92f3f204ca0e58bf165887ac7641f0510bf186d17e0e2dbc731a9be19400f3317ecc0515c1d980f737f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
21131c2eecf1f8635682b7b8b07a485f

SHA1
fe245ad1bd5e56c81c40f555377c98a8d881d0eb

SHA256
4b3b5d15d13a96e3643a7be25cf6135d1a2fd13f41f6431239e0fa89b0d2ed7a

SHA512
1591cda50008fea7532f3ace4abdac0279a12b03426459d0a8454ed773fa92b032f79b633804757291eeaabb05ade90a2a9b7a5c2cc9e385c5ce1cf8ac099b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pyexpat.pyd

Filesize
81KB

MD5
1e115fdcb487a865c25df109c90d3e64

SHA1
414abedca4f97f263e969272f48db6d9a6146fd3

SHA256
ee5f88c50ccd6061320f345832bcb73c0199b653bbeb51b1d9ee4b3f80f755c9

SHA512
9ab1f7adea7ac7f4c2d028e81b2c02f15b7be470ce16332b88f98eca26df2788715deaac4eed5985133294528403d031b6bae9fa8b9642dd5cded0bcae003ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\SDL2.dll

Filesize
615KB

MD5
9a9566a03e8a64e99f3cb9ed1ef5ceab

SHA1
8240af3ff33acb89173de867d54cac3c2b4b4d1b

SHA256
fce37a023d1ba575fe58476070932d70665901ce842657d5751aeb26190a803c

SHA512
9286c443938428b502581989a622bf538f100332bb16c9f1d6b0672be23b9898f530113028a90cc4a3d2641eced148fdb780bf3f989788d5628afe9422d5f09b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\base.cp39-win_amd64.pyd

Filesize
17KB

MD5
9039cc8eabbd920da43abb79949f048c

SHA1
a6f26a1f6de0a9c4873fe7da1530d7f32f47d805

SHA256
2c484048cd3378b5d44a4d8698558ebd75737c5ef2695a0a7340f978c4e83255

SHA512
66ae81d5dad91954cd9adbe7d40fc1d337fef162f74672cf06f1df09c92c6848195a59d34d30785a712f8249d1514a61e326a3efa6c5b28fa33bcb0f19d893a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\constants.cp39-win_amd64.pyd

Filesize
16KB

MD5
ad57c55f688ab651b24d045c56446a05

SHA1
8545324d541d68f5069239b9d97501d182bdff55

SHA256
719df804973b7003e753ba2ab3156a34e4e66e5d126900ec19df350cd3f1131f

SHA512
0f790b961f8c47dcea0a3ba1a146ef6b8305429f9176ef8ce05e9fc3435c48c74689f33b9d532884229055da435f9f2e3088ed9e14343c0e454beb5c988e1b4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\rect.cp39-win_amd64.pyd

Filesize
20KB

MD5
7035485df312d12bd70c53f9bd5f510e

SHA1
55d4bade3053de14de972d6c424ff864b8134f94

SHA256
cbdce18ef66c7fb654523411b4b3d78e7cfcd31a6fb14406005405751e80acd7

SHA512
f650e90e42a098e16be7e2e905cc7fe7695615cfb530b654eee485f984e560136de9b03ba3e0f37141a51f5382ba1a6ac1c4ae5d0e0527bfb9f94a2a233b0841

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\rwobject.cp39-win_amd64.pyd

Filesize
12KB

MD5
aa67108b2c43646eada4ce7cab3e1165

SHA1
d5a25454b982c917945014f51541d1fa9559558c

SHA256
ba1a62ba2e53a72b99c9ef811076b2a67e1cfc1ed6c510d2596c56324be1dc6a

SHA512
136295be30c4f37b5ee942642bdcafd73cdbc83fef4d085774b74318d496b08178a3d9655e24ac67af61d800c98fc5c28e5e395455faa4babb2b45d799b2ebb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\surflock.cp39-win_amd64.pyd

Filesize
10KB

MD5
9f7b53ed089b7cf6260ac422c5a6db42

SHA1
499793f18ffb0c9f852f1424ff63fe0c5b968d59

SHA256
4eb0898420c64a6be2ad85ea2e46ca3c2ee95766ec551b690e8225733d925646

SHA512
686300f2c3b12dfba67480e030ebd72886e67976c822e27eaf372663b8b1bc21e70d2dc07c518ac76acdfb873ef3ebf78c7d3f50909bc9fe8a8c97d5a886d9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\python3.DLL

Filesize
58KB

MD5
e438f5470c5c1cb5ddbe02b59e13ad2c

SHA1
ec58741bf0be7f97525f4b867869a3b536e68589

SHA256
1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

SHA512
bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\python39.dll

Filesize
1.4MB

MD5
5ab37e405485d7117de837e6dbae38d7

SHA1
c841c5cc12f2dd4e01c0fa5726369a35c014c247

SHA256
fc7977c0a36fd556dc0693af5895312ab43bff3a48a2e0972b70aeecd65f7238

SHA512
b7f6a265b7afe6b70543d78cb36bcd95dbb0fcfe8b7ec4ddb9dc19032344f91dadf3e4a7139a7f37edc4a4638be1cd0e0fc5de39a51dba56052d59f9f70a4886

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pywin32_system32\pythoncom39.dll

Filesize
194KB

MD5
6a3997b8e0f36b2cce879cd2a3498beb

SHA1
f01c33bfce12869fc5273407d858b4aa5b2ce203

SHA256
134a3579afac0a22000876ffb411652ba645f46223d1a5cb343a44e2a69cde91

SHA512
c065a422ec2eb7c5351fb713480d81a1eeaf8a3b6a0b1d97efbdf7cf211fb3a04ff976e99b3fd7ebe74d37197fbe6af964b45c19d15d369fae072ef2c6d2186b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\pywin32_system32\pywintypes39.dll

Filesize
62KB

MD5
1b7717ce72687347f896567ae8056aa0

SHA1
65c387c04a197e0e930e4ca92047d2b9e1b52022

SHA256
0bb73f620628762c9febc8b40c43d5242b84c187ae27974386cf39e032edaa72

SHA512
c0dfcb5f51fc74dadb44f19030ef57102c77e53b89ac1a46211a1e74ceadb81685bfd34a602b44cce8c66e5ef8b5b523eff1584d075da36d61a2aad9bc667f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\select.pyd

Filesize
22KB

MD5
8e497264a5ebb9e7b34869123c626519

SHA1
e170b85c572ab4e15d7b6fe99713a4779f8a3191

SHA256
55b187189b5891b0c177263596aff06b11ea335479fff627f35b7a5bb1897612

SHA512
c98da8ba3dc2331f69933b72cb6582e83c9b5886bfcd46c85af7424d8968a72145ce78e086ba033575c622c6b7b933bd2d58d5e2c82410509acd9a1f76f245b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\unicodedata.pyd

Filesize
285KB

MD5
8d6dc0dcec8b582e94cbf725ed99825b

SHA1
941ec1e674257a9833de695d20401e21e02a5b54

SHA256
a1396cc6d8df22864c9d587cd9c853d7075512fb9992f8d8b1910e12fc28e2bf

SHA512
729c9943a978f54b2e2cc6e00a1119127c1b971857f18909d86687325138509134ea8859b00e5add0a7f64321b2e1f1ff69cabc726cc3086d4bf0d171d937298

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\win32api.pyd

Filesize
48KB

MD5
5566cc7aed5ba0d2669d206bc935054b

SHA1
d340485219aa423d9018e857c94d113d449e4803

SHA256
e2c938f8acdaa9a75a8b54038764342f6753de6ed2f36adee249f2f74fc8e0b5

SHA512
87fc9cfabc751390ff33eda81e4b1bad77471f43cf43d6c523d29d8e27ac6a675d6f84638a5c0b56ae4db57982c3ca4b58fa4ca9adcf449de92f86e653a141cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15802\win32com\shell\shell.pyd

Filesize
149KB

MD5
8e7ba57104abb433152d52118cc53597

SHA1
6e30124aee32671aa66d8b47d85f0865c8021c68

SHA256
ba9aeda231c0d32e55947371392f5ea8093edadb00b2434b0b5ba69741611768

SHA512
92209a4da07819c2bd36a3bec8bef0d8415eeeb182fd8f216674fecf697a8705466283a3eb74baa6a2d435b5f7e97d3958717a6b95cc443c438b42e778bea2d9

Download Submit
C:\Users\Admin\Downloads\Default.exe.crdownload

Filesize
19.4MB

MD5
2cceac8120b5c246df8080ad7a4dbc11

SHA1
cf1e3d10bf9f89850a590e45d835a6025ceb090b

SHA256
1a4019189c4835b794036f2ac2c63063eadebde1da06c80b9bad9cc72e5ee216

SHA512
d78c6721365a06124a8043b00b37f3aa545fc951744873fdc8aec8b49728512579de93be318049c2c93d415058f6cf6902d13282591b9d2267079bff6916a9dc

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\VCRUNTIME140_1.dll

Filesize
35KB

MD5
9cff894542dc399e0a46dee017331edf

SHA1
d1e889d22a5311bd518517537ca98b3520fc99ff

SHA256
b1d3b6b3cdeb5b7b8187767cd86100b76233e7bbb9acf56c64f8288f34b269ca

SHA512
ca254231f12bdfc300712a37d31777ff9d3aa990ccc129129fa724b034f3b59c88ed5006a5f057348fa09a7de4a0c2e0fb479ce06556e2059f919ddd037f239e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_bz2.pyd

Filesize
46KB

MD5
b9260cc7af4aef9d963fcda8d5dfb4e0

SHA1
d70cd121390fc10bc6a92aceaaaa423e17ed9616

SHA256
81fb59146d137d2779a339b694ca6ab4c67524871c71215a2163bda9299b9656

SHA512
b5487dc52c1ffe4ec0b061167bcf089255bb71f2f10c019373071d332d07b8aa8b59165211753277a9d49e4dc00d91383c96861662112699248d78b2e36b57a0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_ctypes.pyd

Filesize
56KB

MD5
9282f4745e0d3eb6bf53d68593df329b

SHA1
99ea6c4a72d56332234205f22d78857b57d1ea48

SHA256
3b15671bc264895b8cf77532d5fde81f473132a58cc0a176bfc329e0beb5a936

SHA512
80270481e9607f4dfc5f1142701cb7db2e339fd65bda81bd5fbcc8cd981622650393465c88de4bed64f240b1197039209dea409837dfdd261396c9480a9842fe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_hashlib.pyd

Filesize
32KB

MD5
4c7833eae367708b9f7e7fadee8a0818

SHA1
d2fc74cdb6f22fb7b34f33a4f29d9a56555e143b

SHA256
890570a45f1dad041e6e5056d9af0e085341ad96cfb025d9cd4a5d609304f4b9

SHA512
7879d1a49cb3a2d0378b0cd9e1f7aefbb2880f7226028b5d68ed4ffa96fa310ce2ad5fb8a586b710ed6af232fd40d7ede0d60f0eb74eb045f58910217defce51

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_lzma.pyd

Filesize
84KB

MD5
30a8f473c3ed46e7735e90bdca6f2bc9

SHA1
a6088612b2796d29d7006f34428ac571368d80fe

SHA256
e1d4074c7b53b16a38de8f4df6f9107046f967e29bd908d162d7f59d15433602

SHA512
ec3c1dd8f1f93aca989b9cde4c0bd24f4e7654760f162609dd2cdedb035e6cd44edbafff1dad113bd4ab403d25b854f30281262c08e60173378d1971722300cc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_queue.pyd

Filesize
22KB

MD5
21986da28b68bf4b1dd54f9bea8ff890

SHA1
5e8b36d26de22780d0e8798b003b50616845ec21

SHA256
7d86839fa58ac30dd93211500ffe50434350c120720d720c8b6104aad7d04df2

SHA512
ada73dfbba0ae6b5ea271ca3264379161764a39f844746dbf3373b6a265f3c132b175622e3af546d8e574589b4dd647325f214aabffdedf95c8d0ea277273179

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_socket.pyd

Filesize
40KB

MD5
e0173c045d730aa6ef4bc8c5af88b757

SHA1
0eb0c788a641a8d113f6334e47ffd1be71e9426f

SHA256
65f8e3be77dc7b67f5f32f20703c136d83f0bbe283fd3029ce1919ffbc5547b1

SHA512
10f22ff2b26420e207d4bdbc864e8e5c65190e9e751533b415939b576bc52776c8915dae0de7ab8c75a43911d12152724743fb51dc9afd26bbe3212304f8265c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_ssl.pyd

Filesize
57KB

MD5
b291db26e53e26bd436e237455d73551

SHA1
ac1394f314ffc00ab64728d3dd1fca8e068c71db

SHA256
116e8224f04657f5736d84d515140b5536adb2fc4a3802ad3500818ca3596ded

SHA512
4494a11667fb364f4846543abe7477db8d06e41da9f9757311a255370e29a482201c1e6d8563672dbfb39100a24486552b06a2caa398990ce9a7dc4ea7850129

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\_uuid.pyd

Filesize
19KB

MD5
434631ca1d5f8cb859610e98cfd0f6a9

SHA1
10a6617dabd1bb3e613ceeaa9f41945e74528caa

SHA256
01267665f92ea84cd11902ec3406d1a984228979d14a18594d385de01fe0b3f5

SHA512
3b4ea365f5ac640a33b05eeaad8bd9a184814a0f07da60bc0e496fafa4281267845bc7414b8d86f571f724b77bc2d05fca730ed51db39507ac3cb4b0dd79fb9b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md.cp39-win_amd64.pyd

Filesize
9KB

MD5
7746fa637f66147a9351489a4472b0b0

SHA1
0ca50cb0670b4f7ce4ce0b958d3508f4d4363f30

SHA256
ed5f7a05bfc736624316509252719a6a8ca354c6a6be29a36e06e72c54f4ca70

SHA512
8a53c3b9c638a0ec41be22a53926ce8555ac61862325130b391ea68fadcc5f31f048b8bf14bb1af6ef5baad7cd0c1afb0a9b8c517ebc165079c65da96a8462c5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

Filesize
38KB

MD5
1f8cf2b2b233e1e410ba546ffb631e3d

SHA1
763e3b3b468b202d8b1c50d5ee92714a9d796a2a

SHA256
e8182cd21805e80fbcfc703df66dca8032ebaa3d7e12109b7498cb4eaf60c019

SHA512
49b7ced3c46aa6f1b0e6eb3d8424b70ee235ae46cab9974a27a2fbb860a1ba4bf3240a3e6d0db24670cfcbaaa3b589344b425eac4295d907f63bab51e7a4282b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bb0032a76ecd23af83e86c95638fe712

SHA1
3b284b94d95a923a72680b7b11636771d8379dd6

SHA256
5320582dde4442758d22477930cee156d623be3205d7659e955727c6754bf3f1

SHA512
4c89e95ce8844818f799cae8e66e748642f2adb16ed790e71ba0a511661e6a142fd7603fa12be56eb10ade8cc3a35ae2e1533f6b94b500bea5d346734d53391a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bb0032a76ecd23af83e86c95638fe712

SHA1
3b284b94d95a923a72680b7b11636771d8379dd6

SHA256
5320582dde4442758d22477930cee156d623be3205d7659e955727c6754bf3f1

SHA512
4c89e95ce8844818f799cae8e66e748642f2adb16ed790e71ba0a511661e6a142fd7603fa12be56eb10ade8cc3a35ae2e1533f6b94b500bea5d346734d53391a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\libffi-7.dll

Filesize
23KB

MD5
ce7d4f152de90a24b0069e3c95fa2b58

SHA1
98e921d9dd396b86ae785d9f8d66f1dc612111c2

SHA256
85ac46f9d1fd15ab12f961e51ba281bff8c0141fa122bfa21a66e13dd4f943e7

SHA512
7b0a1bd9fb5666fe5388cabcef11e2e4038bbdb62bdca46f6e618555c90eb2e466cb5becd7773f1136ee929f10f74c35357b65b038f51967de5c2b62f7045b1f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\libssl-1_1.dll

Filesize
197KB

MD5
444e701aa6771896ede85b80e6bdca4c

SHA1
c7c009edacd3eea18515c0f1f64382af8fe18866

SHA256
e14d14b9e3c93ae3456fec463dda2328e2f74d667b7779951d2006578df85ff1

SHA512
408fc421286269236e096444b08b3a61660f9b6a09c4b92f3f204ca0e58bf165887ac7641f0510bf186d17e0e2dbc731a9be19400f3317ecc0515c1d980f737f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
21131c2eecf1f8635682b7b8b07a485f

SHA1
fe245ad1bd5e56c81c40f555377c98a8d881d0eb

SHA256
4b3b5d15d13a96e3643a7be25cf6135d1a2fd13f41f6431239e0fa89b0d2ed7a

SHA512
1591cda50008fea7532f3ace4abdac0279a12b03426459d0a8454ed773fa92b032f79b633804757291eeaabb05ade90a2a9b7a5c2cc9e385c5ce1cf8ac099b77

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pyexpat.pyd

Filesize
81KB

MD5
1e115fdcb487a865c25df109c90d3e64

SHA1
414abedca4f97f263e969272f48db6d9a6146fd3

SHA256
ee5f88c50ccd6061320f345832bcb73c0199b653bbeb51b1d9ee4b3f80f755c9

SHA512
9ab1f7adea7ac7f4c2d028e81b2c02f15b7be470ce16332b88f98eca26df2788715deaac4eed5985133294528403d031b6bae9fa8b9642dd5cded0bcae003ca3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\SDL2.dll

Filesize
615KB

MD5
9a9566a03e8a64e99f3cb9ed1ef5ceab

SHA1
8240af3ff33acb89173de867d54cac3c2b4b4d1b

SHA256
fce37a023d1ba575fe58476070932d70665901ce842657d5751aeb26190a803c

SHA512
9286c443938428b502581989a622bf538f100332bb16c9f1d6b0672be23b9898f530113028a90cc4a3d2641eced148fdb780bf3f989788d5628afe9422d5f09b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\base.cp39-win_amd64.pyd

Filesize
17KB

MD5
9039cc8eabbd920da43abb79949f048c

SHA1
a6f26a1f6de0a9c4873fe7da1530d7f32f47d805

SHA256
2c484048cd3378b5d44a4d8698558ebd75737c5ef2695a0a7340f978c4e83255

SHA512
66ae81d5dad91954cd9adbe7d40fc1d337fef162f74672cf06f1df09c92c6848195a59d34d30785a712f8249d1514a61e326a3efa6c5b28fa33bcb0f19d893a7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\constants.cp39-win_amd64.pyd

Filesize
16KB

MD5
ad57c55f688ab651b24d045c56446a05

SHA1
8545324d541d68f5069239b9d97501d182bdff55

SHA256
719df804973b7003e753ba2ab3156a34e4e66e5d126900ec19df350cd3f1131f

SHA512
0f790b961f8c47dcea0a3ba1a146ef6b8305429f9176ef8ce05e9fc3435c48c74689f33b9d532884229055da435f9f2e3088ed9e14343c0e454beb5c988e1b4d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\rect.cp39-win_amd64.pyd

Filesize
20KB

MD5
7035485df312d12bd70c53f9bd5f510e

SHA1
55d4bade3053de14de972d6c424ff864b8134f94

SHA256
cbdce18ef66c7fb654523411b4b3d78e7cfcd31a6fb14406005405751e80acd7

SHA512
f650e90e42a098e16be7e2e905cc7fe7695615cfb530b654eee485f984e560136de9b03ba3e0f37141a51f5382ba1a6ac1c4ae5d0e0527bfb9f94a2a233b0841

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\rwobject.cp39-win_amd64.pyd

Filesize
12KB

MD5
aa67108b2c43646eada4ce7cab3e1165

SHA1
d5a25454b982c917945014f51541d1fa9559558c

SHA256
ba1a62ba2e53a72b99c9ef811076b2a67e1cfc1ed6c510d2596c56324be1dc6a

SHA512
136295be30c4f37b5ee942642bdcafd73cdbc83fef4d085774b74318d496b08178a3d9655e24ac67af61d800c98fc5c28e5e395455faa4babb2b45d799b2ebb7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pygame\surflock.cp39-win_amd64.pyd

Filesize
10KB

MD5
9f7b53ed089b7cf6260ac422c5a6db42

SHA1
499793f18ffb0c9f852f1424ff63fe0c5b968d59

SHA256
4eb0898420c64a6be2ad85ea2e46ca3c2ee95766ec551b690e8225733d925646

SHA512
686300f2c3b12dfba67480e030ebd72886e67976c822e27eaf372663b8b1bc21e70d2dc07c518ac76acdfb873ef3ebf78c7d3f50909bc9fe8a8c97d5a886d9c5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\python3.dll

Filesize
58KB

MD5
e438f5470c5c1cb5ddbe02b59e13ad2c

SHA1
ec58741bf0be7f97525f4b867869a3b536e68589

SHA256
1dc81d8066d44480163233f249468039d3de97e91937965e7a369ae1499013da

SHA512
bd8012b167dd37bd5b57521ca91ad2c9891a61866558f2cc8e80bb029d6f7d73c758fb5be7a181562640011e8b4b54afa3a12434ba00f445c1a87b52552429d3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\python39.dll

Filesize
1.4MB

MD5
5ab37e405485d7117de837e6dbae38d7

SHA1
c841c5cc12f2dd4e01c0fa5726369a35c014c247

SHA256
fc7977c0a36fd556dc0693af5895312ab43bff3a48a2e0972b70aeecd65f7238

SHA512
b7f6a265b7afe6b70543d78cb36bcd95dbb0fcfe8b7ec4ddb9dc19032344f91dadf3e4a7139a7f37edc4a4638be1cd0e0fc5de39a51dba56052d59f9f70a4886

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pywin32_system32\pythoncom39.dll

Filesize
194KB

MD5
6a3997b8e0f36b2cce879cd2a3498beb

SHA1
f01c33bfce12869fc5273407d858b4aa5b2ce203

SHA256
134a3579afac0a22000876ffb411652ba645f46223d1a5cb343a44e2a69cde91

SHA512
c065a422ec2eb7c5351fb713480d81a1eeaf8a3b6a0b1d97efbdf7cf211fb3a04ff976e99b3fd7ebe74d37197fbe6af964b45c19d15d369fae072ef2c6d2186b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\pywin32_system32\pywintypes39.dll

Filesize
62KB

MD5
1b7717ce72687347f896567ae8056aa0

SHA1
65c387c04a197e0e930e4ca92047d2b9e1b52022

SHA256
0bb73f620628762c9febc8b40c43d5242b84c187ae27974386cf39e032edaa72

SHA512
c0dfcb5f51fc74dadb44f19030ef57102c77e53b89ac1a46211a1e74ceadb81685bfd34a602b44cce8c66e5ef8b5b523eff1584d075da36d61a2aad9bc667f6a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\select.pyd

Filesize
22KB

MD5
8e497264a5ebb9e7b34869123c626519

SHA1
e170b85c572ab4e15d7b6fe99713a4779f8a3191

SHA256
55b187189b5891b0c177263596aff06b11ea335479fff627f35b7a5bb1897612

SHA512
c98da8ba3dc2331f69933b72cb6582e83c9b5886bfcd46c85af7424d8968a72145ce78e086ba033575c622c6b7b933bd2d58d5e2c82410509acd9a1f76f245b4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\unicodedata.pyd

Filesize
285KB

MD5
8d6dc0dcec8b582e94cbf725ed99825b

SHA1
941ec1e674257a9833de695d20401e21e02a5b54

SHA256
a1396cc6d8df22864c9d587cd9c853d7075512fb9992f8d8b1910e12fc28e2bf

SHA512
729c9943a978f54b2e2cc6e00a1119127c1b971857f18909d86687325138509134ea8859b00e5add0a7f64321b2e1f1ff69cabc726cc3086d4bf0d171d937298

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\win32api.pyd

Filesize
48KB

MD5
5566cc7aed5ba0d2669d206bc935054b

SHA1
d340485219aa423d9018e857c94d113d449e4803

SHA256
e2c938f8acdaa9a75a8b54038764342f6753de6ed2f36adee249f2f74fc8e0b5

SHA512
87fc9cfabc751390ff33eda81e4b1bad77471f43cf43d6c523d29d8e27ac6a675d6f84638a5c0b56ae4db57982c3ca4b58fa4ca9adcf449de92f86e653a141cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI15802\win32com\shell\shell.pyd

Filesize
149KB

MD5
8e7ba57104abb433152d52118cc53597

SHA1
6e30124aee32671aa66d8b47d85f0865c8021c68

SHA256
ba9aeda231c0d32e55947371392f5ea8093edadb00b2434b0b5ba69741611768

SHA512
92209a4da07819c2bd36a3bec8bef0d8415eeeb182fd8f216674fecf697a8705466283a3eb74baa6a2d435b5f7e97d3958717a6b95cc443c438b42e778bea2d9

Download Submit
memory/3704-376-0x00007FFEB7110000-0x00007FFEB711E000-memory.dmp

Filesize
56KB

Download
memory/3704-441-0x00007FFEB7430000-0x00007FFEB7548000-memory.dmp

Filesize
1.1MB

Download
memory/3704-359-0x00007FFEB7EA0000-0x00007FFEB7EB4000-memory.dmp

Filesize
80KB

Download
memory/3704-361-0x00007FFEB7E90000-0x00007FFEB7E9C000-memory.dmp

Filesize
48KB

Download
memory/3704-362-0x00007FFEB7E70000-0x00007FFEB7E81000-memory.dmp

Filesize
68KB

Download
memory/3704-360-0x00007FFEB81B0000-0x00007FFEB81BF000-memory.dmp

Filesize
60KB

Download
memory/3704-364-0x00007FFEB7E40000-0x00007FFEB7E5B000-memory.dmp

Filesize
108KB

Download
memory/3704-366-0x00007FFEB73E0000-0x00007FFEB7424000-memory.dmp

Filesize
272KB

Download
memory/3704-365-0x00007FFEB7E20000-0x00007FFEB7E35000-memory.dmp

Filesize
84KB

Download
memory/3704-363-0x00007FFEB7E60000-0x00007FFEB7E6E000-memory.dmp

Filesize
56KB

Download
memory/3704-368-0x00007FFEB73A0000-0x00007FFEB73B4000-memory.dmp

Filesize
80KB

Download
memory/3704-367-0x00007FFEB73C0000-0x00007FFEB73D6000-memory.dmp

Filesize
88KB

Download
memory/3704-370-0x00007FFEB7E10000-0x00007FFEB7E1E000-memory.dmp

Filesize
56KB

Download
memory/3704-369-0x00007FFEB7380000-0x00007FFEB7391000-memory.dmp

Filesize
68KB

Download
memory/3704-371-0x000000006A880000-0x000000006A8AB000-memory.dmp

Filesize
172KB

Download
memory/3704-373-0x0000000062E80000-0x0000000062EA8000-memory.dmp

Filesize
160KB

Download
memory/3704-372-0x0000000068B40000-0x0000000068B81000-memory.dmp

Filesize
260KB

Download
memory/3704-375-0x00007FFEB7350000-0x00007FFEB735E000-memory.dmp

Filesize
56KB

Download
memory/3704-374-0x00007FFEB7360000-0x00007FFEB736F000-memory.dmp

Filesize
60KB

Download
memory/3704-378-0x00007FFEB6FD0000-0x00007FFEB6FE0000-memory.dmp

Filesize
64KB

Download
memory/3704-377-0x00007FFEB6D30000-0x00007FFEB6D46000-memory.dmp

Filesize
88KB

Download
memory/3704-357-0x00007FFEB81C0000-0x00007FFEB81D1000-memory.dmp

Filesize
68KB

Download
memory/3704-380-0x00007FFEB6CF0000-0x00007FFEB6D07000-memory.dmp

Filesize
92KB

Download
memory/3704-379-0x00007FFEB6D10000-0x00007FFEB6D25000-memory.dmp

Filesize
84KB

Download
memory/3704-381-0x00007FFEB6CE0000-0x00007FFEB6CEF000-memory.dmp

Filesize
60KB

Download
memory/3704-382-0x00007FFEA96F0000-0x00007FFEA9876000-memory.dmp

Filesize
1.5MB

Download
memory/3704-383-0x00007FFEA96C0000-0x00007FFEA96E9000-memory.dmp

Filesize
164KB

Download
memory/3704-384-0x00007FFEA96A0000-0x00007FFEA96BD000-memory.dmp

Filesize
116KB

Download
memory/3704-385-0x00007FFEA9520000-0x00007FFEA96A0000-memory.dmp

Filesize
1.5MB

Download
memory/3704-386-0x00007FFEB8350000-0x00007FFEB837D000-memory.dmp

Filesize
180KB

Download
memory/3704-387-0x00007FFEB8290000-0x00007FFEB8346000-memory.dmp

Filesize
728KB

Download
memory/3704-389-0x00007FFEB80F0000-0x00007FFEB8183000-memory.dmp

Filesize
588KB

Download
memory/3704-390-0x00007FFEB80D0000-0x00007FFEB80E6000-memory.dmp

Filesize
88KB

Download
memory/3704-388-0x00007FFEB8270000-0x00007FFEB8287000-memory.dmp

Filesize
92KB

Download
memory/3704-392-0x00007FFEB6CB0000-0x00007FFEB6CBF000-memory.dmp

Filesize
60KB

Download
memory/3704-391-0x00007FFEB7370000-0x00007FFEB737E000-memory.dmp

Filesize
56KB

Download
memory/3704-393-0x00007FFEB5BC0000-0x00007FFEB5C14000-memory.dmp

Filesize
336KB

Download
memory/3704-394-0x00007FFEB5BA0000-0x00007FFEB5BB4000-memory.dmp

Filesize
80KB

Download
memory/3704-395-0x00007FFEB5B90000-0x00007FFEB5B9E000-memory.dmp

Filesize
56KB

Download
memory/3704-396-0x00007FFEA94E0000-0x00007FFEA9518000-memory.dmp

Filesize
224KB

Download
memory/3704-397-0x00007FFEB1BD0000-0x00007FFEB1BDB000-memory.dmp

Filesize
44KB

Download
memory/3704-398-0x00007FFEA94D0000-0x00007FFEA94DB000-memory.dmp

Filesize
44KB

Download
memory/3704-399-0x00007FFEA94C0000-0x00007FFEA94CC000-memory.dmp

Filesize
48KB

Download
memory/3704-400-0x00007FFEA94B0000-0x00007FFEA94BB000-memory.dmp

Filesize
44KB

Download
memory/3704-401-0x00007FFEA94A0000-0x00007FFEA94AC000-memory.dmp

Filesize
48KB

Download
memory/3704-423-0x00007FFEB7550000-0x00007FFEB79D1000-memory.dmp

Filesize
4.5MB

Download
memory/3704-424-0x00007FFEBB710000-0x00007FFEBB737000-memory.dmp

Filesize
156KB

Download
memory/3704-425-0x00007FFEBCD60000-0x00007FFEBCD6F000-memory.dmp

Filesize
60KB

Download
memory/3704-426-0x00007FFEBBE30000-0x00007FFEBBE4C000-memory.dmp

Filesize
112KB

Download
memory/3704-427-0x00007FFEBB6E0000-0x00007FFEBB70E000-memory.dmp

Filesize
184KB

Download
memory/3704-428-0x00007FFEB8600000-0x00007FFEB861A000-memory.dmp

Filesize
104KB

Download
memory/3704-429-0x00007FFEB85F0000-0x00007FFEB85FE000-memory.dmp

Filesize
56KB

Download
memory/3704-430-0x00007FFEB84B0000-0x00007FFEB84E5000-memory.dmp

Filesize
212KB

Download
memory/3704-431-0x00007FFEB8480000-0x00007FFEB84AE000-memory.dmp

Filesize
184KB

Download
memory/3704-432-0x00007FFEB83B0000-0x00007FFEB846C000-memory.dmp

Filesize
752KB

Download
memory/3704-433-0x00007FFEB8380000-0x00007FFEB83AB000-memory.dmp

Filesize
172KB

Download
memory/3704-434-0x00007FFEB8350000-0x00007FFEB837D000-memory.dmp

Filesize
180KB

Download
memory/3704-435-0x00007FFEB8290000-0x00007FFEB8346000-memory.dmp

Filesize
728KB

Download
memory/3704-436-0x00007FFEA9880000-0x00007FFEA9BEF000-memory.dmp

Filesize
3.4MB

Download
memory/3704-437-0x00007FFEB8270000-0x00007FFEB8287000-memory.dmp

Filesize
92KB

Download
memory/3704-438-0x00007FFEB8260000-0x00007FFEB826D000-memory.dmp

Filesize
52KB

Download
memory/3704-440-0x00007FFEB81F0000-0x00007FFEB8215000-memory.dmp

Filesize
148KB

Download
memory/3704-439-0x00007FFEB8250000-0x00007FFEB825B000-memory.dmp

Filesize
44KB

Download
memory/3704-358-0x00007FFEB6D50000-0x00007FFEB6FBB000-memory.dmp

Filesize
2.4MB

Download
memory/3704-442-0x00007FFEB80F0000-0x00007FFEB8183000-memory.dmp

Filesize
588KB

Download
memory/3704-443-0x00007FFEB8230000-0x00007FFEB824C000-memory.dmp

Filesize
112KB

Download
memory/3704-444-0x00007FFEB81E0000-0x00007FFEB81EC000-memory.dmp

Filesize
48KB

Download
memory/3704-445-0x00007FFEB81C0000-0x00007FFEB81D1000-memory.dmp

Filesize
68KB

Download
memory/3704-446-0x00007FFEB6D50000-0x00007FFEB6FBB000-memory.dmp

Filesize
2.4MB

Download
memory/3704-447-0x00007FFEB80D0000-0x00007FFEB80E6000-memory.dmp

Filesize
88KB

Download
memory/3704-448-0x00007FFEB7EA0000-0x00007FFEB7EB4000-memory.dmp

Filesize
80KB

Download
memory/3704-451-0x00007FFEB7E70000-0x00007FFEB7E81000-memory.dmp

Filesize
68KB

Download
memory/3704-450-0x00007FFEB7E90000-0x00007FFEB7E9C000-memory.dmp

Filesize
48KB

Download
memory/3704-452-0x00007FFEB7E60000-0x00007FFEB7E6E000-memory.dmp

Filesize
56KB

Download
memory/3704-449-0x00007FFEB81B0000-0x00007FFEB81BF000-memory.dmp

Filesize
60KB

Download
memory/3704-453-0x00007FFEB7E40000-0x00007FFEB7E5B000-memory.dmp

Filesize
108KB

Download
memory/3704-454-0x00007FFEB7E20000-0x00007FFEB7E35000-memory.dmp

Filesize
84KB

Download
memory/3704-455-0x00007FFEB73E0000-0x00007FFEB7424000-memory.dmp

Filesize
272KB

Download
memory/3704-457-0x00007FFEB73A0000-0x00007FFEB73B4000-memory.dmp

Filesize
80KB

Download
memory/3704-456-0x00007FFEB73C0000-0x00007FFEB73D6000-memory.dmp

Filesize
88KB

Download
memory/3704-459-0x00007FFEB7E10000-0x00007FFEB7E1E000-memory.dmp

Filesize
56KB

Download
memory/3704-458-0x00007FFEB7380000-0x00007FFEB7391000-memory.dmp

Filesize
68KB

Download
memory/3704-460-0x000000006A880000-0x000000006A8AB000-memory.dmp

Filesize
172KB

Download
memory/3704-461-0x0000000068B40000-0x0000000068B81000-memory.dmp

Filesize
260KB

Download
memory/3704-462-0x0000000062E80000-0x0000000062EA8000-memory.dmp

Filesize
160KB

Download
memory/3704-463-0x00007FFEB7370000-0x00007FFEB737E000-memory.dmp

Filesize
56KB

Download
memory/3704-464-0x00007FFEB7360000-0x00007FFEB736F000-memory.dmp

Filesize
60KB

Download
memory/3704-465-0x00007FFEB7350000-0x00007FFEB735E000-memory.dmp

Filesize
56KB

Download
memory/3704-466-0x00007FFEB7110000-0x00007FFEB711E000-memory.dmp

Filesize
56KB

Download
memory/3704-467-0x00007FFEB6D30000-0x00007FFEB6D46000-memory.dmp

Filesize
88KB

Download
memory/3704-468-0x00007FFEB6FD0000-0x00007FFEB6FE0000-memory.dmp

Filesize
64KB

Download
memory/3704-469-0x00007FFEB6D10000-0x00007FFEB6D25000-memory.dmp

Filesize
84KB

Download
memory/3704-470-0x00007FFEB6CF0000-0x00007FFEB6D07000-memory.dmp

Filesize
92KB

Download
memory/3704-471-0x00007FFEB6CE0000-0x00007FFEB6CEF000-memory.dmp

Filesize
60KB

Download
memory/3704-472-0x00007FFEA96F0000-0x00007FFEA9876000-memory.dmp

Filesize
1.5MB

Download
memory/3704-473-0x00007FFEB6CB0000-0x00007FFEB6CBF000-memory.dmp

Filesize
60KB

Download
memory/3704-474-0x00007FFEB5BC0000-0x00007FFEB5C14000-memory.dmp

Filesize
336KB

Download
memory/3704-475-0x00007FFEB5BA0000-0x00007FFEB5BB4000-memory.dmp

Filesize
80KB

Download
memory/3704-476-0x00007FFEB5B90000-0x00007FFEB5B9E000-memory.dmp

Filesize
56KB

Download
memory/3704-478-0x00007FFEA96A0000-0x00007FFEA96BD000-memory.dmp

Filesize
116KB

Download
memory/3704-479-0x00007FFEA9520000-0x00007FFEA96A0000-memory.dmp

Filesize
1.5MB

Download
memory/3704-477-0x00007FFEA96C0000-0x00007FFEA96E9000-memory.dmp

Filesize
164KB

Download
memory/3704-480-0x00007FFEA94E0000-0x00007FFEA9518000-memory.dmp

Filesize
224KB

Download
memory/3704-481-0x00007FFEB1BD0000-0x00007FFEB1BDB000-memory.dmp

Filesize
44KB

Download
memory/3704-482-0x00007FFEA94D0000-0x00007FFEA94DB000-memory.dmp

Filesize
44KB

Download
memory/3704-483-0x00007FFEA94C0000-0x00007FFEA94CC000-memory.dmp

Filesize
48KB

Download
memory/3704-484-0x00007FFEA94B0000-0x00007FFEA94BB000-memory.dmp

Filesize
44KB

Download
memory/3704-485-0x00007FFEA94A0000-0x00007FFEA94AC000-memory.dmp

Filesize
48KB

Download
memory/3704-486-0x00007FFEA9490000-0x00007FFEA949B000-memory.dmp

Filesize
44KB

Download
memory/3704-355-0x00007FFEB81E0000-0x00007FFEB81EC000-memory.dmp

Filesize
48KB

Download
memory/3704-353-0x00007FFEB8230000-0x00007FFEB824C000-memory.dmp

Filesize
112KB

Download
memory/3704-352-0x00007FFEB7430000-0x00007FFEB7548000-memory.dmp

Filesize
1.1MB

Download
memory/3704-313-0x00007FFEB84B0000-0x00007FFEB84E5000-memory.dmp

Filesize
212KB

Download
memory/3704-320-0x00007FFEA9880000-0x00007FFEA9BEF000-memory.dmp

Filesize
3.4MB

Download
memory/3704-331-0x00007FFEB8260000-0x00007FFEB826D000-memory.dmp

Filesize
52KB

Download
memory/3704-342-0x00007FFEB81F0000-0x00007FFEB8215000-memory.dmp

Filesize
148KB

Download
memory/3704-341-0x00007FFEB8250000-0x00007FFEB825B000-memory.dmp

Filesize
44KB

Download
memory/3704-329-0x000002914E4E0000-0x000002914E84F000-memory.dmp

Filesize
3.4MB

Download
memory/3704-316-0x00007FFEB83B0000-0x00007FFEB846C000-memory.dmp

Filesize
752KB

Download
memory/3704-317-0x00007FFEB8380000-0x00007FFEB83AB000-memory.dmp

Filesize
172KB

Download
memory/3704-315-0x00007FFEB8480000-0x00007FFEB84AE000-memory.dmp

Filesize
184KB

Download
memory/3704-310-0x00007FFEB85F0000-0x00007FFEB85FE000-memory.dmp

Filesize
56KB

Download
memory/3704-309-0x00007FFEB8600000-0x00007FFEB861A000-memory.dmp

Filesize
104KB

Download
memory/3704-308-0x00007FFEBB6E0000-0x00007FFEBB70E000-memory.dmp

Filesize
184KB

Download
memory/3704-307-0x00007FFEBBE30000-0x00007FFEBBE4C000-memory.dmp

Filesize
112KB

Download
memory/3704-304-0x00007FFEBB710000-0x00007FFEBB737000-memory.dmp

Filesize
156KB

Download
memory/3704-282-0x00007FFEBCD60000-0x00007FFEBCD6F000-memory.dmp

Filesize
60KB

Download
memory/3704-280-0x00007FFEB7550000-0x00007FFEB79D1000-memory.dmp

Filesize
4.5MB

Download