076ac14b0027e5013df471aabd85a6956976b43a0066beb6f732a0d9c6a0faba

Analysis

max time kernel
86s
max time network
287s
platform
windows10-1703_x64
resource
win10-20230220-de
resource tags

arch:x64arch:x86image:win10-20230220-delocale:de-deos:windows10-1703-x64systemwindows
submitted
13/06/2023, 16:03

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Luna-Logged-roque (3).zip
Size

400KB
MD5

248fbd7b6f73beef836dd8b9f4013344
SHA1

2fd502c1882dab4443ddd96940f47a4e5eb43242
SHA256

076ac14b0027e5013df471aabd85a6956976b43a0066beb6f732a0d9c6a0faba
SHA512

357d38600976b64dccaf657e40d5ad67920754b3b491163199d3266d72c96e85a429e88a3ecb1b9d265d5ef8aa80de3daf3ff1ba0a3e073db602829c8936b6e0
SSDEEP

6144:JW2/vk/rQ1ur8pyC624r74+/7red9ZnaaE3lcnwFZlTMay7AMfEpEgzgtVbt2X:JrHkzQq9C6HjKaaEkilTRZEgf

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5488	忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe

Loads dropped DLL 50 IoCs

pid	Process
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
627	api.ipify.org
630	api.ipify.org

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Monoxid Opener.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
9760	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5556	1.exe
5556	1.exe
5556	1.exe
5556	1.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5488	忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe
Token: SeTakeOwnershipPrivilege	5488	忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe
Token: 33	6064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6064	AUDIODG.EXE
Token: SeDebugPrivilege	5556	1.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5488	忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 2740 wrote to memory of 5012	2740	firefox.exe	68
PID 5012 wrote to memory of 4732	5012	firefox.exe	69
PID 5012 wrote to memory of 4732	5012	firefox.exe	69
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 1052	5012	firefox.exe	70
PID 5012 wrote to memory of 3852	5012	firefox.exe	71
PID 5012 wrote to memory of 3852	5012	firefox.exe	71
PID 5012 wrote to memory of 3852	5012	firefox.exe	71

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Luna-Logged-roque (3).zip"
1⤵
PID:3732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.1820258167\1203330232" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fe06dd5-95f2-4ef4-ad98-0bbed29b2e41} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1736 1d96221ab58 gpu
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.770303606\1851504007" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20891 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3318c714-1614-4324-8696-c01479048a00} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2104 1d94e772858 socket
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.169518018\905168881" -childID 1 -isForBrowser -prefsHandle 2640 -prefMapHandle 2880 -prefsLen 20974 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e305f2bc-eb0b-433f-a3c7-20b4e65e3361} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2856 1d965104158 tab
    3⤵
    PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.780839418\126071611" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {827f8fbf-7dea-42a0-aaef-4b1fddc43533} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3656 1d94e75b258 tab
    3⤵
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.1294539833\185466378" -childID 3 -isForBrowser -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71e553a4-21cd-4041-9313-27fa1d32bcc9} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4388 1d966d3b358 tab
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.1893744753\503435526" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c39db0e-d950-42dd-be6a-df9c88f2d0de} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5160 1d9675e6258 tab
    3⤵
    PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.1965176395\1644394503" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bcdad90-54c4-4a8a-887c-d1b6882817ef} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4964 1d9675e4758 tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.1322353427\890272532" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4820 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c9fcc2b-15b4-4d7c-9e90-75bde916de7f} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4832 1d9675e6e58 tab
    3⤵
    PID:480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.8.721594207\669946841" -childID 7 -isForBrowser -prefsHandle 4820 -prefMapHandle 5476 -prefsLen 27159 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54d6937-3a36-42b9-a659-4f8cd6f634b1} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5480 1d967299a58 tab
    3⤵
    PID:3848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.9.2016453715\1271340" -childID 8 -isForBrowser -prefsHandle 6612 -prefMapHandle 6220 -prefsLen 27159 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b58884b2-ae31-4c30-935f-bdffa8621318} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9656 1d96946cd58 tab
    3⤵
    PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.10.827530939\1083687702" -childID 9 -isForBrowser -prefsHandle 9096 -prefMapHandle 9100 -prefsLen 27159 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7965ebbf-e43c-4b8f-b2b5-9ca31c929dba} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9076 1d94e730558 tab
    3⤵
    PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.11.1215886473\103754976" -childID 10 -isForBrowser -prefsHandle 8924 -prefMapHandle 8920 -prefsLen 27159 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a99054e-8ec2-49c1-8dc4-31e09641cd61} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 8940 1d969bcd258 tab
    3⤵
    PID:1244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.13.147893948\1508869801" -childID 12 -isForBrowser -prefsHandle 8224 -prefMapHandle 8220 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb40393-27a1-40e4-bb3b-29b5f50ff0ff} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 8232 1d96b24dc58 tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.12.983572294\1932249114" -childID 11 -isForBrowser -prefsHandle 8392 -prefMapHandle 8880 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {632aec10-c3d4-4283-a56c-967348e1b183} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 8380 1d96b4f5658 tab
    3⤵
    PID:820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.14.2075885362\1193691264" -childID 13 -isForBrowser -prefsHandle 7860 -prefMapHandle 7864 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {400da8a4-a723-4692-87b3-a10bf3428aa5} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7852 1d96b365558 tab
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.16.1008771294\1554191107" -childID 15 -isForBrowser -prefsHandle 7840 -prefMapHandle 8224 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf074919-2664-4d82-bc11-67125657c7d9} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7496 1d96b2f0b58 tab
    3⤵
    PID:4880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.15.771239053\614846360" -childID 14 -isForBrowser -prefsHandle 7740 -prefMapHandle 8356 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {891322ef-a177-4096-b4e9-f2ba5769c813} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7840 1d96b2f0558 tab
    3⤵
    PID:4224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.19.2112320813\319856110" -childID 18 -isForBrowser -prefsHandle 7340 -prefMapHandle 7344 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {031d8df6-5015-491f-a41e-426c74b398ad} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7152 1d96bfe6258 tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.18.1664340531\366798084" -childID 17 -isForBrowser -prefsHandle 7496 -prefMapHandle 2572 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5254cf89-1f37-4c68-ab08-5e5e57d83169} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7172 1d96bfe5c58 tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.17.961325184\434111260" -childID 16 -isForBrowser -prefsHandle 7272 -prefMapHandle 7292 -prefsLen 27199 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ad9b05-afff-4fac-98e4-54e68b90b032} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 7248 1d96bfe4458 tab
    3⤵
    PID:5516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5916

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxid Opener\Monoxid Opener\run.bat" "
1⤵
- Modifies registry class
PID:5264
- C:\Users\Admin\Downloads\Monoxid Opener\Monoxid Opener\dll\3.exe
  3.exe
  2⤵
  PID:5372
- - C:\Users\Admin\AppData\Local\Temp\忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe
    "C:\Users\Admin\AppData\Local\Temp\忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5488
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\cs.txt
      4⤵
      PID:4360
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\et.txt
      4⤵
      PID:2324
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\gl.txt
      4⤵
      PID:5852
  - - C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
      "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
      4⤵
      PID:3716
  - - C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe"
      4⤵
      PID:5160
  - - C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe"
      4⤵
      PID:3716
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Xusage.txt
      4⤵
      PID:5116
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css
      4⤵
      PID:6196
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\VERSION.txt
      4⤵
      PID:6584
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt
      4⤵
      PID:6208
  - - C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE
      "C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE"
      4⤵
      PID:6648
  - - C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE
      "C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE"
      4⤵
      PID:6172
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.INF
      4⤵
      PID:6708
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\SLATE.INF
      4⤵
      PID:6692
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\defaultagent.ini
      4⤵
      PID:6020
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\VideoLAN\VLC\lua\http\js\common.js"
      4⤵
      PID:6256
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt
      4⤵
      PID:7652
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\_Resources\index.txt
      4⤵
      PID:7312
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
      4⤵
      PID:7280
  - - C:\Windows\SysWOW64\PresentationHost.exe
      "C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\xaml\onenote\HtmlViewer.xaml"
      4⤵
      PID:7276
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
      4⤵
      PID:8156
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
      4⤵
      PID:5468
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\Validator.Tests.ps1"
      4⤵
      PID:8084
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Match.Tests.ps1"
      4⤵
      PID:6964
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1"
      4⤵
      PID:7908
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"
      4⤵
      PID:6408
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css
      4⤵
      PID:7556
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\ui-strings.js"
      4⤵
      PID:7384
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js"
      4⤵
      PID:7552
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ui-strings.js"
      4⤵
      PID:3504
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\ui-strings.js"
      4⤵
      PID:7468
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ui-strings.js"
      4⤵
      PID:6160
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js"
      4⤵
      PID:3140
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\ui-strings.js"
      4⤵
      PID:7404
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\ui-strings.js"
      4⤵
      PID:7692
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\ui-strings.js"
      4⤵
      PID:7460
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ui-strings.js"
      4⤵
      PID:7288
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js"
      4⤵
      PID:7816
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\ui-strings.js"
      4⤵
      PID:7680
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\ui-strings.js"
      4⤵
      PID:7832
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\ui-strings.js"
      4⤵
      PID:7500
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\ui-strings.js"
      4⤵
      PID:7720
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\ui-strings.js"
      4⤵
      PID:5660
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js"
      4⤵
      PID:7112
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\ui-strings.js"
      4⤵
      PID:6524
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\ui-strings.js"
      4⤵
      PID:6856
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main.css
      4⤵
      PID:6548
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\ui-strings.js"
      4⤵
      PID:7648
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js"
      4⤵
      PID:6492
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ui-strings.js"
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\ui-strings.js"
      4⤵
      PID:6704
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ui-strings.js"
      4⤵
      PID:8072
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\ui-strings.js"
      4⤵
      PID:5256
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\ui-strings.js"
      4⤵
      PID:2604
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main.css
      4⤵
      PID:7272
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js"
      4⤵
      PID:676
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\plugin.js"
      4⤵
      PID:7356
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js"
      4⤵
      PID:2056
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\ui-strings.js"
      4⤵
      PID:7152
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js"
      4⤵
      PID:7228
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js"
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js"
      4⤵
      PID:2980
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\ui-strings.js"
      4⤵
      PID:3456
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ui-strings.js"
      4⤵
      PID:2348
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\ui-strings.js"
      4⤵
      PID:7440
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ui-strings.js"
      4⤵
      PID:8200
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hu-hu\ui-strings.js"
      4⤵
      PID:8232
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js"
      4⤵
      PID:8272
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main.css
      4⤵
      PID:8312
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nb-no\ui-strings.js"
      4⤵
      PID:8380
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\ui-strings.js"
      4⤵
      PID:8392
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js"
      4⤵
      PID:8412
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js"
      4⤵
      PID:8428
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\selector.js"
      4⤵
      PID:8460
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\ui-strings.js"
      4⤵
      PID:8600
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\ui-strings.js"
      4⤵
      PID:8644
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-gb\ui-strings.js"
      4⤵
      PID:8664
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\ui-strings.js"
      4⤵
      PID:8692
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\ui-strings.js"
      4⤵
      PID:8768
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ui-strings.js"
      4⤵
      PID:8780
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\ui-strings.js"
      4⤵
      PID:8872
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\ui-strings.js"
      4⤵
      PID:8892
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\ui-strings.js"
      4⤵
      PID:9000
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js"
      4⤵
      PID:9052
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ui-strings.js"
      4⤵
      PID:9100
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js"
      4⤵
      PID:9116
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\ui-strings.js"
      4⤵
      PID:9188
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\ui-strings.js"
      4⤵
      PID:9212
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js"
      4⤵
      PID:8256
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dummy.dic
      4⤵
      PID:8848
  - - C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
      "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"
      4⤵
      PID:9640
  - - C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe
      "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"
      4⤵
      PID:9660
    - - C:\Program Files (x86)\Google\Temp\GUMFD23.tmp\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Temp\GUMFD23.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={524F931D-DF24-B44B-DC1F-F6584FC8C4DD}&lang=en&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
        5⤵
        
        PID:7688
      - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc
        6⤵
        
        PID:6624
      - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver
        6⤵
        
        PID:9368
        
        C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
        7⤵
        
        PID:8992
        
        C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
        7⤵
        
        PID:7936
        
        C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
        7⤵
        
        PID:9508
      - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xNTEiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEEyODQ1N0QtNUU5Ri00N0YwLThEMUQtQUQ3RTJGNzg2MDE1fSIgdXNlcmlkPSJ7ODE5NkNCNzYtMzMyMC00RTE1LThGMTUtNjM3RERFNzlGQ0NDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezE0NzZDODlFLUJBRkYtNEI1OS05RDMxLTA0NEUyREJEREUzN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4xNTEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7NTI0RjkzMUQtREYyNC1CNDRCLURDMUYtRjY1ODRGQzhDNEREfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI0NTg2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        6⤵
        
        PID:9592
      - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        
        "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={524F931D-DF24-B44B-DC1F-F6584FC8C4DD}&lang=en&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource offline /sessionid "{8A28457D-5E9F-47F0-8D1D-AD7E2F786015}" /offlinedir "{E0A123FA-3F61-4244-A0DD-DC80A41DFAF7}"
        6⤵
        
        PID:9796
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      PID:9740
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\Example3B.Diagnostics.Tests.ps1"
      4⤵
      PID:7968
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\Add-Numbers.Tests.ps1"
      4⤵
      PID:7972
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLike.ps1"
      4⤵
      PID:8148
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeNullOrEmpty.ps1"
      4⤵
      PID:4160
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\InModuleScope.ps1"
      4⤵
      PID:9284
  - - C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
      "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe"
      4⤵
      PID:9424
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Network\Downloader\edb.log
      4⤵
      Opens file in notepad (likely ransom note)
      PID:9760
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Monoxid Opener\Monoxid Opener\dll\2.vbs"
  2⤵
  PID:5656
- C:\Users\Admin\Downloads\Monoxid Opener\Monoxid Opener\dll\1.exe
  1.exe
  2⤵
  PID:5848
- - C:\Users\Admin\Downloads\Monoxid Opener\Monoxid Opener\dll\1.exe
    1.exe
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5556
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:6008
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
      4⤵
      PID:7232
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        5⤵
        
        PID:8160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x248
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:6408

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6896

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7480

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7308

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7392

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:7876

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6784

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6684

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9296

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
1⤵
PID:9824
- C:\Program Files (x86)\Google\Update\Install\{87C79F56-0DA8-43A7-AFD7-32CF891338EF}\chrome_installer.exe
  "C:\Program Files (x86)\Google\Update\Install\{87C79F56-0DA8-43A7-AFD7-32CF891338EF}\chrome_installer.exe" --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{87C79F56-0DA8-43A7-AFD7-32CF891338EF}\guiAD97.tmp"
  2⤵
  PID:9632
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xNTEiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4xNTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEEyODQ1N0QtNUU5Ri00N0YwLThEMUQtQUQ3RTJGNzg2MDE1fSIgdXNlcmlkPSJ7ODE5NkNCNzYtMzMyMC00RTE1LThGMTUtNjM3RERFNzlGQ0NDfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7MUYwNzdDMjAtMDQxQy00NDkwLUFFMkMtNDBDNTE3QjAwQzRBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSI4IiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMTIiIGlpZD0iezUyNEY5MzFELURGMjQtQjQ0Qi1EQzFGLUY2NTg0RkM4QzRERH0iPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNiIgZXJyb3Jjb2RlPSIxMDkiIGV4dHJhY29kZTE9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxIiB0b3RhbD0iOTA1ODA1MjAiIGluc3RhbGxfdGltZV9tcz0iMzgzOCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  PID:10148

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:992

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

Filesize
190KB

MD5
067c069e3a48184c32333ebbd152eb01

SHA1
e13808892bb9679a81d0ebdf5f51a6df42400149

SHA256
55f4339688f1e72f5da0819abaa1d1f0630f39c496ec1ea0ad8e3458c8df6b02

SHA512
74b3aecbf11f94948264b29481839bdf48d7b37f966cb5e2aa3062e66cf3587ecf247563e3bcc1837e1fb89602d327fdb4f22fa98c695b4d5768bc3f1903a2b4

Download Submit
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe

Filesize
31.7MB

MD5
c4488ee0cf91c5d2ed6197a6858e1b30

SHA1
f5816bec0bbcdc3766b957caba91cfee55f7b85c

SHA256
1b7f6765bad13541ee070a89c16e32be0b1e0fe4f337fd78135024c9ef566485

SHA512
4932491e0d25008192c345969df18a5806ad80a8fd50266a47e87a32ad3f21abad8cdf55994966335f2eaaaffe35d509193817c1c328ad3b615145f0426ca35b

Download Submit
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Filesize
167KB

MD5
54a010c60be10b65eee5506720fccabb

SHA1
18cfa274db7d6567441db036eb2b25b720d58884

SHA256
9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89

SHA512
afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae

Download Submit
C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp

Filesize
149KB

MD5
3f2322fc3659bde636bfb5a7d7769153

SHA1
e30ead7d7c629b79cc8e23f87837731b4307b00f

SHA256
96a105fd24f82c9820200ca69f005ecc985d14d5370254e24e4ffefee0fca2dc

SHA512
a2557dcdd63044a83b391ee4d4d1e44be4e4e7f47c462037ef3d656e56fe904a7b96c7574ee9640546f0e36a4d219a8d37d1509d9798effec235b2284419a7ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SPM8ETSL\suggestions[1].de-DE

Filesize
18KB

MD5
cc5361b5fdccfc6830217e2eb9972dd8

SHA1
e4a1206d9190eccea3e6a116c954d11da0aeba66

SHA256
afd57b0b6d8166e25bbef7cbc97522677c11c9a930fd4d4a204d1b7ae6258492

SHA512
ef63961bd7f0d3357d352a8f9c8ea57d0271e0fb664b1be179c38cd2d559bbaa4864f64f3521f26f868cc074f97994e2658c6d652021a39dc5207d45411691bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
821aaa9a74b4ccb1f75bd38b13b76566

SHA1
907c8ee16f3a0c6e44df120460a7c675eb36f1dd

SHA256
614b4f9a02d0191c3994205ac2c58571c0af9b71853be47fcf3cb3f9bc1d7f54

SHA512
9d2ef8f1a2d3a7374ff0cdb38d4a93b06d1db4219bae06d57a075ee3dff5f7d6f890084dd51a972ac7572008f73fde7f5152ce5844d1a19569e5a9a439c4532b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
fde9a1d6590026a13e81712cd2f23522

SHA1
ca99a48caea0dbaccf4485afd959581f014277ed

SHA256
16eccc4baf6cf4ab72acd53c72a1f2b04d952e07e385e9050a933e78074a7d5b

SHA512
a522661f5c3eeea89a39df8bbb4d23e6428c337aac1d231d32b39005ea8810fce26af18454586e0e94e51ea4ac0e034c88652c1c09b1ed588aeac461766981f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI58482\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe

Filesize
305KB

MD5
616861cfda9ddef5b3fff0090aaa45d8

SHA1
bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6

SHA256
de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e

SHA512
98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.exe

Filesize
305KB

MD5
616861cfda9ddef5b3fff0090aaa45d8

SHA1
bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6

SHA256
de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e

SHA512
98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\忸郹柾滳邝雐簤脦鰧嘋瓡簮皉蠠衯瘪.txt

Filesize
260B

MD5
ddb2f67f4120e65235b2837c32a288e7

SHA1
67cc6cf4de59984ca7f8788736e57aa0b2b6c30e

SHA256
3f599f277a2dcd96bd3264449903673d19bc26cde78e7b43ba0d8177a72ff85f

SHA512
b2d0a142abb1b1836368e7a13fbb79ed3ecf4d1d96b17716423e7b13d2b9dba5b572e77224a110737d776f868e0729a523825921cda345bd2b87c6abe044287c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
751a815d7958290e882152986fa25818

SHA1
5a605acbae90124cf3d972d92691bccd6e83305e

SHA256
db63124d6ad0356998d5bff5499dcb65dc7282090f081e5ae69019c96a3a1e6e

SHA512
b946a5237052283e51b0911cda97312fa3a16d14bd32ae3d1c259c0d1db6135aa30da727de305a13fd406ed2c1add60491d7ddab4f5853dbf7ef68edc6c81978

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
bf8827b3271a33a26679a1d8bff258e2

SHA1
0f3d13ae7e0af20b32ef6dd94105e29fbf222b6f

SHA256
88101c89fb3e5e85eb01690faab773fe5e5e1385ec0abcdc7a24ad54d8e600ec

SHA512
ef2a499063ba531d20527526d14cd7634c5526cfc0b1b1f576f3210e20dfbfe04d8275cd4714db6858d77a51a6e0dc3c7abd58eedc3174b23bfb8cea3545c736

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs-1.js

Filesize
7KB

MD5
5dae0d1c01bffa87f3edf0e8f75a8e94

SHA1
b1d083447210c816aacdc94cc0d07d4bbe007dab

SHA256
83cbf799db96b10b4f2d83150004f8601cc95c7d5f3eccd13360f3077a603090

SHA512
ed5975adb489c9bdd366bc2df45fc2fe9d277f4a481355a165006c70a9e7c36066545ed9589c0643a27f884cc8038fc937991ca89e26c0ad934cd9214b9a3289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs-1.js

Filesize
7KB

MD5
5c5bb3406d9b13d5ea7df6435c6a7938

SHA1
a0f871caae98c651496e4230495bc41a79807566

SHA256
c89c13af6f45f1fa5971eed90bd7a5a7b9a93ae59194f0c0c7bb04b1bac2c4e4

SHA512
ff699ccb421eac218e07928ef00005764d30d6f8e1447c2796e8da41fcc5c479f30a56aa23155be084dbbc20baa03fe2a6f7d61edb5afdae90bedcdf51e928d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs-1.js

Filesize
6KB

MD5
2046fd4ac90e18308f3f21cac3f6e5d3

SHA1
a5baabe10646c1ff19785737d1e6552ec4119aa3

SHA256
78715329665d32a8da7ad95016565c7348b27c6afee79c8a38a3612ca071df45

SHA512
7c84a89dcde3fc7cb27feb4a233d8eb78e84b15a9162b56d5a5bf8d3fe075684a20e2fc8a1255e7e1bf6891f223c23436ed9a5dd1be18ce9c23e12f65b730d45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js

Filesize
6KB

MD5
cdb5a91b7898f75f98e448e80b41dba6

SHA1
c749651f98e32a2320d2e52fd467fd6217660535

SHA256
ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

SHA512
b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js

Filesize
7KB

MD5
78a3f932448904477b991d6793a5160f

SHA1
19a4b5dfde5fe636a232c3388c8ece326cb91788

SHA256
261f62044f3def3d6beb6121fcf28d163e5ca503ef5aa904f6c8af8c4f7ee39c

SHA512
98e8236b4534ef1e6b4422febe9dc4600dea4913dda59417ef49d49ef2ab18d9b00022151776fb87a3f124a551a3c69c80898643a961c69d75908503b7ac6bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
dd5b9ab44b42ba66fe1b3b908a934edb

SHA1
bb18a5e9df2395caa6ca12872cd4a7a049d99774

SHA256
8b8206c94ad522bdb7d03e3359d7ee08fdaf5a36fb486519496c2d83c033487d

SHA512
bea6ca94cd0595d5fada16ff7b6f279c9fdf366a3da3f0e8ae97bcc7aaeb4e73029358f75938efd343e5a8fee03fd346a104a5bd6c0cb1edf0a2b4b7fbf974ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bbcec522183cf3e7644377d62ba264b2

SHA1
e8aff79aff15a50ad9cb6aadc305a14e562fe700

SHA256
bacc27698440617fa1472d690bc40bd4df4912f4adafe919f949ed4fe1a99306

SHA512
fe65253e6cd888b84d400c2f337446e4322a05280599305d4f2cd167be2f9368914598d8219a2a5b2934b0d0d58a4089759eeb36fd8866a91be7f407ae93764b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
47685d5614d2911a12166e6fe982d416

SHA1
e63e1dcd4268fa402217953e348b1a3e26b77571

SHA256
a57e10286eb868682ddcf8fe884196d33e69d72070301cb9e46f48169ab92168

SHA512
5ec013bb848652e1df531a4981e19a0f7a96497a4e9b9d7701a0a10ac4814719e1ea3ca6f69615cfef8f17faaf2f7492b345342c49dee3e4054c2d255bef1fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
d1dae612ae4d03dfb3f51f9dd8b3ebd3

SHA1
0620a4d4379dc9c5077e5b29a14584dde8408283

SHA256
006c89404e4208b7ae5d05cb9b36e934ecb804dab1a563ffda30d2ff285a75fe

SHA512
dc88fcbba9c1703d7f54b6e562e52409a9c8b2e6823528797ea1958157ed4efdba0148a27508cfd6b4c4f5ab93107fa82a7e1a76e088ef38bc6f3d07d08624c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9bafb1fdd9f2e56858ec28b6afc2d3fc

SHA1
1b16c489a8d5fbbfb331d184df5943c1bb11387a

SHA256
e0855276f13967e8cde246893d1f2303133285b0d98ff24d38add5289ba5ec31

SHA512
9420d83340b866faa06c41de19724fe12c54d7edda8a01584c33494683cb185840d7257e98c6017ed0ec8665aeacaaeb27fd1c0ecfb189af6ab9e46392240161

Download Submit
C:\Users\Admin\Downloads\Monoxid Opener.0RPAFWen.zip.part

Filesize
1.4MB

MD5
1c4875d66ffc97d9ab59fe51e5b18530

SHA1
a8d9e797571a3ed821c2049322d6beb3ce0c4d3d

SHA256
f91ce28ef8b064c321d3ff2a290dbc55ba580c8839bcdb1f37f4621a896fc6f3

SHA512
5bb0141980dc28562e84d1d8f2ac33e26605390a0f61ddcdbfa663bc8bd7a25991ff6356fe33e744d77da5d1a184e02698754c35e27b8cd0c00fb7978c35bf14

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
821aaa9a74b4ccb1f75bd38b13b76566

SHA1
907c8ee16f3a0c6e44df120460a7c675eb36f1dd

SHA256
614b4f9a02d0191c3994205ac2c58571c0af9b71853be47fcf3cb3f9bc1d7f54

SHA512
9d2ef8f1a2d3a7374ff0cdb38d4a93b06d1db4219bae06d57a075ee3dff5f7d6f890084dd51a972ac7572008f73fde7f5152ce5844d1a19569e5a9a439c4532b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
fde9a1d6590026a13e81712cd2f23522

SHA1
ca99a48caea0dbaccf4485afd959581f014277ed

SHA256
16eccc4baf6cf4ab72acd53c72a1f2b04d952e07e385e9050a933e78074a7d5b

SHA512
a522661f5c3eeea89a39df8bbb4d23e6428c337aac1d231d32b39005ea8810fce26af18454586e0e94e51ea4ac0e034c88652c1c09b1ed588aeac461766981f4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI58482\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
memory/6408-824-0x000001FF8BB00000-0x000001FF8BB10000-memory.dmp

Filesize
64KB

Download
memory/6408-898-0x000001FF8BDA0000-0x000001FF8BDA2000-memory.dmp

Filesize
8KB

Download
memory/6408-902-0x000001FF8BC00000-0x000001FF8BC01000-memory.dmp

Filesize
4KB

Download
memory/6408-907-0x000001FF8B9E0000-0x000001FF8B9E1000-memory.dmp

Filesize
4KB

Download
memory/6408-848-0x000001FF90390000-0x000001FF90392000-memory.dmp

Filesize
8KB

Download
memory/6408-847-0x000001FF90360000-0x000001FF90362000-memory.dmp

Filesize
8KB

Download
memory/6408-845-0x000001FF8BD40000-0x000001FF8BD42000-memory.dmp

Filesize
8KB

Download
memory/6408-843-0x000001FF8BC00000-0x000001FF8BC01000-memory.dmp

Filesize
4KB

Download
memory/6408-806-0x000001FF8B720000-0x000001FF8B730000-memory.dmp

Filesize
64KB

Download
memory/7068-870-0x00000221F6510000-0x00000221F6512000-memory.dmp

Filesize
8KB

Download
memory/7068-868-0x00000221E5BE0000-0x00000221E5BE2000-memory.dmp

Filesize
8KB

Download
memory/7068-866-0x00000221E5BC0000-0x00000221E5BC2000-memory.dmp

Filesize
8KB

Download
memory/7068-863-0x00000221E5B80000-0x00000221E5B82000-memory.dmp

Filesize
8KB

Download