hxxps://mega[.]nz/file/yjISmA4Y#yCVECOQsbeSbm34OgJE1qaS8x3pJg6nHOxyAI-sRhRU

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
14/06/2023, 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/yjISmA4Y#yCVECOQsbeSbm34OgJE1qaS8x3pJg6nHOxyAI-sRhRU

Score

8^/10

discovery persistence pyinstaller upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
3160	winrar-x64-622.exe
3320	uninstall.exe
4124	WinRAR.exe
816	RobloxTool.exe
4784	RobloxTool.exe
1260	RobloxTool.exe
3976	RobloxTool.exe

Loads dropped DLL 64 IoCs

pid	Process
3140	Process not Found
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001b00d-801.dat	upx
behavioral1/files/0x000600000001b00d-802.dat	upx
behavioral1/memory/4784-806-0x00007FFF2F050000-0x00007FFF2F4BE000-memory.dmp	upx
behavioral1/files/0x000600000001afef-807.dat	upx
behavioral1/files/0x000600000001b004-812.dat	upx
behavioral1/files/0x000600000001b004-813.dat	upx
behavioral1/files/0x000600000001aff3-816.dat	upx
behavioral1/files/0x000600000001afee-815.dat	upx
behavioral1/files/0x000600000001aff3-817.dat	upx
behavioral1/files/0x000600000001afee-814.dat	upx
behavioral1/files/0x000600000001afef-811.dat	upx
behavioral1/files/0x000600000001aff7-818.dat	upx
behavioral1/files/0x000600000001aff7-819.dat	upx
behavioral1/files/0x000600000001b011-820.dat	upx
behavioral1/files/0x000600000001b011-821.dat	upx
behavioral1/files/0x000600000001b014-824.dat	upx
behavioral1/files/0x000600000001b010-826.dat	upx
behavioral1/files/0x000600000001b014-825.dat	upx
behavioral1/files/0x000600000001b010-827.dat	upx
behavioral1/files/0x000600000001b00f-829.dat	upx
behavioral1/files/0x000600000001b00f-828.dat	upx
behavioral1/files/0x000600000001affa-832.dat	upx
behavioral1/files/0x000600000001affa-831.dat	upx
behavioral1/memory/4784-830-0x00007FFF3FF90000-0x00007FFF3FFB4000-memory.dmp	upx
behavioral1/files/0x000600000001b00a-833.dat	upx
behavioral1/memory/4784-834-0x00007FFF43F60000-0x00007FFF43F6F000-memory.dmp	upx
behavioral1/files/0x000600000001b00a-836.dat	upx
behavioral1/memory/4784-837-0x00007FFF3FB00000-0x00007FFF3FB2D000-memory.dmp	upx
behavioral1/memory/4784-838-0x00007FFF3F5A0000-0x00007FFF3F5B9000-memory.dmp	upx
behavioral1/files/0x000600000001aff9-839.dat	upx
behavioral1/memory/4784-835-0x00007FFF3FF10000-0x00007FFF3FF29000-memory.dmp	upx
behavioral1/memory/4784-840-0x00007FFF436D0000-0x00007FFF436DD000-memory.dmp	upx
behavioral1/memory/4784-842-0x00007FFF3F090000-0x00007FFF3F0BF000-memory.dmp	upx
behavioral1/memory/4784-841-0x00007FFF3F0C0000-0x00007FFF3F0EC000-memory.dmp	upx
behavioral1/memory/4784-843-0x00007FFF3EFC0000-0x00007FFF3F081000-memory.dmp	upx
behavioral1/memory/4784-844-0x00007FFF2E980000-0x00007FFF2EA38000-memory.dmp	upx
behavioral1/memory/4784-845-0x00007FFF2E600000-0x00007FFF2E975000-memory.dmp	upx
behavioral1/memory/4784-847-0x00007FFF410B0000-0x00007FFF410BA000-memory.dmp	upx
behavioral1/memory/4784-848-0x00007FFF3EFA0000-0x00007FFF3EFBC000-memory.dmp	upx
behavioral1/memory/4784-849-0x00007FFF3EF20000-0x00007FFF3EF4E000-memory.dmp	upx
behavioral1/memory/4784-850-0x00007FFF3EB70000-0x00007FFF3EB84000-memory.dmp	upx
behavioral1/memory/4784-851-0x00007FFF3FF80000-0x00007FFF3FF8D000-memory.dmp	upx
behavioral1/memory/4784-854-0x00007FFF2E4E0000-0x00007FFF2E5F8000-memory.dmp	upx
behavioral1/memory/4784-855-0x00007FFF2F580000-0x00007FFF2F59F000-memory.dmp	upx
behavioral1/memory/4784-856-0x00007FFF2E360000-0x00007FFF2E4D1000-memory.dmp	upx
behavioral1/memory/4784-858-0x00007FFF3FA10000-0x00007FFF3FA1B000-memory.dmp	upx
behavioral1/memory/4784-857-0x00007FFF3FC00000-0x00007FFF3FC0B000-memory.dmp	upx
behavioral1/memory/4784-859-0x00007FFF3EF10000-0x00007FFF3EF1C000-memory.dmp	upx
behavioral1/memory/4784-860-0x00007FFF3ED70000-0x00007FFF3ED7B000-memory.dmp	upx
behavioral1/memory/4784-861-0x00007FFF39660000-0x00007FFF3966C000-memory.dmp	upx
behavioral1/memory/4784-862-0x00007FFF315A0000-0x00007FFF315AB000-memory.dmp	upx
behavioral1/memory/4784-863-0x00007FFF2F570000-0x00007FFF2F57C000-memory.dmp	upx
behavioral1/memory/4784-864-0x00007FFF2F560000-0x00007FFF2F56D000-memory.dmp	upx
behavioral1/memory/4784-865-0x00007FFF2F550000-0x00007FFF2F55E000-memory.dmp	upx
behavioral1/memory/4784-867-0x00007FFF2F530000-0x00007FFF2F53C000-memory.dmp	upx
behavioral1/memory/4784-866-0x00007FFF2F540000-0x00007FFF2F54C000-memory.dmp	upx
behavioral1/memory/4784-871-0x00007FFF2F4F0000-0x00007FFF2F4FC000-memory.dmp	upx
behavioral1/memory/4784-870-0x00007FFF2F500000-0x00007FFF2F50C000-memory.dmp	upx
behavioral1/memory/4784-869-0x00007FFF2F510000-0x00007FFF2F51B000-memory.dmp	upx
behavioral1/memory/4784-868-0x00007FFF2F520000-0x00007FFF2F52B000-memory.dmp	upx
behavioral1/memory/4784-872-0x00007FFF2F040000-0x00007FFF2F04D000-memory.dmp	upx
behavioral1/memory/4784-873-0x00007FFF2EFA0000-0x00007FFF2EFB2000-memory.dmp	upx
behavioral1/memory/4784-874-0x00007FFF2F030000-0x00007FFF2F03C000-memory.dmp	upx
behavioral1/memory/4784-875-0x00007FFF2EF80000-0x00007FFF2EF95000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
123	api.ipify.org
110	api.ipify.org
111	api.ipify.org

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240603687	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-622.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-622.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-622.exe

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000700000001afb4-707.dat	pyinstaller
behavioral1/files/0x000700000001afb4-710.dat	pyinstaller
behavioral1/files/0x000700000001afb4-798.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WinRAR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WinRAR.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312474694376487"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r09	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r08	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r03\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.z\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r26	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r14\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r05	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r07\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r29	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r20	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r18	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r10\ = "WinRAR"	uninstall.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4784	RobloxTool.exe
4376	chrome.exe
4376	chrome.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3976	RobloxTool.exe
3596	taskmgr.exe
3596	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1536	OpenWith.exe
4124	WinRAR.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: 33	1984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1984	AUDIODG.EXE
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
4124	WinRAR.exe
4124	WinRAR.exe
4124	WinRAR.exe
4124	WinRAR.exe
4124	WinRAR.exe
3596	taskmgr.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3596	taskmgr.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
1536	OpenWith.exe
3160	winrar-x64-622.exe
3160	winrar-x64-622.exe
3160	winrar-x64-622.exe
3320	uninstall.exe
4124	WinRAR.exe
4124	WinRAR.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 3956	3592	chrome.exe	66
PID 3592 wrote to memory of 3956	3592	chrome.exe	66
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4668	3592	chrome.exe	69
PID 3592 wrote to memory of 4732	3592	chrome.exe	68
PID 3592 wrote to memory of 4732	3592	chrome.exe	68
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70
PID 3592 wrote to memory of 4768	3592	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mega.nz/file/yjISmA4Y#yCVECOQsbeSbm34OgJE1qaS8x3pJg6nHOxyAI-sRhRU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff3fec9758,0x7fff3fec9768,0x7fff3fec9778
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5880 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=876 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3696 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Users\Admin\Downloads\winrar-x64-622.exe
  "C:\Users\Admin\Downloads\winrar-x64-622.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:3160
- - C:\Program Files\WinRAR\uninstall.exe
    "C:\Program Files\WinRAR\uninstall.exe" /setup
    3⤵
    - Executes dropped EXE
    - Modifies system executable filetype association
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1776,i,6194597278254617590,14542063669125847435,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3792

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x29c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1620

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\RobloxTool.rar"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4124

C:\Users\Admin\Desktop\RobloxTool.exe
"C:\Users\Admin\Desktop\RobloxTool.exe"
1⤵
- Executes dropped EXE
PID:816
- C:\Users\Admin\Desktop\RobloxTool.exe
  "C:\Users\Admin\Desktop\RobloxTool.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:2524
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:1764

C:\Users\Admin\Desktop\RobloxTool.exe
"C:\Users\Admin\Desktop\RobloxTool.exe"
1⤵
- Executes dropped EXE
PID:1260
- C:\Users\Admin\Desktop\RobloxTool.exe
  "C:\Users\Admin\Desktop\RobloxTool.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:1244
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:3484

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
109KB

MD5
18eeb70635ccbe518da5598ff203db53

SHA1
f0be58b64f84eac86b5e05685e55ebaef380b538

SHA256
27b85e1a4ff7df5235d05b41f9d60d054516b16779803d8649a86a1e815b105b

SHA512
0b2a295b069722d75a15369b15bb88f13fbda56269d2db92c612b19578fc8dadf4f142ebb7ee94a83f87b2ddd6b715972df88b6bb0281853d40b1ce61957d3bd

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
103KB

MD5
eaeee5f6ee0a3f0fe6f471a75aca13b8

SHA1
58cd77ef76371e349e4bf9891d98120074bd850c

SHA256
f723976575d08f1001b564532b0a849888135059e7c9343c453eead387d7ae4c

SHA512
3fc5994eefce000722679cf03b3e8f6d4a5e5ebfd9d0cc8f362e98b929d1c71e35313a183bfe3ab5adbd9ce52188ade167b8695a58ebd6476189b41627512604

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
317KB

MD5
11d4425b6fc8eb1a37066220cac1887a

SHA1
7d1ee2a5594073f906d49b61431267d29d41300e

SHA256
326d091a39ced3317d9665ed647686462203b42f23b787a3ed4b4ad3e028cc1e

SHA512
236f7b514560d01656ffdee317d39e58a29f260acfd62f6b6659e7e2f2fca2ac8e6becac5067bab5a6ceaeaece6f942633548baeae26655d04ac3143a752be98

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
04fbad3541e29251a425003b772726e1

SHA1
f6916b7b7a42d1de8ef5fa16e16409e6d55ace97

SHA256
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7

SHA512
3e85cf46dd5a7cadc300488e6dadea7f271404fb571e46f07698b3e4eaac6225f52823371d33d41b6bbd7e6668cd60f29a13e6c94b9e9cb7e66090af6383d8b2

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
04fbad3541e29251a425003b772726e1

SHA1
f6916b7b7a42d1de8ef5fa16e16409e6d55ace97

SHA256
0244b889e1928a51b8552ab394f28b6419c00542a1bbc2366e661526790ec0a7

SHA512
3e85cf46dd5a7cadc300488e6dadea7f271404fb571e46f07698b3e4eaac6225f52823371d33d41b6bbd7e6668cd60f29a13e6c94b9e9cb7e66090af6383d8b2

Download Submit
C:\Program Files\WinRAR\uninstall.exe

Filesize
437KB

MD5
36297a3a577f3dcc095c11e5d76ede24

SHA1
ace587f83fb852d3cc9509386d7682f11235b797

SHA256
f7070f4bb071cd497bf3067291657a9a23aab1ca9d0ab3f94721ef13139ce11b

SHA512
f7a3937f9ffb5ebaac95bddc4163436decdd6512f33675e3709227a1a7762588a071143140ed6bb2a143b006931e5c8b49486647800f0de2e5c355e480f57631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4f57c3ac61ce48acea8e12242214e03e

SHA1
9d670dd03f7710225abda9b58284427cdfc03668

SHA256
0d6958d262275e0193581884e6c0c8a83afb85fd828340f76e0e8bbb91fd57b6

SHA512
89a379f68bd8de639fef4c9bf2a74e08f5c8ddafd1fdf5f8946fdc4851d9b821e0bfd450aac6383f5378f0c7f7bc06158b5986e3b86fd308bcd43178d24d76c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
8aca20d867d5ac25b52644c06e2142d8

SHA1
c80c483b87a33731b39146d9466a996857fcde4c

SHA256
2867d8a2ae79c727469cb9a5b894f22dcc53caa077adee5137ad6e76c98ff2e3

SHA512
6254944fef5b43e62a61ed129aa75735580743600d1b3f5da3b5f777ad1ce07e92aa932caab9eef4cfa710af5057b5591a47a3d20a93a171939dbfe0bf437d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\817526ec-4259-4d1f-9d40-97fcb0199676.tmp

Filesize
1KB

MD5
9b933d9f77d503826cc8193259be7b47

SHA1
7ad7a2438e96963a0e469f5de06244a66158fceb

SHA256
5216021fac76cfb3ffce46f6d76e924b17015bafdcaba1ee4efbfea2f32621b7

SHA512
a70b4c40de896eacf437cd81e324074d01b67cabe75631cb562ccd06df020a5f3c2925ef848fa93282ccd4e8b783505cb658a97c2dd2d3bde7766a937ebb505e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac6bf1a6e69a44271e78e2333e31803e

SHA1
c291d60277aa0dacdd22feeef2d548a62cb61374

SHA256
d6f7253eadf17ede0f145e62bc0780e5aef6cb9b08be1f69dcb092d689b33d61

SHA512
4e073d5648a02d32271a79b3bbe40df21ba219ac73750edbadcff08cef2cf962aea756871dfc1342ac5eb2bd3790b866a7ed23303b88cb1f4aa30850359b2624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a0eba9d418090656f8da1744bcf00d7

SHA1
c162293f348739f58ebb88795a149d03123c7936

SHA256
fe1ff0cfe9424f9da538cef6b2a2b26eaec041a61e023135234f6983440b5d1f

SHA512
3ab36f7e4395fa6ece79da738d26deb5f68b353e797e7008c71e1a42498c66834c78753b7eb8dc1b26f3042ab4bfa29333e646b6c84dcdee8ba8bd0f488171d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
afcd92ed72a334e2e992fc0a23b39bf7

SHA1
88e302b4da36c6833ddec8107dc16423c39d1689

SHA256
b9d4def00b08d741ddfebea3d0e0fc3bb6c6929c5963a0e296bdb3fc36a028a1

SHA512
23ff1e976e01d1afdd9a448df9a353949e97ab830e2414a329311db8a90dd15a7b4e2fbf41e7664263af9eb208b6db4d76830d2d5c178c7651155308d102a6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7eb099222b61cb82a66520fc04c878d2

SHA1
1f5653d65a2bf4dad9f418c984dcad6c51fc4cff

SHA256
f3d6a670eea1fd6b0e3b64fd350d03e22be8cbd1bc0c88568884b5dfdabf81f4

SHA512
cc1afce174a36200c4bef5f23cbeaf23f49a0bbe24a811bcffa094a7452a8fb61c2de903cff31afe6733aaa8b8973ef8a0085c8b0c340e06e2b5bc2e700e14f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60220cbd57f3f25fdbc22284934b2ca2

SHA1
0a8079f81286d7ac46c87dbe9419e3e6eeeb1c3a

SHA256
f9f78cd6a7ddf44dda014b52b9efbf20c04f1c8a313d49c00e495ef3b40b6fc4

SHA512
c3e60e8e30cb28648b51487182ab8afa743011db2f8ddd3c00b042f0da58dc61fca5579c1b7caffc02fc98587267fa28526e98fe52fe8cfd606fe81aac70dc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
550aec79805d81baec1a667b6cc6df32

SHA1
3b32400e66dad591312a18931ebfe405fc56f1fd

SHA256
3f80399dfa4d081af7d04f9f03d79ff7283387e29ffd5aa6190fe6695aba1d22

SHA512
b28dc4cb55a66fd5f581dc16824f972fc13a389b222ba95210db1c1b20d6c7f6768300ece7aa1f1035a07975fab03d20304f8bfe1600711f9768e3e88f1cfb0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a643fbf4f536143f9141c079f47a6f55

SHA1
372beed1151d6e1d95b6f944fb653d6c2d6e07a8

SHA256
d7a0d375a3ab5ccf9d91b46e0efdfebec5a129c5cb75997c37e75e3baec652f9

SHA512
d1bd7942e2fce02cac33ec5f520c2a597fb5c6031f2c01a5e1ac4a7bf34e8363b8ff815109a7b6288f6d5f253ee791980fca1da98b136a55e5c179ef3d7f3a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
97123afbe56135ac05e6ca21b8968a1d

SHA1
1ae269db515b613d3ceaf84fecf23ddda01250b2

SHA256
710f51dd5222c4e922f83acb27c25bb6d69b8712b8037ad5b7af3af276821bfb

SHA512
6838b332dab5158a8c2537d0765fbba5d837f81f784d03e2e42aefb5a5984719ad172d6ae6285e3396cf9d3fe1d82e0ef0c53ccb47c948a4f7a4abafcff4ef60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
28c3320c9183cccce878b70036ceb424

SHA1
7a1225fcea1fdbaa824910a85bcc91787f06c8d4

SHA256
6a9d49c6fedbd363f54d7c7b6074fe02705b0cd13196d978b25a2cbed8edd0cc

SHA512
6fdbae01778cde6345d90bc8e290c8c6367eb7c89761171011cee532dd1d7ccea9263149898d8823b392375f4f32a416dc298632818cba304c0e69dce6ff67b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f1530405ef7fa9fc2491e50877b2ff68

SHA1
139942525de2d6bd27081492bc20002373ddc7b5

SHA256
fe7de30d9809c82e92a478d47750b98d13b7fc015b10e14859da0b471dc4e7c3

SHA512
051a03437bc9f2484c51121295658815d7a3acfea41197ac135bc27d71cfa27a0a0fc5204bb5239b8a890ffd45ded06db08e22887662a2c7728e1e892017dfb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56e62e.TMP

Filesize
48B

MD5
cb80a618445459558a25916f37fc0843

SHA1
44dd077804c59d8761453adc7c34696a47682e49

SHA256
c9bbe075eebe734b72624f240d1f13cf9c7fc141de557d854701e6e7e5e68846

SHA512
cad8af68e849f507c4c23755786f3e31a342d865fd29a4ddba185d246920ae28a91bcace4e5cf2b4cee5e94f0d07ae7f37989f81c6680a634f0b58ec192d5d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
e857559d96e35fc93205663e2c7efd9b

SHA1
3dc01f1038a8d362f70d86c002fb9258d10ce21b

SHA256
25a4d3e59ccc891385924a55d74fb329b8e990081c6d009dc984661601958410

SHA512
0013e54e938fe402171402e0b03dcdb066ae7aaa071d83880dbdb199054ef20839a8fc3f58e0a16434667c3642e452f15a9205f5889324f6a987d29d4cf29b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
fbc4a8975c417e98800a2fa980798b39

SHA1
dc34ccee9f267946c929bb3ec79b00dda660cdc3

SHA256
8ab61b482b42d8790a84207a054d253308fd66210a3ba24d9a1162bdcf2a1aae

SHA512
b7f3290798423f3217477c24d52ce1a5d9d823807277e79d40b3204c872614bd42e0d065deafef3d0f1b2b985e89c1fcd50a0fa2976eca0224d5483dcf4b5f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
39b1297c29947b5def8daa6d207ab5a3

SHA1
2e9e771d1a46588947009024ae5302d5813b93dc

SHA256
3fd490bedb6918d769f83f8359199c749217dcb067ac6011032072fbe652d03b

SHA512
f9ad91394cab6d48725953e3bf7a7c80fba220e5d4c5e2e1bf8b24a715ab3536ee30bc933d4094342a087a3ab686b4ed271b16298535e9797b0bd2b761336ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
4e0e854a314e9aa1de0ab606441dee0a

SHA1
bae7c6434e798d8cf6867c5b37835322e269c1f5

SHA256
fde01ff9757ea25e280fe506339a9e21c799624e877c4274c395401ee01a19c4

SHA512
02a6a2c08f841b4c8d09af2e28e8875ec9a8af43538a72e34c0485390beeeae2fb6a7698f769d989fc2b4bb7b38c209ad0104b234bf85a98ce08e74c735283da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576a62.TMP

Filesize
110KB

MD5
83690f01325693e1785566df77676d09

SHA1
499cf0426c6a651ce359b6faa47a1ea824e36203

SHA256
7d215fdc80dff2db6dfd752bf9d56701d5d0ad03e3a3be3f8351080aa726b532

SHA512
74efe02a9b3b7d980f38c835f5830c45bcabeb14e9a907ce1d997871e777c22a9c88d17339803309cc3d0fd3643ad7ffb17d677312f0d757d410ff2300bf5833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_bz2.pyd

Filesize
47KB

MD5
758fff1d194a7ac7a1e3d98bcf143a44

SHA1
de1c61a8e1fb90666340f8b0a34e4d8bfc56da07

SHA256
f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708

SHA512
468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_ctypes.pyd

Filesize
56KB

MD5
6ca9a99c75a0b7b6a22681aa8e5ad77b

SHA1
dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8

SHA256
d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8

SHA512
b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_lzma.pyd

Filesize
84KB

MD5
abceeceaeff3798b5b0de412af610f58

SHA1
c3c94c120b5bed8bccf8104d933e96ac6e42ca90

SHA256
216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e

SHA512
3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_socket.pyd

Filesize
41KB

MD5
afd296823375e106c4b1ac8b39927f8b

SHA1
b05d811e5a5921d5b5cc90b9e4763fd63783587b

SHA256
e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007

SHA512
95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_ssl.pyd

Filesize
60KB

MD5
1e643c629f993a63045b0ff70d6cf7c6

SHA1
9af2d22226e57dc16c199cad002e3beb6a0a0058

SHA256
4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a

SHA512
9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\_uuid.pyd

Filesize
21KB

MD5
81dfa68ca3cb20ced73316dbc78423f6

SHA1
8841cf22938aa6ee373ff770716bb9c6d9bc3e26

SHA256
d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190

SHA512
e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\base_library.zip

Filesize
1.0MB

MD5
8408ed920feb0fddba1f4e7038de154c

SHA1
eaea1a127897484ec3bb0e20507983d8a21af1d6

SHA256
45903aab332269dd28ea06c1241570e139dc07ca4e5f40fba323bd86532986c2

SHA512
23a9eb2617578b0ae81805b1415d29a89d6256bdc420e6dc6b5fe6760abc0947abd267bbd0ec50b395d2ba0c6416c72e5f4a44a5e2d3130146bd249b0dbc5eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
04d71bdd54b4c79cfaf21c1aa0a80132

SHA1
12bec0411eee3dbed5146696ca17857a4d49cf0d

SHA256
ea7faaa075c0ca0747be4fef7d19bda21b05f6d176d1cbad2611f481f49efe23

SHA512
c7712b271681327fc1a20c8ae3d06fed940c0ac37fe24c60e2424f9e9e152227998e0c229e7409c0d0a7538c9aa12699665fbdf0ed50d42c6577cd4fb3efd6d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\pywin32_system32\pythoncom310.dll

Filesize
195KB

MD5
c1dda655900c76a359534ce503035e05

SHA1
2ee4ada253f10c1a8facb105698cafff2b53b5e8

SHA256
26258ad7f04fcb9a1e2ab9ba0b04a586031e5d81c3d2c1e1d40418978253c4cd

SHA512
b55b6469a59752601a9d1996c2ae5245ca6b919468c057d8fc0253e3b314db376a597de2879d1e72a60c3662dfefbcb08d286b38022b041b937d39082855d223

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\pywin32_system32\pywintypes310.dll

Filesize
61KB

MD5
2dcfb72036a89f11709f1317ff413883

SHA1
818406cca32c15520d6423bbb97cdfa8d8a7d786

SHA256
ac8b3341e756bc59358e36f390980ca46ec2a631dd8bf8739b4288484b131a4e

SHA512
5fe7c45f09245db2572d771ec0bb7c83cab5b4b2dea15378549b7029cc6a4c7beebb40f763346f9a4343a6eacfb6cf0ade2ef36838cce4db100b5d4d843ca74e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\select.pyd

Filesize
24KB

MD5
72009cde5945de0673a11efb521c8ccd

SHA1
bddb47ac13c6302a871a53ba303001837939f837

SHA256
5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca

SHA512
d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8162\win32api.pyd

Filesize
48KB

MD5
23b6e4591cf72f3dea00bbe7e1570bf6

SHA1
d1b3459afdbcc94e13415ac112abda3693ba75a2

SHA256
388458feb3634bfced86140073ce3f027f1ae4a2ec73aa7f4b18d5475513f9da

SHA512
e40f42cf2b6fb5261cd9b653e03011375157a5ce7ff99b6db7ecc1eab9bc356b2e989ed43ba7c1ec904e58549da3cd5d153405d6d76d4a9485f18e02442ac4c8

Download Submit
C:\Users\Admin\Desktop\RobloxTool.exe

Filesize
13.9MB

MD5
4dc69ac2f24db66a23896214bc02b727

SHA1
de6299b3f06652d5d2eb8649d0424e4dbdd796bb

SHA256
eb294aa3b6bd65308e60154082b429ec277f27f7c990d25d0fa34c1dd1c332cf

SHA512
928574c871326bcf63baeabb62fd311721b5cd93475d2388d6724e20d65fdb74365b3263e158d2de0199cf45ce393c5c7f0b30bb0b18d24dcad0544034801694

Download Submit
C:\Users\Admin\Desktop\RobloxTool.exe

Filesize
13.9MB

MD5
4dc69ac2f24db66a23896214bc02b727

SHA1
de6299b3f06652d5d2eb8649d0424e4dbdd796bb

SHA256
eb294aa3b6bd65308e60154082b429ec277f27f7c990d25d0fa34c1dd1c332cf

SHA512
928574c871326bcf63baeabb62fd311721b5cd93475d2388d6724e20d65fdb74365b3263e158d2de0199cf45ce393c5c7f0b30bb0b18d24dcad0544034801694

Download Submit
C:\Users\Admin\Desktop\RobloxTool.exe

Filesize
13.9MB

MD5
4dc69ac2f24db66a23896214bc02b727

SHA1
de6299b3f06652d5d2eb8649d0424e4dbdd796bb

SHA256
eb294aa3b6bd65308e60154082b429ec277f27f7c990d25d0fa34c1dd1c332cf

SHA512
928574c871326bcf63baeabb62fd311721b5cd93475d2388d6724e20d65fdb74365b3263e158d2de0199cf45ce393c5c7f0b30bb0b18d24dcad0544034801694

Download Submit
C:\Users\Admin\Downloads\RobloxTool.rar

Filesize
13.7MB

MD5
02b0a5b56ce7458743d45577293949e6

SHA1
26b195a692c3b7f16757338985a51b0ebd71d90d

SHA256
fbd74442e978484fe089c633f2174adcdc00052cf215e9461d55f12d523f226e

SHA512
878296577c2bdb3f4fcb17a4e946fc89169bbed561cda65650df512134227e3fb62a83ba743d3513224d37c017e6c04957811afa24d7c3af90a09a3d940f0b70

Download Submit
C:\Users\Admin\Downloads\RobloxTool.rar

Filesize
13.7MB

MD5
02b0a5b56ce7458743d45577293949e6

SHA1
26b195a692c3b7f16757338985a51b0ebd71d90d

SHA256
fbd74442e978484fe089c633f2174adcdc00052cf215e9461d55f12d523f226e

SHA512
878296577c2bdb3f4fcb17a4e946fc89169bbed561cda65650df512134227e3fb62a83ba743d3513224d37c017e6c04957811afa24d7c3af90a09a3d940f0b70

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
\Program Files\WinRAR\RarExt.dll

Filesize
664KB

MD5
608f972a89e2d43b4c55e4e72483cfd5

SHA1
1b58762a3ae9ba9647d879819d1364e787cb3730

SHA256
dd989631b1b4f5450766ad42aec9a0e16718a0d23bc694fa238a4d54b02be417

SHA512
3c410d19aaa780e4fe25b331f85bdd8ccd0a9f585d538afdf216dfcd5c3a6ee911924bcca9078af689c4610f23a31e5a89c7c84144356e8dedceac7fb020960a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\_bz2.pyd

Filesize
47KB

MD5
758fff1d194a7ac7a1e3d98bcf143a44

SHA1
de1c61a8e1fb90666340f8b0a34e4d8bfc56da07

SHA256
f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708

SHA512
468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\_ctypes.pyd

Filesize
56KB

MD5
6ca9a99c75a0b7b6a22681aa8e5ad77b

SHA1
dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8

SHA256
d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8

SHA512
b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\_lzma.pyd

Filesize
84KB

MD5
abceeceaeff3798b5b0de412af610f58

SHA1
c3c94c120b5bed8bccf8104d933e96ac6e42ca90

SHA256
216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e

SHA512
3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\_socket.pyd

Filesize
41KB

MD5
afd296823375e106c4b1ac8b39927f8b

SHA1
b05d811e5a5921d5b5cc90b9e4763fd63783587b

SHA256
e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007

SHA512
95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\_uuid.pyd

Filesize
21KB

MD5
81dfa68ca3cb20ced73316dbc78423f6

SHA1
8841cf22938aa6ee373ff770716bb9c6d9bc3e26

SHA256
d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190

SHA512
e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
04d71bdd54b4c79cfaf21c1aa0a80132

SHA1
12bec0411eee3dbed5146696ca17857a4d49cf0d

SHA256
ea7faaa075c0ca0747be4fef7d19bda21b05f6d176d1cbad2611f481f49efe23

SHA512
c7712b271681327fc1a20c8ae3d06fed940c0ac37fe24c60e2424f9e9e152227998e0c229e7409c0d0a7538c9aa12699665fbdf0ed50d42c6577cd4fb3efd6d6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\python3.dll

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\python3.dll

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\pywin32_system32\pythoncom310.dll

Filesize
195KB

MD5
c1dda655900c76a359534ce503035e05

SHA1
2ee4ada253f10c1a8facb105698cafff2b53b5e8

SHA256
26258ad7f04fcb9a1e2ab9ba0b04a586031e5d81c3d2c1e1d40418978253c4cd

SHA512
b55b6469a59752601a9d1996c2ae5245ca6b919468c057d8fc0253e3b314db376a597de2879d1e72a60c3662dfefbcb08d286b38022b041b937d39082855d223

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\pywin32_system32\pywintypes310.dll

Filesize
61KB

MD5
2dcfb72036a89f11709f1317ff413883

SHA1
818406cca32c15520d6423bbb97cdfa8d8a7d786

SHA256
ac8b3341e756bc59358e36f390980ca46ec2a631dd8bf8739b4288484b131a4e

SHA512
5fe7c45f09245db2572d771ec0bb7c83cab5b4b2dea15378549b7029cc6a4c7beebb40f763346f9a4343a6eacfb6cf0ade2ef36838cce4db100b5d4d843ca74e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\select.pyd

Filesize
24KB

MD5
72009cde5945de0673a11efb521c8ccd

SHA1
bddb47ac13c6302a871a53ba303001837939f837

SHA256
5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca

SHA512
d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI8162\win32api.pyd

Filesize
48KB

MD5
23b6e4591cf72f3dea00bbe7e1570bf6

SHA1
d1b3459afdbcc94e13415ac112abda3693ba75a2

SHA256
388458feb3634bfced86140073ce3f027f1ae4a2ec73aa7f4b18d5475513f9da

SHA512
e40f42cf2b6fb5261cd9b653e03011375157a5ce7ff99b6db7ecc1eab9bc356b2e989ed43ba7c1ec904e58549da3cd5d153405d6d76d4a9485f18e02442ac4c8

Download Submit
memory/3976-1132-0x00007FFF2F4F0000-0x00007FFF2F51D000-memory.dmp

Filesize
180KB

Download
memory/3976-1088-0x00007FFF2E250000-0x00007FFF2E5C5000-memory.dmp

Filesize
3.5MB

Download
memory/3976-1139-0x00007FFF3EF10000-0x00007FFF3EF2C000-memory.dmp

Filesize
112KB

Download
memory/3976-1141-0x00007FFF2E250000-0x00007FFF2E5C5000-memory.dmp

Filesize
3.5MB

Download
memory/3976-1138-0x00007FFF410B0000-0x00007FFF410BA000-memory.dmp

Filesize
40KB

Download
memory/3976-1137-0x00007FFF2F320000-0x00007FFF2F3E1000-memory.dmp

Filesize
772KB

Download
memory/3976-1135-0x00007FFF2F420000-0x00007FFF2F44C000-memory.dmp

Filesize
176KB

Download
memory/3976-1136-0x00007FFF2F3F0000-0x00007FFF2F41F000-memory.dmp

Filesize
188KB

Download
memory/3976-1134-0x00007FFF436D0000-0x00007FFF436DD000-memory.dmp

Filesize
52KB

Download
memory/3976-1133-0x00007FFF3EF50000-0x00007FFF3EF69000-memory.dmp

Filesize
100KB

Download
memory/3976-1142-0x00007FFF2F1E0000-0x00007FFF2F298000-memory.dmp

Filesize
736KB

Download
memory/3976-1131-0x00007FFF3F5A0000-0x00007FFF3F5B9000-memory.dmp

Filesize
100KB

Download
memory/3976-1130-0x00007FFF43F60000-0x00007FFF43F6F000-memory.dmp

Filesize
60KB

Download
memory/3976-1129-0x00007FFF3EF70000-0x00007FFF3EF94000-memory.dmp

Filesize
144KB

Download
memory/3976-1128-0x00007FFF2E5D0000-0x00007FFF2EA3E000-memory.dmp

Filesize
4.4MB

Download
memory/3976-1140-0x00007FFF2F2A0000-0x00007FFF2F2CE000-memory.dmp

Filesize
184KB

Download
memory/3976-1087-0x00007FFF2F2A0000-0x00007FFF2F2CE000-memory.dmp

Filesize
184KB

Download
memory/3976-1086-0x00007FFF3EF10000-0x00007FFF3EF2C000-memory.dmp

Filesize
112KB

Download
memory/3976-1085-0x00007FFF410B0000-0x00007FFF410BA000-memory.dmp

Filesize
40KB

Download
memory/3976-1083-0x00007FFF2F3F0000-0x00007FFF2F41F000-memory.dmp

Filesize
188KB

Download
memory/3976-1084-0x00007FFF2F320000-0x00007FFF2F3E1000-memory.dmp

Filesize
772KB

Download
memory/3976-1082-0x00007FFF2F420000-0x00007FFF2F44C000-memory.dmp

Filesize
176KB

Download
memory/3976-1081-0x00007FFF436D0000-0x00007FFF436DD000-memory.dmp

Filesize
52KB

Download
memory/3976-1080-0x00007FFF3EF50000-0x00007FFF3EF69000-memory.dmp

Filesize
100KB

Download
memory/3976-1079-0x00007FFF2F4F0000-0x00007FFF2F51D000-memory.dmp

Filesize
180KB

Download
memory/3976-1078-0x00007FFF3F5A0000-0x00007FFF3F5B9000-memory.dmp

Filesize
100KB

Download
memory/3976-1077-0x00007FFF43F60000-0x00007FFF43F6F000-memory.dmp

Filesize
60KB

Download
memory/3976-1076-0x00007FFF3EF70000-0x00007FFF3EF94000-memory.dmp

Filesize
144KB

Download
memory/3976-1073-0x00007FFF2E5D0000-0x00007FFF2EA3E000-memory.dmp

Filesize
4.4MB

Download
memory/4784-865-0x00007FFF2F550000-0x00007FFF2F55E000-memory.dmp

Filesize
56KB

Download
memory/4784-866-0x00007FFF2F540000-0x00007FFF2F54C000-memory.dmp

Filesize
48KB

Download
memory/4784-871-0x00007FFF2F4F0000-0x00007FFF2F4FC000-memory.dmp

Filesize
48KB

Download
memory/4784-870-0x00007FFF2F500000-0x00007FFF2F50C000-memory.dmp

Filesize
48KB

Download
memory/4784-869-0x00007FFF2F510000-0x00007FFF2F51B000-memory.dmp

Filesize
44KB

Download
memory/4784-868-0x00007FFF2F520000-0x00007FFF2F52B000-memory.dmp

Filesize
44KB

Download
memory/4784-872-0x00007FFF2F040000-0x00007FFF2F04D000-memory.dmp

Filesize
52KB

Download
memory/4784-873-0x00007FFF2EFA0000-0x00007FFF2EFB2000-memory.dmp

Filesize
72KB

Download
memory/4784-874-0x00007FFF2F030000-0x00007FFF2F03C000-memory.dmp

Filesize
48KB

Download
memory/4784-875-0x00007FFF2EF80000-0x00007FFF2EF95000-memory.dmp

Filesize
84KB

Download
memory/4784-876-0x00007FFF2EF70000-0x00007FFF2EF80000-memory.dmp

Filesize
64KB

Download
memory/4784-878-0x00007FFF2EF30000-0x00007FFF2EF4B000-memory.dmp

Filesize
108KB

Download
memory/4784-877-0x00007FFF2EF50000-0x00007FFF2EF64000-memory.dmp

Filesize
80KB

Download
memory/4784-879-0x00007FFF2EF10000-0x00007FFF2EF23000-memory.dmp

Filesize
76KB

Download
memory/4784-880-0x00007FFF2E340000-0x00007FFF2E355000-memory.dmp

Filesize
84KB

Download
memory/4784-881-0x00007FFF2E300000-0x00007FFF2E33F000-memory.dmp

Filesize
252KB

Download
memory/4784-882-0x00007FFF2E2F0000-0x00007FFF2E2FE000-memory.dmp

Filesize
56KB

Download
memory/4784-883-0x00007FFF2E2D0000-0x00007FFF2E2E6000-memory.dmp

Filesize
88KB

Download
memory/4784-884-0x00007FFF2E2A0000-0x00007FFF2E2CB000-memory.dmp

Filesize
172KB

Download
memory/4784-885-0x00007FFF2E000000-0x00007FFF2E250000-memory.dmp

Filesize
2.3MB

Download
memory/4784-897-0x00007FFF2F050000-0x00007FFF2F4BE000-memory.dmp

Filesize
4.4MB

Download
memory/4784-898-0x00007FFF3FF90000-0x00007FFF3FFB4000-memory.dmp

Filesize
144KB

Download
memory/4784-899-0x00007FFF43F60000-0x00007FFF43F6F000-memory.dmp

Filesize
60KB

Download
memory/4784-900-0x00007FFF3FF10000-0x00007FFF3FF29000-memory.dmp

Filesize
100KB

Download
memory/4784-901-0x00007FFF3FB00000-0x00007FFF3FB2D000-memory.dmp

Filesize
180KB

Download
memory/4784-902-0x00007FFF3F5A0000-0x00007FFF3F5B9000-memory.dmp

Filesize
100KB

Download
memory/4784-903-0x00007FFF436D0000-0x00007FFF436DD000-memory.dmp

Filesize
52KB

Download
memory/4784-904-0x00007FFF3F0C0000-0x00007FFF3F0EC000-memory.dmp

Filesize
176KB

Download
memory/4784-905-0x00007FFF3F090000-0x00007FFF3F0BF000-memory.dmp

Filesize
188KB

Download
memory/4784-906-0x00007FFF3EFC0000-0x00007FFF3F081000-memory.dmp

Filesize
772KB

Download
memory/4784-907-0x00007FFF410B0000-0x00007FFF410BA000-memory.dmp

Filesize
40KB

Download
memory/4784-908-0x00007FFF3EFA0000-0x00007FFF3EFBC000-memory.dmp

Filesize
112KB

Download
memory/4784-909-0x00007FFF3EF20000-0x00007FFF3EF4E000-memory.dmp

Filesize
184KB

Download
memory/4784-910-0x00007FFF2E980000-0x00007FFF2EA38000-memory.dmp

Filesize
736KB

Download
memory/4784-911-0x00007FFF2E600000-0x00007FFF2E975000-memory.dmp

Filesize
3.5MB

Download
memory/4784-912-0x00007FFF3EB70000-0x00007FFF3EB84000-memory.dmp

Filesize
80KB

Download
memory/4784-913-0x00007FFF3FF80000-0x00007FFF3FF8D000-memory.dmp

Filesize
52KB

Download
memory/4784-914-0x00007FFF2E4E0000-0x00007FFF2E5F8000-memory.dmp

Filesize
1.1MB

Download
memory/4784-915-0x00007FFF2F580000-0x00007FFF2F59F000-memory.dmp

Filesize
124KB

Download
memory/4784-916-0x00007FFF2E360000-0x00007FFF2E4D1000-memory.dmp

Filesize
1.4MB

Download
memory/4784-917-0x00007FFF3FC00000-0x00007FFF3FC0B000-memory.dmp

Filesize
44KB

Download
memory/4784-918-0x00007FFF3FA10000-0x00007FFF3FA1B000-memory.dmp

Filesize
44KB

Download
memory/4784-919-0x00007FFF3EF10000-0x00007FFF3EF1C000-memory.dmp

Filesize
48KB

Download
memory/4784-920-0x00007FFF3ED70000-0x00007FFF3ED7B000-memory.dmp

Filesize
44KB

Download
memory/4784-921-0x00007FFF39660000-0x00007FFF3966C000-memory.dmp

Filesize
48KB

Download
memory/4784-922-0x00007FFF315A0000-0x00007FFF315AB000-memory.dmp

Filesize
44KB

Download
memory/4784-923-0x00007FFF2F570000-0x00007FFF2F57C000-memory.dmp

Filesize
48KB

Download
memory/4784-924-0x00007FFF2F560000-0x00007FFF2F56D000-memory.dmp

Filesize
52KB

Download
memory/4784-925-0x00007FFF2F550000-0x00007FFF2F55E000-memory.dmp

Filesize
56KB

Download
memory/4784-926-0x00007FFF2F540000-0x00007FFF2F54C000-memory.dmp

Filesize
48KB

Download
memory/4784-927-0x00007FFF2F530000-0x00007FFF2F53C000-memory.dmp

Filesize
48KB

Download
memory/4784-928-0x00007FFF2F520000-0x00007FFF2F52B000-memory.dmp

Filesize
44KB

Download
memory/4784-929-0x00007FFF2F510000-0x00007FFF2F51B000-memory.dmp

Filesize
44KB

Download
memory/4784-930-0x00007FFF2F500000-0x00007FFF2F50C000-memory.dmp

Filesize
48KB

Download
memory/4784-931-0x00007FFF2F4F0000-0x00007FFF2F4FC000-memory.dmp

Filesize
48KB

Download
memory/4784-932-0x00007FFF2F040000-0x00007FFF2F04D000-memory.dmp

Filesize
52KB

Download
memory/4784-933-0x00007FFF2EFA0000-0x00007FFF2EFB2000-memory.dmp

Filesize
72KB

Download
memory/4784-934-0x00007FFF2F030000-0x00007FFF2F03C000-memory.dmp

Filesize
48KB

Download
memory/4784-935-0x00007FFF2EF80000-0x00007FFF2EF95000-memory.dmp

Filesize
84KB

Download
memory/4784-936-0x00007FFF2EF70000-0x00007FFF2EF80000-memory.dmp

Filesize
64KB

Download
memory/4784-937-0x00007FFF2EF50000-0x00007FFF2EF64000-memory.dmp

Filesize
80KB

Download
memory/4784-938-0x00007FFF2EF30000-0x00007FFF2EF4B000-memory.dmp

Filesize
108KB

Download
memory/4784-939-0x00007FFF2EF10000-0x00007FFF2EF23000-memory.dmp

Filesize
76KB

Download
memory/4784-940-0x00007FFF2E340000-0x00007FFF2E355000-memory.dmp

Filesize
84KB

Download
memory/4784-941-0x00007FFF2E300000-0x00007FFF2E33F000-memory.dmp

Filesize
252KB

Download
memory/4784-942-0x00007FFF2E2F0000-0x00007FFF2E2FE000-memory.dmp

Filesize
56KB

Download
memory/4784-943-0x00007FFF2E2D0000-0x00007FFF2E2E6000-memory.dmp

Filesize
88KB

Download
memory/4784-944-0x00007FFF2E2A0000-0x00007FFF2E2CB000-memory.dmp

Filesize
172KB

Download
memory/4784-945-0x00007FFF2E000000-0x00007FFF2E250000-memory.dmp

Filesize
2.3MB

Download
memory/4784-867-0x00007FFF2F530000-0x00007FFF2F53C000-memory.dmp

Filesize
48KB

Download
memory/4784-864-0x00007FFF2F560000-0x00007FFF2F56D000-memory.dmp

Filesize
52KB

Download
memory/4784-863-0x00007FFF2F570000-0x00007FFF2F57C000-memory.dmp

Filesize
48KB

Download
memory/4784-862-0x00007FFF315A0000-0x00007FFF315AB000-memory.dmp

Filesize
44KB

Download
memory/4784-861-0x00007FFF39660000-0x00007FFF3966C000-memory.dmp

Filesize
48KB

Download
memory/4784-860-0x00007FFF3ED70000-0x00007FFF3ED7B000-memory.dmp

Filesize
44KB

Download
memory/4784-859-0x00007FFF3EF10000-0x00007FFF3EF1C000-memory.dmp

Filesize
48KB

Download
memory/4784-857-0x00007FFF3FC00000-0x00007FFF3FC0B000-memory.dmp

Filesize
44KB

Download
memory/4784-858-0x00007FFF3FA10000-0x00007FFF3FA1B000-memory.dmp

Filesize
44KB

Download
memory/4784-856-0x00007FFF2E360000-0x00007FFF2E4D1000-memory.dmp

Filesize
1.4MB

Download
memory/4784-855-0x00007FFF2F580000-0x00007FFF2F59F000-memory.dmp

Filesize
124KB

Download
memory/4784-854-0x00007FFF2E4E0000-0x00007FFF2E5F8000-memory.dmp

Filesize
1.1MB

Download
memory/4784-851-0x00007FFF3FF80000-0x00007FFF3FF8D000-memory.dmp

Filesize
52KB

Download
memory/4784-850-0x00007FFF3EB70000-0x00007FFF3EB84000-memory.dmp

Filesize
80KB

Download
memory/4784-849-0x00007FFF3EF20000-0x00007FFF3EF4E000-memory.dmp

Filesize
184KB

Download
memory/4784-848-0x00007FFF3EFA0000-0x00007FFF3EFBC000-memory.dmp

Filesize
112KB

Download
memory/4784-847-0x00007FFF410B0000-0x00007FFF410BA000-memory.dmp

Filesize
40KB

Download
memory/4784-846-0x0000017428B80000-0x0000017428EF5000-memory.dmp

Filesize
3.5MB

Download
memory/4784-845-0x00007FFF2E600000-0x00007FFF2E975000-memory.dmp

Filesize
3.5MB

Download
memory/4784-844-0x00007FFF2E980000-0x00007FFF2EA38000-memory.dmp

Filesize
736KB

Download
memory/4784-843-0x00007FFF3EFC0000-0x00007FFF3F081000-memory.dmp

Filesize
772KB

Download
memory/4784-841-0x00007FFF3F0C0000-0x00007FFF3F0EC000-memory.dmp

Filesize
176KB

Download
memory/4784-842-0x00007FFF3F090000-0x00007FFF3F0BF000-memory.dmp

Filesize
188KB

Download
memory/4784-840-0x00007FFF436D0000-0x00007FFF436DD000-memory.dmp

Filesize
52KB

Download
memory/4784-835-0x00007FFF3FF10000-0x00007FFF3FF29000-memory.dmp

Filesize
100KB

Download
memory/4784-838-0x00007FFF3F5A0000-0x00007FFF3F5B9000-memory.dmp

Filesize
100KB

Download
memory/4784-837-0x00007FFF3FB00000-0x00007FFF3FB2D000-memory.dmp

Filesize
180KB

Download
memory/4784-834-0x00007FFF43F60000-0x00007FFF43F6F000-memory.dmp

Filesize
60KB

Download
memory/4784-830-0x00007FFF3FF90000-0x00007FFF3FFB4000-memory.dmp

Filesize
144KB

Download
memory/4784-806-0x00007FFF2F050000-0x00007FFF2F4BE000-memory.dmp

Filesize
4.4MB

Download