352dd07afe91a994e7fc7f6be224c1c1cca2f859d52c744bec6499e7a2c60dcb

Analysis

max time kernel
148s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

5.0MB
MD5

c679369a7270cb8f284b96ba9325b007
SHA1

c33955d7a9f44ab9ef7e67031960fcbb13690714
SHA256

a0fb1568891680d66efb9f545ed1cdc9c8124d96e220cbdd8b618769be6e6083
SHA512

081152540c6579c0cd27f201f8b0a8956a1debc58c538c47dc88a99aa64929ca28f2eb9b3229d61618c6d979d583cfeca6a930d3dc56ff6f138989774372079f
SSDEEP

98304:Hc/jJ36G67LQVRzp6ELW++55YhTO1mv3JbYyIeq1SWdeHV6IKpqAMX0O54cy0:8NqoXzpbKKOQRbGv6HAHwXsf0

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	main.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	main.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	main.exe

Executes dropped EXE 2 IoCs

pid	Process
3832	loader.exe
1628	main.exe

Loads dropped DLL 40 IoCs

pid	Process
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe
1628	main.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe
3832	loader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3832	loader.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 3832	408	loader.exe	80
PID 408 wrote to memory of 3832	408	loader.exe	80
PID 3832 wrote to memory of 4872	3832	loader.exe	81
PID 3832 wrote to memory of 4872	3832	loader.exe	81
PID 4872 wrote to memory of 8	4872	cmd.exe	83
PID 4872 wrote to memory of 8	4872	cmd.exe	83
PID 8 wrote to memory of 1628	8	main.exe	85
PID 8 wrote to memory of 1628	8	main.exe	85
PID 1628 wrote to memory of 2348	1628	main.exe	86
PID 1628 wrote to memory of 2348	1628	main.exe	86
PID 1628 wrote to memory of 776	1628	main.exe	88
PID 1628 wrote to memory of 776	1628	main.exe	88
PID 3832 wrote to memory of 1628	3832	loader.exe	85
PID 1628 wrote to memory of 884	1628	main.exe	89
PID 1628 wrote to memory of 884	1628	main.exe	89
PID 1628 wrote to memory of 236	1628	main.exe	90
PID 1628 wrote to memory of 236	1628	main.exe	90

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:408
- C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start main.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\main.exe
      main.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\main.exe
        
        main.exe
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of WriteProcessMemory
        
        PID:1628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:2348
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title Aquatic Raider I Tokens Loaded: 0 I Proxies Loaded: 0 I Version: V3 I Join: discord.gg/aquaticraider
        6⤵
        
        PID:884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_decimal.pyd

Filesize
247KB

MD5
be315973aff9bdeb06629cd90e1a901f

SHA1
151f98d278e1f1308f2be1788c9f3b950ab88242

SHA256
0f9c6cc463611a9b2c692382fe1cdd7a52fea4733ffaf645d433f716f8bbd725

SHA512
8ea715438472e9c174dee5ece3c7d9752c31159e2d5796e5229b1df19f87316579352fc3649373db066dc537adf4869198b70b7d4d1d39ac647da2dd7cfc21e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_elementtree.pyd

Filesize
125KB

MD5
be02ef37d9a1c127253bc5a84705a3b7

SHA1
c313d01f999791abc9e4a7982ee6a814f8fbe6ef

SHA256
2ebb2bc6ce26d25bc2ad471f9d7edc4684064afa606f046ebf0a39c75031cb53

SHA512
2f582da0debbf5fb254e8d85e56765d2d59263a82fac91a75648575a8d95a814b231acc1a30c5bec3e3d087367996547c8affba2f09aff899a4123210e0451f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_hashlib.pyd

Filesize
63KB

MD5
1524882af71247adecf5815a4e55366a

SHA1
e25014c793c53503bdff9af046140edda329d01b

SHA256
6f7742dfdd371c39048d775f37df3bc2d8d4316c9008e62347b337d64ebed327

SHA512
5b954bb7953f19aa6f7c65ad3f105b77d37077950fb1b50d9d8d337bdd4b95343bac2f4c9fe17a02d1738d1f87eeef73dbbf5cdddcb470588cbc5a63845b188a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_queue.pyd

Filesize
31KB

MD5
8bbed19359892f8c95c802c6ad7598e9

SHA1
773fca164965241f63170e7a1f3a8fa17f73ea18

SHA256
4e5b7c653c1b3dc3fd7519e4f39cc8a2fb2746e0ecdc4e433fe6029f5f4d9065

SHA512
22ea7667689a9f049fa34ddae6b858e1af3e646a379d2c5a4aef3e74a4ff1a4109418b363c9be960127f1c7e020aa393a47885bc45517c9e9aebe71ec7cb61a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\_socket.pyd

Filesize
77KB

MD5
64a6c475f59e5c57b3f4dd935f429f09

SHA1
ca2e0719dc32f22163ae0e7b53b2caadb0b9d023

SHA256
d03fa645cde89b4b01f4a2577139fbb7e1392cb91dc26213b3b76419110d8e49

SHA512
cf9e03b7b34cc095fe05c465f9d794319aaa0428fe30ab4ddce14ba78e835edf228d11ec016fd31dfe9f09d84b6f73482fb8e0f574d1fd08943c1ec9e0584973

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\libcrypto-3.dll

Filesize
1.4MB

MD5
c58097769ff21e56f20f9fc522a3fc0b

SHA1
5dd96b091531070b346a931eb922cf93cd577b5a

SHA256
f41514c1da0c51483d36e4ca1c2f02856b46972488cf6260acc2a4553510d71b

SHA512
0c512a78c25d9937501bd58fafa907c53e23ae951e6a84326bad187e710344596e251ac031610252112621b7b04b92c9449c9e9a0693706b9eebfa0323b40fd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\libssl-3.dll

Filesize
579KB

MD5
ffd81d4b84f45cc93e22980175e4d7ce

SHA1
19251c25d41756cda07ec52832d460cd0f06c25b

SHA256
9f21c7ac435a7c97c9d27663503c6d3683b1eade52031f8a7a23444818a3f1d1

SHA512
c3c3447eb8188d48af7ff0ae3d75c5277361e41aeca2a005046f89172bb3af31304de1da7a899d04da68705a4d91e65be4a7d8e1ba1702939c91245373ebbaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\regex\_regex.pyd

Filesize
442KB

MD5
0cfc3a2fa559f67436de86543c1c89bc

SHA1
d5df8140fc09841cd46c12fef8d1cb37e6ac552d

SHA256
d3b271316962c347d9549c282201635d7303d5038633de2dd39be2abf4ecf4e8

SHA512
753c8886c6aa5bc5a6f02845118d92253a506ee63cdb8dd492a1c9211ca4641b669adfe58347a7a1d2fe3a74c5de3a09d62879fd667055fba4d1f1553a4635f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\tls_client\dependencies\tls-client-64.dll

Filesize
320KB

MD5
70fc9ab0e4f7839a0fa24009a348b009

SHA1
ee453f2fe2ad4a3c529bb16e9e471a7923328038

SHA256
daaaea43d733a51afd7ecfb0a8d5ba7f9adf30e9d399e49c7785ef758cf4fe78

SHA512
d3132e6a87614fce1e96c69c6bb81b2d8eb2c482d77ae1c10532c9f8a82a801858a761d2555b21c42c81b94f544b3bbfaa68540b2cbe54d1430407c0b316cb1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\unicodedata.pyd

Filesize
421KB

MD5
2b22fd4c7e8bd942136d031d315012af

SHA1
61f25cb9271217ff540d69cb941833e74fb3000e

SHA256
0ad1d0a72372f0c2bbd58f9448f40cd3969902602e5b73c53a25886b7c4e9b30

SHA512
b6cabee098335ae79354a1dfeb13175723f981135f55ce7f4bf78c512637529cc05d110433f43e02031be67866fdeff7fef07cd43bcd9bcd781b8453ff38e273

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~2\zstandard\backend_c.pyd

Filesize
495KB

MD5
a34c31c09f687e9134322d7b0feb2681

SHA1
bc616b11ecbabbb9a96d8c1ab9bf2fa86ea77271

SHA256
050a5e8285e138b927f4fd81f93aaf4b05725434d2b19514e77c0060005f1a61

SHA512
38b8a22bc944693c3af1a650082808c571002fe70986571879298bae6ce25f9ec7ea80ecc983e399851819ea268c376d068a599a03054a76c5fdb124a52b5327

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\loader.exe

Filesize
5.2MB

MD5
4f7c98c47aaabff89c8392648e623a2b

SHA1
53b1375d55f8f087428bf5d9acb90a45014d7c9b

SHA256
0e469acbbcdd572785b2bd0afb241d32f7cac300531bbb9afa914f24e5190041

SHA512
cc852023992552fe19368db101420d533161386fe2811918b178b5d05ca2ab4318ea6e106b7eeae74e2fc3d17b8bb339a3ea9c89a3f55a75cfb84e95c3347871

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_408_133541350003974845\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\_ssl.pyd

Filesize
172KB

MD5
a0b40f1f8fc6656c5637eacacf7021f6

SHA1
38813e25ffde1eee0b8154fa34af635186a243c1

SHA256
79d861f0670828dee06c2e3523e2f9a2a90d6c6996bde38201425aa4003119f1

SHA512
c18855d7c0069fff392d422e5b01fc518bbdf497eb3390c0b333ecac2497cd29abbdae4557e4f0c4e90321fba910fc3e4d235ce62b745fa34918f40fa667b713

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\_uuid.pyd

Filesize
24KB

MD5
4faa479423c54d5be2a103b46ecb4d04

SHA1
011f6cdbd3badaa5c969595985a9ad18547dd7ec

SHA256
c2ad3c1b4333bc388b6a22049c89008505c434b1b85bff0823b19ef0cf48065a

SHA512
92d35824c30667af606bba883bf6e275f2a8b5cbfea2e84a77e256d122b91b3ee7e84d9f4e2a4946e903a11293af9648a45e8cfbe247cbdc3bcdea92eb5349c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\charset_normalizer\md.pyd

Filesize
10KB

MD5
723ec2e1404ae1047c3ef860b9840c29

SHA1
8fc869b92863fb6d2758019dd01edbef2a9a100a

SHA256
790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94

SHA512
2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\charset_normalizer\md__mypyc.pyd

Filesize
116KB

MD5
9ea8098d31adb0f9d928759bdca39819

SHA1
e309c85c1c8e6ce049eea1f39bee654b9f98d7c5

SHA256
3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753

SHA512
86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\libcrypto-3.dll

Filesize
897KB

MD5
963d4770d8cdd3703f4d605c81c1ed8e

SHA1
ea2cb51b694de07b802f58fab868a4a1596cc485

SHA256
148fca7b74601300cdaed00b76f78b340b588a77a7b69482fcf59d015b0ea9f1

SHA512
0b2d32dc4e430731ed8fed962e3b6591fd7cf96974899625946ab8b6db81edf6cb70911ab9fe75cfa205b1fff6c66b2b28541616142f1a89ea900cc8a743438e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\libssl-3.dll

Filesize
471KB

MD5
bb3a46df467d9f6a9fc2cd71f0a1f41f

SHA1
3e0f0e7f5507b544ef6284b959b6dcb42c3bc4bc

SHA256
244f87055d0eac9fc402765a350cca30883181f30cca5a7ed8aa6728c180b880

SHA512
cf1cc8130c79b2b38d0cfa235536b9d26f824cf5e1db5752abf2dbd4024e6dbd445e92a6eced8160b2da524c3ffed10e3b00b6f09fd094f639fc78ef764ce3a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\main.exe

Filesize
734KB

MD5
278d76d26e0be6966aedf3b2adf87f4e

SHA1
6a6d65e8b14d3a63efc1acb009b8f9ef178b8c21

SHA256
5a1b3bcc8ae69c9392cee71d86b1b835e7614e705181c7426ad188adb6e7f167

SHA512
4612a1aed50a4a5d28b67f4bf180a45f67dc1c851c8d7a61da304e12d68e83e60f52c82b56ed52a07f0ad7136516def0dac4e6b95a908fb8d4dbb8a158f2231b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\main.exe

Filesize
825KB

MD5
c455c602cc69d375d37acb9f9e226b4f

SHA1
90066b576074a05e9d136ebe64496fe715a5b3d4

SHA256
8d29c5729f049e5cbc38a4f8989b5dd1d1ab51bf34dcf93a7705de68d17827b0

SHA512
45bdacfbfb596294c9a4472cfd343ee2aa97b04a7f644c83bd0ad2bdd3be26dbc1beb6fdb825d1cb6a6952bb5f1c11480c32dee99bdb798733abbe0dce8f5279

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\python311.dll

Filesize
551KB

MD5
2521eeca602dbabf1788340af4dd019b

SHA1
a15f5c4d38f72d24a8001ce3f7e045d98618973a

SHA256
bba8f382ba596b7b0bfcc41c24eb2863a5dce5780d3ab3840dfd005380b2332b

SHA512
06ee80a594909371289839e0b1e3a65680eabcad38245a9b1f032ae676c5895b43f4aba8403773e7c720ecab9239510fda2558f9ea4ad31f90d3b15021caf5ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\python311.dll

Filesize
700KB

MD5
4251c84fe4674ce4fa40ef3dd069f6fd

SHA1
4f58c1e99e2e9e55938f54d181f75a2cb550211a

SHA256
78a6e1a9bceec4c473b995d11bf761be61e231f8a928858e777ada4310a61001

SHA512
5fd1e5f63b7f93667e6bb77c28deb169f3c9d76a3db65990fdf84c1d52c7324ab0eaddfaa9d25ed1ebadc88177f2f4c43adddd3e4e0e97e83c6ceecb921b49f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\regex\_regex.pyd

Filesize
353KB

MD5
7ff640e92862e8444f75964ff1392892

SHA1
90f94dc6d795bd13223296c7372d79559fac0b21

SHA256
20ad6d68dc04159cfbf0fe45dff94b358abbcf1572e09387909ef65530a69ba9

SHA512
7266afe268576d2a330bab7149a79d4fde8e824e1f828053cd4c4d7f77feb66d119066af2a8242373d205a3aec850b737348030e4bbcbe8593d2d4694eec7576

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\select.pyd

Filesize
29KB

MD5
653bdccb7af2aa9ccf50cb050fd3be64

SHA1
afe0a85425ae911694c250ab4cb1f6c3d3f2cc69

SHA256
e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279

SHA512
07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\tls_client\dependencies\tls-client-64.dll

Filesize
242KB

MD5
1f99adb344c9f08062e8c44a8697b507

SHA1
800c4453ae9691afc4e4aafacaef59678129d2f7

SHA256
5ab211a7128fda712e8014bcb22a4482efed8ae827dabad10403cde826a2396b

SHA512
d14c681f2605659dd17c81c9f15052d824b9a5207979645ba8d234f10922b4e26a6cddb522d763f9f75125766cd64b1acf06ac61c3dc4b07be0a1dd717f6417d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\unicodedata.pyd

Filesize
464KB

MD5
cee7a7e4ec81412e66a550c1752bd1ed

SHA1
d9149491c94bd2a742242bc9015b8ee953e82c81

SHA256
c96dda79762665a3dbc68c28b239e94196be257e5f457ebef6f71018167f143b

SHA512
4ce54df0ee71a0e33f34f7b3b27e495e6947ec2d906776d0b3ee3e12eea19c38979e2c6c668b06af477df0827bedcf112c5c00e2c440b8578f446bf982702af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\vcruntime140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_8_133541350009958013\zstandard\backend_c.pyd

Filesize
472KB

MD5
3ab45fe55078bffae6b8bd204a51c27f

SHA1
63abf77ba63bf4b46b22985d2f2b5c297ace97a7

SHA256
fa661c5843fbd9a94ef7ad2d8a443aa8dac5eca2132a87062cac1776d0c0a7f4

SHA512
fe8711c8cc6775200cb8f5cbb8713c733b444de12a8a0c952c46f7c4dd208e43be78acb8c090b05dc98b971e114108a0a4ca85beae8066e6408556082ebcc4af

Download Submit
memory/408-130-0x00007FF78CD00000-0x00007FF78D215000-memory.dmp

Filesize
5.1MB

Download
memory/1628-119-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-118-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-121-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-120-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-122-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-123-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-124-0x000000006D0D0000-0x000000006DAC4000-memory.dmp

Filesize
10.0MB

Download
memory/1628-131-0x00007FFF96FD0000-0x00007FFF97F5C000-memory.dmp

Filesize
15.5MB

Download
memory/3832-125-0x00007FF701E00000-0x00007FF7027C9000-memory.dmp

Filesize
9.8MB

Download