hxxps://cdn[.]discordapp[.]com/attachments/967515259864768522/1217159276125093908/NitroGeneratorV2[.]exe?ex=660302e9&is=65f08de9&hm=7397b06e56a8ddf42ab3cfada67ab44457cc97934b001c0892d45aa03628f09f&

Analysis

max time kernel
300s
max time network
302s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
12/03/2024, 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/967515259864768522/1217159276125093908/NitroGeneratorV2.exe?ex=660302e9&is=65f08de9&hm=7397b06e56a8ddf42ab3cfada67ab44457cc97934b001c0892d45aa03628f09f&

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4244	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe

Loads dropped DLL 16 IoCs

pid	Process
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe
628	NitroGeneratorV2.exe

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002a7ef-364.dat	upx
behavioral1/files/0x000100000002a7ef-365.dat	upx
behavioral1/memory/628-368-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp	upx
behavioral1/files/0x000100000002a7ed-373.dat	upx
behavioral1/files/0x000100000002a7e9-390.dat	upx
behavioral1/files/0x000100000002a7e8-389.dat	upx
behavioral1/files/0x000100000002a7e7-388.dat	upx
behavioral1/files/0x000100000002a7e6-387.dat	upx
behavioral1/files/0x000100000002a7e5-386.dat	upx
behavioral1/files/0x000100000002a7e4-385.dat	upx
behavioral1/files/0x000100000002a7e3-384.dat	upx
behavioral1/files/0x000100000002a7e1-383.dat	upx
behavioral1/files/0x000100000002a7f4-382.dat	upx
behavioral1/memory/628-391-0x00007FFC0AEC0000-0x00007FFC0AECF000-memory.dmp	upx
behavioral1/memory/628-374-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp	upx
behavioral1/files/0x000100000002a7f3-381.dat	upx
behavioral1/files/0x000100000002a7f2-380.dat	upx
behavioral1/files/0x000100000002a7ee-377.dat	upx
behavioral1/files/0x000100000002a7ec-376.dat	upx
behavioral1/memory/628-397-0x00007FFC02700000-0x00007FFC0272D000-memory.dmp	upx
behavioral1/memory/628-402-0x00007FFBFF010000-0x00007FFBFF034000-memory.dmp	upx
behavioral1/memory/628-401-0x00007FFC026E0000-0x00007FFC026F9000-memory.dmp	upx
behavioral1/memory/628-403-0x00007FFBEE8A0000-0x00007FFBEEA16000-memory.dmp	upx
behavioral1/files/0x000100000002a7e2-371.dat	upx
behavioral1/memory/628-405-0x00007FFC02080000-0x00007FFC02099000-memory.dmp	upx
behavioral1/memory/628-407-0x00007FFC07960000-0x00007FFC0796D000-memory.dmp	upx
behavioral1/memory/628-411-0x00007FFBF89E0000-0x00007FFBF8A13000-memory.dmp	upx
behavioral1/memory/628-412-0x00007FFBEE370000-0x00007FFBEE899000-memory.dmp	upx
behavioral1/memory/628-416-0x00007FFC06D10000-0x00007FFC06D1D000-memory.dmp	upx
behavioral1/memory/628-413-0x00007FFBEE2A0000-0x00007FFBEE36D000-memory.dmp	upx
behavioral1/memory/628-418-0x00007FFC01A00000-0x00007FFC01A14000-memory.dmp	upx
behavioral1/memory/628-419-0x00007FFBEE180000-0x00007FFBEE29B000-memory.dmp	upx
behavioral1/memory/628-444-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp	upx
behavioral1/memory/628-447-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp	upx
behavioral1/memory/628-446-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp	upx
behavioral1/memory/628-448-0x00007FFC0AEC0000-0x00007FFC0AECF000-memory.dmp	upx
behavioral1/memory/628-449-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp	upx
behavioral1/memory/3796-450-0x0000024C7D8D0000-0x0000024C7D8E0000-memory.dmp	upx
behavioral1/memory/628-451-0x00007FFC02700000-0x00007FFC0272D000-memory.dmp	upx
behavioral1/memory/628-460-0x00007FFC026E0000-0x00007FFC026F9000-memory.dmp	upx
behavioral1/memory/628-461-0x00007FFBFF010000-0x00007FFBFF034000-memory.dmp	upx
behavioral1/memory/628-462-0x00007FFBEE8A0000-0x00007FFBEEA16000-memory.dmp	upx
behavioral1/memory/628-463-0x00007FFC02080000-0x00007FFC02099000-memory.dmp	upx
behavioral1/memory/628-464-0x00007FFC07960000-0x00007FFC0796D000-memory.dmp	upx
behavioral1/memory/628-465-0x00007FFBF89E0000-0x00007FFBF8A13000-memory.dmp	upx
behavioral1/memory/628-466-0x00007FFBEE370000-0x00007FFBEE899000-memory.dmp	upx
behavioral1/memory/628-467-0x00007FFBEE2A0000-0x00007FFBEE36D000-memory.dmp	upx
behavioral1/memory/628-468-0x00007FFC01A00000-0x00007FFC01A14000-memory.dmp	upx
behavioral1/memory/628-469-0x00007FFC06D10000-0x00007FFC06D1D000-memory.dmp	upx
behavioral1/memory/628-470-0x00007FFBEE180000-0x00007FFBEE29B000-memory.dmp	upx

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3896	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547377875560291"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NitroGeneratorV2.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
3556	chrome.exe
3556	chrome.exe
4152	powershell.exe
4152	powershell.exe
3796	powershell.exe
3796	powershell.exe
4152	powershell.exe
3796	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe
Token: SeShutdownPrivilege	1764	chrome.exe
Token: SeCreatePagefilePrivilege	1764	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1184	1764	chrome.exe	79
PID 1764 wrote to memory of 1184	1764	chrome.exe	79
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 2284	1764	chrome.exe	82
PID 1764 wrote to memory of 408	1764	chrome.exe	83
PID 1764 wrote to memory of 408	1764	chrome.exe	83
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84
PID 1764 wrote to memory of 2184	1764	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/967515259864768522/1217159276125093908/NitroGeneratorV2.exe?ex=660302e9&is=65f08de9&hm=7397b06e56a8ddf42ab3cfada67ab44457cc97934b001c0892d45aa03628f09f&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc032c9758,0x7ffc032c9768,0x7ffc032c9778
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5284 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3964 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5616 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5912 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2428 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3808 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4616 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5544 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4960 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4012 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6096 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1440 --field-trial-handle=1828,i,7967765412846395853,14593783189004131527,131072 /prefetch:1
  2⤵
  PID:256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2664

C:\Users\Admin\Downloads\NitroGeneratorV2.exe
"C:\Users\Admin\Downloads\NitroGeneratorV2.exe"
1⤵
- Executes dropped EXE
PID:4244
- C:\Users\Admin\Downloads\NitroGeneratorV2.exe
  "C:\Users\Admin\Downloads\NitroGeneratorV2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\NitroGeneratorV2.exe'"
    3⤵
    PID:4956
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\NitroGeneratorV2.exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    PID:3588
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Python 10 or over must be downloaded', 0, 'Error!', 0+16);close()""
    3⤵
    PID:1352
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('Python 10 or over must be downloaded', 0, 'Error!', 0+16);close()"
      4⤵
      PID:308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:4468
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:2884
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
a6cf145a9e07c8b653a9d58e2eb393bf

SHA1
9bc2f3fd39587ab57b0d0142f6e53410f516fc34

SHA256
96a82d7f642c5bb969c7203573d4d2b240a3f59ecbaf8a59970788c59d777166

SHA512
82b91b1077601c8334b06cf2e182c034f158b262b279fde67f1409a1aa7561314b6014e35ac3c856149d82ce94edc10078b8e198e6562d24bd6aba6ba6f1740b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e001a4e8400eff2_0

Filesize
18KB

MD5
360e24ec74f678ee6ac09ef3a6a31e32

SHA1
bf6b455a2ae6eeadda95e913312bacdeadb75cf4

SHA256
b21955d6b7f7fdde5d38a3ce5f42dbd8a7532d071c8eac090ffd7d9e83b48814

SHA512
10ff241f13d58b6cf804fc916de7e029706814d7de8321748fd1874a3990a26631e7ac81dfe4ddfe91142bf6cd03e24922a60b84b217819496c1cefac8a837a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b3de0a031929b851_0

Filesize
400KB

MD5
316e7ba9c4a8dbdcc5fbdc11e3cfa21c

SHA1
9c51dec23217212930a78d17b3916029df22982a

SHA256
78e74e32f6ec58b45bdb430ad2254bed1ed9008821798aec50c0166a40cff48d

SHA512
13d4eff735cd9be789463e4384d465dbc7c84a786bb306f75ad5e2fccc14c38533ecb375e109ebe3dd74f2a332d7e76a8e5aaec0c1c0d87e780a219e009658d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e3c18d78cffa88a0_0

Filesize
280B

MD5
8ff171fb858e79bd7dbeb75b39e42a17

SHA1
5b341bd906a9011ea99be07beb4e7126bf8ef629

SHA256
737bf767bcd25df13ec1fd86b13c8a5eca83ff7cdb83c3e99929aeb26c4945dc

SHA512
7e0105a37205e66e62030bcb27e247e7636d86e1ff3c6f4a63b35e9e3026142d49c20ca66299a94cae74a895a74832329851b71ffd2ade6dfdfd257521aa6f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b2d68022c265b5d90e7588aff379fd73

SHA1
6c308b7e360ab1414398d6cccb311f073b95c64d

SHA256
6c67b94878156daecf1c0c6cc6e6265590e67742167aaedc86b9ca38d5b9cce9

SHA512
e70e9380a32c79abfde7fdce5aecc000c3320eb97675d9818d17ac1aabf1c4af88a5a39c179deb5a26af3682a95a0a61570504bf973a0213362c7926c8d15938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0891f97d35065925199ed2490cd16dc1

SHA1
2a7a322240f6eed9096d80de5e5e1488b412e3a1

SHA256
f7fca636a983baaf0d3262eaa96117e1151393c64cefebe1fcc4e03bf9cb911c

SHA512
f4e55c0a0187875481775dbc1ab30bd6bb78bbcda499859912889e7c694974e4d130b6544b32cf5b5080722657b98f8664f4bc9aee5cca8ea3b8648384ad5808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0a6bd88fea6b85b53270761487f276a6

SHA1
b2094cc3776947efa4797f0661992d8bea5e5a26

SHA256
a592962556cd51cad6d341b33a3263d4a3cc05070f7324d7ef844780555e279f

SHA512
5283c40e69c2c578d3087f56878626682dff4e73470127b0a5c770f14c6288c9069e131cf9f28084e7f76ab1d59c6826d214d15f06080200b76e9d06d2ba29d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
baa60893b86618c4b82026faedffabb8

SHA1
ee9d634eacb2338124dca0bd7e52493eb4e0cf91

SHA256
06b61023f9ff74e11026a93f913eed14e980db010cabdfae103e219bb0c561a5

SHA512
01339f7cf3d0b92da919437ad3dcb16304a175c6d8a8d23b0d164ea7bd001b5d82e5e10e1487e302e08f093c20a4bb157ad843f7af182109c4785b9116555344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c8326865e8e3d8849a234fd75152b586

SHA1
b1bd765eccbd82969d38c0c66b49c3550f1587da

SHA256
46edd2c079870afebc2666fd99b68f0ae82e32fbe4b475ae83c400b8beb271d8

SHA512
0b7509616491a77be78bfb5c1fd29f1abdfcbf318849ff07de9a443bdfeac71b4899c4348cc9d43d534ea1b55cb6f58559652fe0c803238ee7927651a7cc70d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fa759c3d0c2a33df39ab00ba95a63aeb

SHA1
07d65483d29cd28de16e6f25001a22853886bb3d

SHA256
214f6b550a2049fc0393d42f97417e8fd98f29a6481a90b04be0b20746309300

SHA512
38adc0f3828d1f095c9ba454516e080fb929b4bea01e261a5bd0e23eaf1359de1440668540912d0d5f1f393de8d651072b7f01f704caff0cb1a57e0304df436b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
67742d8b21f2e0740172a9342805a8f4

SHA1
5e077cbe5561b2dd1fd6b71d27d713044795c1ee

SHA256
fec80afddf275d2261ec3659441140687857f1ffb4d4f94371e988bdde6da72e

SHA512
ac272e7246797a056ff71058c96f967d094d92054f8f76f9ee3be4c09e890fcdf398554d49710733fdd74079dafa1a0cc77cd9cf53797f0747e8c8d77a55dd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aac25deafc6f13b4d4617fae19a984a8

SHA1
dd196a8f0361682b2048101b1e0953be49b6e0fd

SHA256
28caf412c0f92bef0034b0ae395e6cce9aa8e6987d3ac7b1ed489b17ff5f626e

SHA512
2027442c1d508612deac8c95a685a4d560e34e62262cdee27a3ae0ceac6b78449d82d93ce35803e21014f41c602b8e20bb6539bdfff9d5e6f42dba906f4b6386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
70981bf462b6c143d2fa00fdb39191b6

SHA1
6635ea05d68c5b2d1147b5ffeb9724bdacb87696

SHA256
dc63dc6ea5ba9d39e8a73673da8af103457ff452edac54b3d6466d2ecee6563c

SHA512
75caf0634374ec8f7a613681b7bbabb663019b2c78478ede31aa5a52adb1e9f22f6cb8b61e1bcce78daa24c3e4b50cdffd48c456b030d31412eba31de4124782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
50de01e97fa92f2a9a560e98c98f4eaf

SHA1
26f56cf9925c6ade4865f772b8cb72dae33dc3a7

SHA256
beccfdb84a26186b71123480d986ff463282a1810572d6d9952ab23986859819

SHA512
0f18940774001aef1163def2adcf1de7e7d8fbf99e5c12b2adf44a8e4dcca0948ff6acfedf9eec3830f34e01d0b499c0c95eadb6a6cf2ed8629d077dc1eb50b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a6c4d2c69896021da3e44a08a2ba964c

SHA1
8630a9135cfb9f52622f9985c1f879be1eb3baac

SHA256
1ab2190bf96dc922a15dd1376ffbcbfacac108b284e95d0fcf2df68f250cd129

SHA512
c415b29d4a635cc8ead903892363f8b323c48d59d95f54039cadb2b47eac6336dc852fc3aca7af00bbf6cd1e0b915ae5bbda855eb90ad50bd1cf85863f6208b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d6dc0028b538babdb3250db533b93379

SHA1
318590c76ae65a26f71a145454aa6289a801f71a

SHA256
d8e5709e28a784cc6df2666fa7c3bf1fcc34cd355d5ae9375031c3131a73a525

SHA512
b363a70045684d0013a8daacd344ef0894fdff9fb9b821b165f7a85dfe19a26735d14449250f342d0f10903f2997edfa988aa8e7ed5fa63cbe31214a44aee6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
45d72f94ed659d4b7174feacb8423d68

SHA1
25b134e63b94ed1dbca0b53fb445718666add396

SHA256
a2dc0f971ee3789f0211a921ef97ba8a2b9c9aa7434f40b84cf2b30abf40e370

SHA512
0fcc4ac327d72633f78db4a7c9005d6c10087c51d2b48f720c690c2bc5c77a3963e5d656ea0546e9f6ea3c23ae367f74a82c40e95de0db39400a08127c5802d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dfb4103a5725f6685026530148beb591

SHA1
b5112d00e46b7c6d220149c3cdfa396343307857

SHA256
e6e06b3c1e7ca839a870124f850f2d9a48f920256d77a9af1884e9b511a57b08

SHA512
d68dc7ef62fe75b800b4447cfe363aff3524f49a345b98295f53b6aec0f7ea7bfca7126aa73b8b8b5b39357600b4d53c50a499edbea98628fd9ac5b41ded0ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b876625eff12fe5cb36037c926fa548

SHA1
1e30abf8c3c0e4d64edf556c8fa9b465172123e4

SHA256
ea7e9bcc0fc1c6f7e2bc145cd5ff662957627eb8649dde60489f1e55749650b2

SHA512
a7d0efacf7df7ed83d2614cd6f374514b3ac8fd2990e85ff1781f646d2c3468453c489db34ce1834fff4463510dbe2dcecfe7082a3a76a7a0b50e5ddfbf22d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e03f7aeae7e2d161a17156cde5bc9b2

SHA1
5ee05d588caec13b57972991524d6831c8f2e148

SHA256
2c240a29d8959b01f26709871cc8f5d2d583fb3180a938ad9bf6694dd75064e4

SHA512
e92da8b86212c7de0284ef03b7df0c20ec3bcefedd752c12017bbea1458fcb2c2756d3863f435e998fdcb3ab56c37013d17790c17518ca1ff734bfc2dd33e70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
880b760c07f3e01a9d812a8b4e325ccf

SHA1
3c1730adeec9f3cab06ada8fd8eba73e636295a9

SHA256
8212575ea276d1ffe25f436f10c600508ed8854c08e868540af6fcc8c3259229

SHA512
a5d5ae097333d5ed377aa9115a6125389071795b55c9cc57892a0415cdb6f026ec439befe9891bcff761879e4d98d15c7f7c7b762f166bb493f29293631ae2d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d55be55dcb9754b67cd760e9b9b6943

SHA1
4ed06c532f688abb1e9e0e1b6e9b8c8f41fb46ce

SHA256
f5375a8ec5ecec243605b76e9bb8938ad85e996579657c0ed1b3ca255956c17d

SHA512
57d8176092312b999c935acc2ecc9bae26ad09b9509ed3bd559f79712f041b2008305b5cf23ba1d7cb94070912d910c20332c23fee6ab4d904281542ce2eef89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59079cc603349690308e9d7dbdbc67f3

SHA1
c12444fa712b8aadf9960fe261d09f2dec0dad1d

SHA256
e8859b4e056e4c1ab095bb1dfadcf89d6145cbe24932946db6ce00b108992e62

SHA512
36a3a4d60ecae4eb3a34e602b7e3a4b40e46978377ae78a44ad7b50b273c02aa4db3b3018927d369537e3a40482d4b0cedd348dd76e53f27416721f4b8fa6b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8073851e766c4ac118708ab5664f7162

SHA1
826993a28c376be47d588bc644033e00ae491910

SHA256
24b34f1524340000471b5a98214f6fd74455623e739e78475bd3ab9fa5ab6a2e

SHA512
7bb6859cdd8181f18bdda865ad850fbf50c47a58da62b5b2cfd77790eab3cf501fabc53201dfd58ea990482b235d2b6a45d391c2051b1ec7e79281418a732115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e79577361ec9eb0f9a22675ddea2051

SHA1
6d2e6a10e304e7b3459df8f16a25341b1b1871f7

SHA256
bf2548c6e1fba9bbd4eee5c025f10039aea91ccea96c3cabea03c0ed54a14aa2

SHA512
bb2d45ee3ad6ca4b05d353a336aa51a3b3ab31e411068fe2cf6b7690d896f632b0f8c582c34a675a4515e70b23e78346d0d9399d56a9565ad27bf22279897650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ee49694c34332a3a7e279c8b4bbde135

SHA1
6428a9956fba9e97271df272c37cba79fee83dbe

SHA256
0253366cc9a6cb90919bcad410ebe32503a2ec73997f722a8963fb75ad12e018

SHA512
a9d5f36e494f73f10e71762c6737183b78c26e5136e9d562d47ebcdb3dee9ac5f7fd039d8c43601929d1380a1672f94a7d104831e6677b0a7f269f8c3f3e1305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
45b5a8bc8cb754407358a80ea110828d

SHA1
d03565f91adeee7e0c9c50d217558d3436dd2d0a

SHA256
ed9e4d9694f1c827c73135dee423955ef592a8c041f9e48e189b82647c51e0a2

SHA512
7679959488bfed54b2d11f0ff9e8109788e4fbaf969824e8ace09a9ac90b2645c74f8e3db2234a34f6f5bf7a3f8783d229325a7a58208ba96d3155907ad652b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8a958e1ab3dbde291dae5ee169d09e96

SHA1
b71fa10b7b5f61c321c77e82023ed2e1f9e3d65a

SHA256
4f2fecbb50e5965d40cadf8834efec95fc6a567872315693060ff25c4c01e675

SHA512
bc6b43ece37925cf531eb25a1795c4b43f0d3f802ad231f687587606f41085c33d8b703629dfab8a524440f7b5e5227a12658ac3a40e59bdd8c190e74e2c3d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ba673ca48ec9d5e1ff1fd4ed42468914

SHA1
8f39d323e0cbb379fa66b2612f07f239db1be170

SHA256
78cc638fd318d5a7477c61ec418229a7d9aa7cc1acc2d590d9a142bb38204fe7

SHA512
9b91fcce0c44fb2383c62252dfb1c6b8c15e526337003126c5877a87e5486e4175f6dba111e9b47a8cf8906848bb7d730aa1603d7554a4ad6fff2291a948dc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
03fc4071ae49903a364901964c0b1af3

SHA1
bd730b84a0b95051eb812dfeb0c4c02b07c7fa60

SHA256
e69999090a9a7698ff78972c8cc2bdbd6f1b946a009ea244a0841f327c03aa1c

SHA512
2c31d93f765be90b7ef4d3cd34f13d0f1e316660905a1f2560bed186e5620f6108f6994a9f68664fd734065e6a489aa5f9f9dacf31490eb93c31380a9f5b8efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
ff222ab6f955bd1a3d7fb31159a4ed5b

SHA1
d4668421640a25214560814210856029d9236853

SHA256
a3e4b9bca64ec2bc016bbf1fc2a3df2c63c026ee57044d8cdffdd15249ff8f59

SHA512
796735730b67de58e52ae7ca4cc71d46b3a0b27ab4f64bce98064c240fbd3babf6706254bcd64a65c911bb3a97e3b1f1a46eb17e50d68ee64e68337894ee1860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
d83139ea31f601b487b5d3622789362b

SHA1
90050a27de3164338c7b0af61a49886bae332384

SHA256
4c2c42dad34ee8cb4454e64ae39434c76b137cf28581bb8e514adb9ed08ec792

SHA512
5b46772d264286567a32ed5879f29f8b93dff4db997ea44afe3cde038831f77f9ad1b5211c48fcba783e467475a816ab2fd3f8f68031cd3efb3876f47a7aec0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cf27.TMP

Filesize
98KB

MD5
ee85707992f9a0ba2f2952f515455b43

SHA1
90f729a96609cad3274d12f64477f758ede41dd6

SHA256
975defbc419d5f541e618e2964bbefecbf7c4db16d40506a45a6e8e7a46489d9

SHA512
9cd5708fcb8587d29bac7ed6f514a9fa02fca4381e9d233aabb9e9730505644f0c6f56f3ac421af202e8d3f03571301e18d2b01befc0a93f9434f2bbbb3b3f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
e3840d9bcedfe7017e49ee5d05bd1c46

SHA1
272620fb2605bd196df471d62db4b2d280a363c6

SHA256
3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f

SHA512
76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_bz2.pyd

Filesize
48KB

MD5
ba8871f10f67817358fe84f44b986801

SHA1
d57a3a841415969051826e8dcd077754fd7caea0

SHA256
9d30387ee07585516f8ce479fcd4e052597835d4149568c1d8382a4a3a0ae7e1

SHA512
8e23b032b785f37b920206fa3064c5fa0e28949f23b2e985fae26c9a355a6bc33dcd380925091f627d4d7936f0958e90fa7c022d89c73db8a1ea6ad267a1a341

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_ctypes.pyd

Filesize
59KB

MD5
e7629e12d646da3be8d60464ad457cef

SHA1
17cf7dacb460183c19198d9bb165af620291bf08

SHA256
eb8affa4e7a4da15c9cda37c68ac8232d885a9d367b28973473949b205384789

SHA512
974ae1607093161a5f33eda9e0a0ade214700d05eb728c8157e7b7589c587cc1cdefe0132d16d31c2941ed4eec4668428564609a0a2ced983c8b13f98a84801b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_decimal.pyd

Filesize
105KB

MD5
94fbb133e2b93ea55205ecbd83fcae39

SHA1
788a71fa29e10fc9ea771c319f62f9f0429d8550

SHA256
f8e8fbeee7c8454fa42fe47f1da9c63f6b6e631b0dff22c80631f426efcba78b

SHA512
b488f06be28fc8ffd3d8be6b986c7a35ab868198b10943bfa59b9130ebd50354adb9e1818b73ed1f2c92d33d869091e9167346b4430668ca31dd46a845276dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_hashlib.pyd

Filesize
35KB

MD5
3c1056edef1c509136160d69d94c4b28

SHA1
e944653161631647a301b3bddc08f8a13a4bf23e

SHA256
41e4bb3c6064cb9e8a62e17056aea19e3d7e6ff1efc17c18d76118ac4e3b7243

SHA512
a03fcf2af6df72923714f66d26774a39e709fa8ad879d72b838d531692231f68480b5ff65b83358ad6b7b411f4ece7028a8613c3b1177acf1d3c933a843ca19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_lzma.pyd

Filesize
86KB

MD5
ed348285c1ad1db0effd915c0cb087c3

SHA1
b5b8446d2e079d451c2de793c0f437d23f584f7b

SHA256
fa84770ccf4394d046ed69edaea71957306a25def4986ee6650daf0a2c2d3e43

SHA512
28a4c21bdb0bd697e93b276c184bfc5e317d930c4462e655d9d9ef7487168809ee952e32a856304cdd67a76d6b2286bf94fe9b9de6706c8d36a810aa916ce8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_queue.pyd

Filesize
26KB

MD5
048e8e18d1ae823e666c501c8a8ad1dd

SHA1
63b1513a9f4dfd5b23ec8466d85ef44bfb4a7157

SHA256
7285eef53fd485d6093a9aecbe8fc87c6d70ae4e91d41f382a2a3edff7ebc6c8

SHA512
e57e162d1099b696d11bad172d36824a41fde3dd1d3be0dbd239746f8c87f17e78f889c8ad75ffdac89032b258e6f55f0dab82aae21b9d7ad166ceedfe131b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_socket.pyd

Filesize
44KB

MD5
4ee9483c490fa48ee9a09debe0dd7649

SHA1
f9ba6501c7b635f998949cf3568faf4591f21edd

SHA256
9c644a6db56052cf2680476648391b47b603957ffb353ad44a68dac761805ef1

SHA512
c55ddd782cc52d1aba6fd4466ed72387aad4debd3c48315db16aa35d3a5265478d8b197a3a0e0bcf9277004c10b4ccfe8706ab9d0e886d19c0cc4cb406fab4a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_sqlite3.pyd

Filesize
57KB

MD5
b8aa2de7df9ba5eab6609dcf07829aa6

SHA1
4b8420c44784745b1e2d2a25bd4174fc3da4c881

SHA256
644669d0875b33aa7e9d3f1856bc8b696f796ad61c7edb9219f8f0ff1a69531a

SHA512
5587efef4c349a137d785594bb7cbffef19fd418bf7d6fb2a4a3e2107354f5f874eeb7e18799031bde335bc65e4ca53f73793a60c67a5482c7e6d1564894ba17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\_ssl.pyd

Filesize
65KB

MD5
a9f1bda7447ab9d69df7391d10290240

SHA1
62a3beb8afc6426f84e737162b3ec3814648fe9f

SHA256
2bb05f7dbd21e67d2a6671411f8ae503dd7538a6767b2169b3033b695557ac13

SHA512
539e94b59093dcf62d6f1a312d9b6aac27873f6416cde050e756e367b9907a8c0e7a31109a433b206bf023436d823d3d945f695cc7291604c0a24bcd27dc1451

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\base_library.zip

Filesize
1.3MB

MD5
2ed91e6dbdd5593c1ed1ed7a99654c51

SHA1
86aeed274e5e5fefaf6afc8cae4c9d5a1a7a9681

SHA256
aad741ae0a80f6c5c3ef7644ef5c2db8749ec6ea25c5e25bbbfd03a8c614b1f0

SHA512
ed5129fee0f946e34c868debb36a201f5fc363330d50a0562e143dc34f39f9d3f86e1ced35bece899ac60ccd20fec6d23e57e8bc949e24b9414e069ccb58b6e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\blank.aes

Filesize
106KB

MD5
3f2953d814109f04ba3b4c1df0addc0c

SHA1
319e1132d50183fea79e56d6b27e0fc1a00bf742

SHA256
152a45607e8a4e61afb958ebc178dd68b260c792d1c44242201cae8daf70a8ad

SHA512
501b918b20e585935823fb8c36a020d2596db35b87a5f6a752ae17f7d0cd609a98b64ce58e568667836d1187434158a1fd44295d075791ac666d14458221c66c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\blank.aes

Filesize
106KB

MD5
fb9940450c148ed7258cbbfbf0c12214

SHA1
a8289ebb564dc4973221cc474d0ea115368dd79f

SHA256
9c4e81b0544d0f5304f1139f6ed97de0b1f9940770e4d0edd5943cef52a23e02

SHA512
20ae5db3edac3b137c1972d62eb4d6f78acba355de1ed5a9fad9bdd7ee9ea367bf35e2574aac60129186a9872d50d86632ee46cc31fa5190244cdba83faf91ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\libcrypto-3.dll

Filesize
1.6MB

MD5
7f1b899d2015164ab951d04ebb91e9ac

SHA1
1223986c8a1cbb57ef1725175986e15018cc9eab

SHA256
41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986

SHA512
ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\libssl-3.dll

Filesize
222KB

MD5
264be59ff04e5dcd1d020f16aab3c8cb

SHA1
2d7e186c688b34fdb4c85a3fce0beff39b15d50e

SHA256
358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d

SHA512
9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\python312.dll

Filesize
65KB

MD5
440e4eb684e040b7e9b78cba500847b6

SHA1
2a06d06a0b9a2f9c2cb53cc61e1cbd5ea692ddd2

SHA256
29f866da9665d56927cd42424c29c684ca66b92c413cd9907020ee09b6735582

SHA512
ef6ad180eb42e1970205edf38fb75d4b0b1aac70d15301f54f5b032ec5f8e2c3ddd46521fb6ef77c5f52200ef9fa995a4aea2df20cbea2ebcb9f07c139f4b67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\python312.dll

Filesize
1.8MB

MD5
cbd02b4c0cf69e5609c77dfd13fba7c4

SHA1
a3c8f6bfd7ffe0783157e41538b3955519f1e695

SHA256
ecef0ed97c7b249af3c56cde0bfcae70f66530d716b48b5d94621c3dba8236b5

SHA512
a3760ecaa9736eb24370a0a20dd22a1ee53b3f8002195947bc7d21b239278ec8e26bcc131d0132c530767d1de59954be7946dcf54fcbf2584052c9d9a5615567

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\select.pyd

Filesize
25KB

MD5
a71d12c3294b13688f4c2b4d0556abb8

SHA1
13a6b7f99495a4c8477aea5aecc183d18b78e2d4

SHA256
0f3ae1b65102d38f6b33fcbbdadd347aa1b0c09ed8028d4412982b3bd97caf0f

SHA512
ff16cb399b661c170bf79108c62010d32804ead3f6c565b0755a26b62b4f51290bcb71face6cebaa82c0f9b3863aaaa7fa57ddc1e2bbae8598b047d01d15cbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\sqlite3.dll

Filesize
630KB

MD5
ce4f27e09044ec688edeaf5cb9a3e745

SHA1
b184178e8a8af7ac1cd735b8e4b8f45e74791ac9

SHA256
f940ff66960441c76a258846d66d4a357e72ad8fbb6bde62b5e5fbe90103b92d

SHA512
bab572324dcf12e71fb6a9648e9224528bd29c75e7d3b978b7068eca0d6f2cb795165756249f47e1db401267b0a1e5fd06c35b6cf5595a013240f9e3444ea083

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42442\unicodedata.pyd

Filesize
295KB

MD5
9a03b477b937d8258ef335c9d0b3d4fa

SHA1
5f12a8a9902ea1dc9bbb36c88db27162aa4901a5

SHA256
4d6e035a366c6f74660f74b8b816add345fa7f1c6cf0793dcf1ed9f91b6ce6a4

SHA512
d3d8bb51474f93d02837580f53aacf5ca9eaf8587e83cddb742c707a251fe86f14e8e665aa4423ac99d74c6c94d95c7df3bfd513b3d5c69661e604f22dcabebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3x0ro4gb.rog.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\NitroGeneratorV2.exe

Filesize
1.9MB

MD5
1afab991c55bbd074f666fad6cb34fee

SHA1
ec655db60b70bca99087be89c62652867bc87c49

SHA256
76c0ec8afca33f25aa3fc6e9e3b006c7bac2850c729b2a2d61a2114e6d868198

SHA512
9e345e65870036d79925452b5a3a3f6c3cb3b8f25a0ca74209b58d8bfdf378a12e428a4265398eef4fcdfd750575532ba659cfae63f832678843559a4d704a18

Download Submit
C:\Users\Admin\Downloads\NitroGeneratorV2.exe

Filesize
7.4MB

MD5
0f59a5e42b342b7d9b4d8d94c7b3c8d3

SHA1
4164597996e18ab88509061f36cf91c03a9bd312

SHA256
47e26f3acd1d40e565970c71d062e0d33611750cec7d3e18542eeb97c460a580

SHA512
d27fa69dec70b99b49d9e9651b4296f92f16738857a89865587f8b0691d4f2b09fc98c24f8243a77c78fc5310cd165c9f1f6046d342e1564bdbdf9f822bb7c99

Download Submit
C:\Users\Admin\Downloads\NitroGeneratorV2.exe

Filesize
305KB

MD5
4a78b4d126736c8d7b5cfd6086422dd9

SHA1
f083a6314d35879eeed69145f88106d8a6a85797

SHA256
11643fb1a1632b8ae27b103cbaa6d4e157d10508a9e304f72da390f6c8ec2295

SHA512
0040671e48d7593dafed65f06b2fecac1ab7c932033c322989e25b9ad9b1ebb7b5a2db438adeed400872958b5f9a8f260ec3635401ef3b76312f87b400851bc7

Download Submit
C:\Users\Admin\Downloads\NitroGeneratorV2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 677524.crdownload

Filesize
6.5MB

MD5
6804adbf85c7a7cb86f575458d54b76f

SHA1
8e357cc3d6c646121781782c30bedfc6adb00391

SHA256
66452e3e188134a31a8ec54c9a479b7e04015145b75e6a0574b7b22e15835abd

SHA512
851113e88b74022376ef919850611b3d3b33eab629d54498d7aecfda3c27972e411ffdb85999ef2f4a3b3455e5816e25d9bca01ac72840bb24b50451c6f2a15c

Download Submit
memory/628-401-0x00007FFC026E0000-0x00007FFC026F9000-memory.dmp

Filesize
100KB

Download
memory/628-413-0x00007FFBEE2A0000-0x00007FFBEE36D000-memory.dmp

Filesize
820KB

Download
memory/628-368-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp

Filesize
6.8MB

Download
memory/628-391-0x00007FFC0AEC0000-0x00007FFC0AECF000-memory.dmp

Filesize
60KB

Download
memory/628-374-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp

Filesize
148KB

Download
memory/628-444-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp

Filesize
6.8MB

Download
memory/628-397-0x00007FFC02700000-0x00007FFC0272D000-memory.dmp

Filesize
180KB

Download
memory/628-447-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp

Filesize
148KB

Download
memory/628-446-0x00007FFBEEA20000-0x00007FFBEF0F9000-memory.dmp

Filesize
6.8MB

Download
memory/628-448-0x00007FFC0AEC0000-0x00007FFC0AECF000-memory.dmp

Filesize
60KB

Download
memory/628-449-0x00007FFC027E0000-0x00007FFC02805000-memory.dmp

Filesize
148KB

Download
memory/628-402-0x00007FFBFF010000-0x00007FFBFF034000-memory.dmp

Filesize
144KB

Download
memory/628-451-0x00007FFC02700000-0x00007FFC0272D000-memory.dmp

Filesize
180KB

Download
memory/628-403-0x00007FFBEE8A0000-0x00007FFBEEA16000-memory.dmp

Filesize
1.5MB

Download
memory/628-405-0x00007FFC02080000-0x00007FFC02099000-memory.dmp

Filesize
100KB

Download
memory/628-407-0x00007FFC07960000-0x00007FFC0796D000-memory.dmp

Filesize
52KB

Download
memory/628-460-0x00007FFC026E0000-0x00007FFC026F9000-memory.dmp

Filesize
100KB

Download
memory/628-411-0x00007FFBF89E0000-0x00007FFBF8A13000-memory.dmp

Filesize
204KB

Download
memory/628-461-0x00007FFBFF010000-0x00007FFBFF034000-memory.dmp

Filesize
144KB

Download
memory/628-462-0x00007FFBEE8A0000-0x00007FFBEEA16000-memory.dmp

Filesize
1.5MB

Download
memory/628-463-0x00007FFC02080000-0x00007FFC02099000-memory.dmp

Filesize
100KB

Download
memory/628-464-0x00007FFC07960000-0x00007FFC0796D000-memory.dmp

Filesize
52KB

Download
memory/628-465-0x00007FFBF89E0000-0x00007FFBF8A13000-memory.dmp

Filesize
204KB

Download
memory/628-466-0x00007FFBEE370000-0x00007FFBEE899000-memory.dmp

Filesize
5.2MB

Download
memory/628-467-0x00007FFBEE2A0000-0x00007FFBEE36D000-memory.dmp

Filesize
820KB

Download
memory/628-468-0x00007FFC01A00000-0x00007FFC01A14000-memory.dmp

Filesize
80KB

Download
memory/628-469-0x00007FFC06D10000-0x00007FFC06D1D000-memory.dmp

Filesize
52KB

Download
memory/628-470-0x00007FFBEE180000-0x00007FFBEE29B000-memory.dmp

Filesize
1.1MB

Download
memory/628-412-0x00007FFBEE370000-0x00007FFBEE899000-memory.dmp

Filesize
5.2MB

Download
memory/628-419-0x00007FFBEE180000-0x00007FFBEE29B000-memory.dmp

Filesize
1.1MB

Download
memory/628-418-0x00007FFC01A00000-0x00007FFC01A14000-memory.dmp

Filesize
80KB

Download
memory/628-416-0x00007FFC06D10000-0x00007FFC06D1D000-memory.dmp

Filesize
52KB

Download
memory/3796-420-0x00007FFBED600000-0x00007FFBEE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/3796-423-0x0000024C7D8D0000-0x0000024C7D8E0000-memory.dmp

Filesize
64KB

Download
memory/3796-422-0x0000024C7D270000-0x0000024C7D292000-memory.dmp

Filesize
136KB

Download
memory/3796-455-0x00007FFBED600000-0x00007FFBEE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/3796-450-0x0000024C7D8D0000-0x0000024C7D8E0000-memory.dmp

Filesize
64KB

Download
memory/3796-445-0x0000024C7D8D0000-0x0000024C7D8E0000-memory.dmp

Filesize
64KB

Download
memory/4152-440-0x00007FFBED600000-0x00007FFBEE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/4152-459-0x00007FFBED600000-0x00007FFBEE0C2000-memory.dmp

Filesize
10.8MB

Download
memory/4152-443-0x0000021BEED30000-0x0000021BEED40000-memory.dmp

Filesize
64KB

Download
memory/4152-442-0x0000021BEED30000-0x0000021BEED40000-memory.dmp

Filesize
64KB

Download
memory/4152-441-0x0000021BEED30000-0x0000021BEED40000-memory.dmp

Filesize
64KB

Download