hxxps://github[.]com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot

Resubmissions

10-04-2024 20:07

240410-yv55fsac46 7

10-04-2024 20:00

240410-yq8d1sab38 1

10-04-2024 19:57

240410-ypd4sadb91 8

Analysis

max time kernel
502s
max time network
548s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 59 IoCs

pid	Process
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
312	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe
4380	c-realV2.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00050000000169ee-446.dat	upx
behavioral1/memory/312-449-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp	upx
behavioral1/files/0x00030000000006e3-452.dat	upx
behavioral1/memory/312-455-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp	upx
behavioral1/files/0x000b0000000168e8-454.dat	upx
behavioral1/memory/312-457-0x00007FFC64340000-0x00007FFC6434F000-memory.dmp	upx
behavioral1/files/0x0005000000000507-458.dat	upx
behavioral1/memory/312-460-0x00007FFC5FB10000-0x00007FFC5FB29000-memory.dmp	upx
behavioral1/files/0x0003000000000717-461.dat	upx
behavioral1/memory/312-463-0x00007FFC5FAE0000-0x00007FFC5FB0D000-memory.dmp	upx
behavioral1/files/0x0005000000009f8d-464.dat	upx
behavioral1/memory/312-466-0x00007FFC5F8C0000-0x00007FFC5F8D9000-memory.dmp	upx
behavioral1/files/0x0005000000016fa4-467.dat	upx
behavioral1/memory/312-469-0x00007FFC64330000-0x00007FFC6433D000-memory.dmp	upx
behavioral1/files/0x000500000001699d-470.dat	upx
behavioral1/memory/312-472-0x00007FFC5F7E0000-0x00007FFC5F815000-memory.dmp	upx
behavioral1/files/0x000e000000009f84-473.dat	upx
behavioral1/memory/312-475-0x00007FFC64120000-0x00007FFC6412D000-memory.dmp	upx
behavioral1/files/0x000300000001684a-476.dat	upx
behavioral1/files/0x00080000000168cd-478.dat	upx
behavioral1/memory/312-480-0x00007FFC5F7B0000-0x00007FFC5F7DE000-memory.dmp	upx
behavioral1/files/0x00040000000168e9-479.dat	upx
behavioral1/memory/312-482-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp	upx
behavioral1/memory/312-483-0x00007FFC5F270000-0x00007FFC5F328000-memory.dmp	upx
behavioral1/memory/312-486-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp	upx
behavioral1/files/0x000600000001692d-494.dat	upx
behavioral1/memory/312-499-0x00007FFC5F430000-0x00007FFC5F442000-memory.dmp	upx
behavioral1/memory/312-498-0x00007FFC5F450000-0x00007FFC5F465000-memory.dmp	upx
behavioral1/memory/312-501-0x00007FFC5F3F0000-0x00007FFC5F404000-memory.dmp	upx
behavioral1/files/0x0003000000000711-497.dat	upx
behavioral1/memory/312-495-0x00007FFC5F410000-0x00007FFC5F424000-memory.dmp	upx
behavioral1/memory/312-492-0x00007FFC4ECB0000-0x00007FFC4F025000-memory.dmp	upx
behavioral1/files/0x0006000000009dba-491.dat	upx
behavioral1/files/0x0006000000000502-488.dat	upx
behavioral1/files/0x000500000001d9f2-500.dat	upx
behavioral1/memory/312-503-0x00007FFC5FB10000-0x00007FFC5FB29000-memory.dmp	upx
behavioral1/memory/312-504-0x00007FFC5F050000-0x00007FFC5F16C000-memory.dmp	upx
behavioral1/files/0x000500000001d9f7-506.dat	upx
behavioral1/memory/312-507-0x00007FFC5FAE0000-0x00007FFC5FB0D000-memory.dmp	upx
behavioral1/memory/312-508-0x00007FFC5F3D0000-0x00007FFC5F3EB000-memory.dmp	upx
behavioral1/files/0x0004000000016869-509.dat	upx
behavioral1/memory/312-511-0x00007FFC5F8C0000-0x00007FFC5F8D9000-memory.dmp	upx
behavioral1/memory/312-513-0x00007FFC5F250000-0x00007FFC5F262000-memory.dmp	upx
behavioral1/files/0x0009000000016879-512.dat	upx
behavioral1/memory/312-516-0x00007FFC5F230000-0x00007FFC5F245000-memory.dmp	upx
behavioral1/files/0x000400000001686a-515.dat	upx
behavioral1/files/0x000400000001689d-519.dat	upx
behavioral1/memory/312-518-0x00007FFC5F010000-0x00007FFC5F04E000-memory.dmp	upx
behavioral1/memory/312-527-0x00007FFC5FAD0000-0x00007FFC5FADB000-memory.dmp	upx
behavioral1/files/0x00050000000168b8-525.dat	upx
behavioral1/files/0x0004000000016867-523.dat	upx
behavioral1/memory/312-521-0x00007FFC5FC20000-0x00007FFC5FC2E000-memory.dmp	upx
behavioral1/memory/312-528-0x00007FFC5F7B0000-0x00007FFC5F7DE000-memory.dmp	upx
behavioral1/memory/312-529-0x00007FFC5FBF0000-0x00007FFC5FBFA000-memory.dmp	upx
behavioral1/files/0x00050000000168b9-526.dat	upx
behavioral1/memory/312-531-0x00007FFC5F270000-0x00007FFC5F328000-memory.dmp	upx
behavioral1/files/0x00050000000168bb-532.dat	upx
behavioral1/memory/312-534-0x00007FFC4ECB0000-0x00007FFC4F025000-memory.dmp	upx
behavioral1/memory/312-535-0x00007FFC5F410000-0x00007FFC5F424000-memory.dmp	upx
behavioral1/memory/312-536-0x00007FFC5EFE0000-0x00007FFC5F004000-memory.dmp	upx
behavioral1/memory/312-537-0x00007FFC593D0000-0x00007FFC593E2000-memory.dmp	upx
behavioral1/memory/312-538-0x00007FFC593F0000-0x00007FFC59406000-memory.dmp	upx
behavioral1/memory/312-539-0x00007FFC56690000-0x00007FFC566D3000-memory.dmp	upx
behavioral1/memory/312-540-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
165	raw.githubusercontent.com
166	raw.githubusercontent.com
167	discord.com
169	discord.com
158	discord.com
159	discord.com
163	discord.com
164	discord.com
168	discord.com
170	discord.com
171	discord.com
157	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_4560_2121100686\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\eventpage_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4560_1939786718\_locales\be\messages.json	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{789E901F-91D9-47F1-A7C8-4BF592D08F21}	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1144	powershell.exe
1144	powershell.exe
1144	powershell.exe
4560	msedge.exe
4560	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1144	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 3136	4560	msedge.exe	111
PID 4560 wrote to memory of 3136	4560	msedge.exe	111
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 1776	4560	msedge.exe	112
PID 4560 wrote to memory of 4176	4560	msedge.exe	113
PID 4560 wrote to memory of 4176	4560	msedge.exe	113
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114
PID 4560 wrote to memory of 1152	4560	msedge.exe	114

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TKperson/Nuking-Discord-Server-Bot-Nuke-Bot
1⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4860 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3724 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3812 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4872 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4880 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6088 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
1⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6432 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6452 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a8,0x7ffc479f2e98,0x7ffc479f2ea4,0x7ffc479f2eb0
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2980 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3192 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3380 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4436 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4104 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2984,i,9946837334607557532,7325410002247836148,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3544

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1144
- C:\Users\Admin\Downloads\c-realV2.exe
  "C:\Users\Admin\Downloads\c-realV2.exe"
  2⤵
  PID:2392
- - C:\Users\Admin\Downloads\c-realV2.exe
    "C:\Users\Admin\Downloads\c-realV2.exe"
    3⤵
    - Loads dropped DLL
    PID:312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:1812
- C:\Users\Admin\Downloads\c-realV2.exe
  "C:\Users\Admin\Downloads\c-realV2.exe"
  2⤵
  PID:4448
- - C:\Users\Admin\Downloads\c-realV2.exe
    "C:\Users\Admin\Downloads\c-realV2.exe"
    3⤵
    - Loads dropped DLL
    PID:4380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
968c5be36cd858b90866e0c5302c582d

SHA1
c5f96106ea7d36da77a1406cc36ed1e9e939b64b

SHA256
76637553e830385a124cbe6900e1babfdd9fe86d4408449571b07abb4ed88249

SHA512
1201cda5791b9385d646e8d2495340d9b467a330fd70d35861e46248d13eedd6a25038be8be360033537d5eb71ff7670dc35eea2c39a3e147f44ddad614d9b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a0d08625cc2a3b37af7e0427b2edbaea

SHA1
501beb1c64776d1ebaa735ee1b10576c45fcc5be

SHA256
edad9017cf2e4b762b00c95b4268da0608bc699d262328708b43aa4303ad094f

SHA512
b356e884bc1e69a690636b2b23390b417725c063041baa05b53920e9ce5242cffa7b61bd8d5e12fe3e5d27bc1fae318bb8bd0675ea462ac4e5ed1ec168886fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c75b8e07d0562383b0e0a4935150153b

SHA1
7407cbbe66aa8237a8c35269878b7bceb98ef7c5

SHA256
6fbcebc6211cf5f0548fcb632de6490ee7650c9c0048e946b515c0b8c2518f9f

SHA512
44cfb0e4bb24f224a021cfe629200aa995a4bd4bd5c3e14e947dab8a3724109a3a9d073aa6554fd4b86db970ad91de7299f424c969bb9c700139438877a7c1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
bd90067f9a660dac5724a3f69ca72c1d

SHA1
7e01d6b0a438c93dac70a3ed88261abc76bcd859

SHA256
0892b8b52765f838ef9a91fd3f017c7204ccb5f46b2926d9f9634214c116ea19

SHA512
ae1d16ae6ea60706575934c783129ab5aac82e5a956b5d9e648152e1fbc88e2fbd7df2524322fbd2bd018a304b61be6b9e8513f6c0ec4a2b93345b8a0f09b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
f2f8f6df2388d045ea583dc59a8a9f6f

SHA1
990d35f0741e535c136bf889f65246ebb3a04391

SHA256
903f59c56f3df9504b54215e9dd3828aa9a986b99e901fcdba23ac04e9ce535e

SHA512
e4e96b3353a4d2cc6173dbd3d4eb8fab52c6a6a70faf6f82d60391b9b99d154c00851a27654353ba89bf2fc66e467644fd85d1005fb4f40725924e4cd1e0c958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
2db59d5f5364e84f3f6ed5dc4985c660

SHA1
1b1c414d43b56d55aba8f19521200ea8d53ab762

SHA256
34d620286c5d21c8cfa89cc82423ce854331ffac08e3c89f913052bf2fd3f480

SHA512
0f86c7a9a06b1746a6bd99b4360f3b19317095c34fb47d969bb6a0f6873b5400709e6b28e3ef5cf8a09488122e26784a237441beb94de26dfe0074d81c0d2150

Download Submit
C:\Users\Admin\AppData\Local\Temp\137e0e3b-acd1-4dfe-ada2-cc231b4394cd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_asyncio.pyd

Filesize
34KB

MD5
cb95a91c8b907752b69c8f12a72bc40e

SHA1
1e9504a7bdc0e9abb8bb6e39da2ba4e0d7386efe

SHA256
7d87702964e1e1faca0e30325900c3f075fe7acd05b3692f9f5e062b60e641cc

SHA512
650d1d626df473858eac810dc2f8697e18d91a5a6d2a17f8643f89a6215e43018852b81b82123cce80ba21d1249258b3eee944fb4e9571f28e1fce6a6d7b9bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_bz2.pyd

Filesize
46KB

MD5
dafa6d12daef616d7afb2853d339b4d6

SHA1
482ec0e8581ad99c42495fb76f42884191481399

SHA256
3260d2120df53e7a4a3d68299e72d8919fbb956f30d92d2d0f75f055bd72262c

SHA512
9358cb9a0b728567d5800efbb139f0fd6c4b016f2c6ef366d770f8f0aca92eb42d5769f48f4ea11e6bf064a04fdb3901f86db80b3f622d0ea8b8ccb1cf2c26f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_ctypes.pyd

Filesize
56KB

MD5
ee797ca2e9dae16f1afaf5350c0fe170

SHA1
623a9ccbff3a0c9416e882e0ae4251caead84aa5

SHA256
3496264fa3f5cc6cc5c7f359bfb1f3a2388065f45461479cbcc6ab88601065dc

SHA512
dbb6abc1d738c783627db7ef9e553bfffe7af345f2bf0dadaa987d4ca6c883ce55ac9038da95995c68d1691f296f20283918119d803ad1f930f04fe8bd067018

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_hashlib.pyd

Filesize
33KB

MD5
9b98ab14cc78ead3b6e25deaa45b66db

SHA1
a49b4621a592fd1fe09bf9638917407c7df4450e

SHA256
71c588c4d87a06acb3275537783ff34950e6dd651365545fac42c53ed5fba182

SHA512
2fce844285e7f1a8cca88e80b132da736ffa3efb50a498daf687546ea410148693ef5d31d9da2a68784bcfd3e15e34d13c3868a90a814ecfabe006d911769cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_lzma.pyd

Filesize
84KB

MD5
d79bdfeb08765cedcb612cacf40cb667

SHA1
9008847fb90a7bcb84d6ebbb34611022a8118cb8

SHA256
7909a4571b1af1f5aba469f6c2a642c1fbdc949890c96a89f4782a53a7fb5471

SHA512
d53d11e75ef590e8578af5cb8be71fe77930f9cfded89c1afa0bb1d04410432cd655d4d4287c0c7c547d9c667dba7d2bd51ecfda727fb312bc2c38993c1360be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_overlapped.pyd

Filesize
30KB

MD5
7f766374428a6d7390724f659239ce69

SHA1
c69be06cb7d8257f42d03815164323a746c525fa

SHA256
40588139ae6eba475e5ab00d90eed826aa374b7d335298d106dc81153142e19d

SHA512
4515f80e09281ae5bd619fb881e6a4683ac854c2c85f5d010aa2cd3600a08ccb80bdae48320c8582deafe41b0a7d0996a88bce38a66c97721c0772519d22b933

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_queue.pyd

Filesize
24KB

MD5
8b91d1de78b7e337ad267cfeb5c22b15

SHA1
f1f7d67859ad0007f1a4968a82ac0281829fa61c

SHA256
981a27eff5e45b819c295cd669c905bec18faf661fb5183f255932b627d008d5

SHA512
c52ea0bef75b33c912f089654af75aa684fb8337d452e326a2a0a764380c35219c1b8b8c979694bff1eb0b32aaf1dde98de4ec51b88e332545ff703e89ea0366

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_socket.pyd

Filesize
41KB

MD5
98b4b4b16b28cea6bc7ad21e5b7099cb

SHA1
3d68d473e621ae6f4ea8d45f009d76fd31754a97

SHA256
604c46e40e85ee8cfde8b6092d4785bb4c6b1c3692e648ce30fbabc119527014

SHA512
e587ef54944d77189666c2f3ef9a4e27ebc17fa53ba12fbab6246815435bd63e7df4634b34f44b9e112f89f4cd56caaf1af066e14102d8c7fccf0355d2cc454c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_ssl.pyd

Filesize
60KB

MD5
cd4cd236dfd476e629c5e30597d0b5d6

SHA1
49df5575ecf1f58f3f61daa979518f43d6fde86a

SHA256
0713d93a6c083f2ab1391dc78ad5d897c1ef4eef8a71648213d6631f0b6843e5

SHA512
829b72f81cfe3563ada7ea71d815b1a4772469a3624dff600ea1a532b3aac554a4f3a64950087f6d05b67bebe937244ff75a9eeaf03b3f80fd883e7d52f859fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\_uuid.pyd

Filesize
21KB

MD5
adfcda65b24dba25a281160c8e2549b6

SHA1
052d2b22afb1442025b5ff22501e18cccc017d04

SHA256
cfda1ec3a28982545816b037799c0d1c089ad82d0a255efc97b23ff60571373c

SHA512
76f45fb36e614fd96498bbb6a3de00730d12f4bf7f89a63f3f9d75a66c8598ab105d1acbb53227437b9a89b8fd81e6d6fbb059e62247bbed01815a4c0f6a52c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
20KB

MD5
1f08cad759839d57af8ad8d3d66307f9

SHA1
3407c49d52c46778349d5583b08bcd55238b882b

SHA256
926eda0ad4312561f65a0ac786f40de0e7edfb78467bbd3f2f647211bf3b895d

SHA512
c2e82e7d40e92c2d5cf5a8181c63a20f31c4e7134fe3bce581de4969d8a00ffb3290d5a7eff99c262c5b8d7a9813ede275a784dbc0c1e9d34ec8a2aa24e9de74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\aiohttp\_http_parser.cp311-win_amd64.pyd

Filesize
63KB

MD5
2b1aa1aecbe9c124ff07fd349c9b3c8f

SHA1
cbe2a15c9e09ef0d9ef8ff61305deb14b0d937f1

SHA256
402d8443e33b0223e28f6b9c3660073ed1f35527a921b455ada1398ff299a03c

SHA512
70b206cbef196ef0555ec27edcd61a3a7a2278afa284aeefdb15dc7d583cbb4486bfc445c809dab0feec82756db5148deba2d18a35a4272bbd694643eebb0b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
19KB

MD5
1a75e171dbeeb2fb92ec885e2bc5652d

SHA1
37b31aa6ec621dafdba16f044c0f8349959168f2

SHA256
d2057b4cfa5a1687601fcba4b2730d76b90da4db09a1d76b1943a4751961685a

SHA512
55850a84cc065b36e7b5374ba840abf110f8a2f5fc3a9840e6a1163087e85a0cd2538ca1e6d42bae2fbd89513aced846dbb00bcfabd1dff4ee7a2f03728c05c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\aiohttp\_websocket.cp311-win_amd64.pyd

Filesize
14KB

MD5
6e18d60399ab6e284f11dfae829bb8e6

SHA1
b39dc183f9f002dcdc0a6ca07dcee64286cce764

SHA256
edfadfab5ad2428365f9e0d6cd9e91fc4c29b78b9e3e6ac7cbcd118ed986f11f

SHA512
452def3915a095e5410cbb0f4b6e7e1a885ee9217f4f84bd6bf63e8201602c03ea382270291dcf650a2132029e24bb11cd29278411c5d4ec904dfd306c8f59b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\base_library.zip

Filesize
1.7MB

MD5
e9c28bc7ae0276a2413d913fabe101cc

SHA1
baefb0b00eac192113737106bc76b02244c17838

SHA256
7ecd1dfe0dcc82c2e595729cb238acb890326adc87136334ce9c21a5f0c847bf

SHA512
c25532849462e0dc1e3e7fd5f0dcc93a5dc18c7b29920819143ec30fec899f98cb8a538ab0084b9ba91f62705de3dededef6acfae02daf1efceabac3819804e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
9KB

MD5
7f1584f25ffd99d876f6816db20d033e

SHA1
1b0e9d7d2e2779887299f29ad991dc5cda7eaa5e

SHA256
ff381242e40a70510e0e69a34e3ab18fdcdb56865f5905425d20ddfff3452400

SHA512
5f6a01985b820aeacdd5e54eade039d20e90643510fdf2a97be6b955436420bb38a86c44f6245aef0200fe4515800eaf231721ecfe50dfdbf57b96a966d828ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
38KB

MD5
c85002eed76b760e311b042f5831a4a6

SHA1
a5ea6c4e3dfc6ae735f7ff9876839940507230fd

SHA256
d2dba1513d01ca0a06024bbe7af43a6896c327d370153407d430ba8b5abea55e

SHA512
0f7e1b4b80975945e9aabdb559c7a2a0ac43128d979f01d11d04092b93148ae2c1fab88b4ed5cf004305fb4d7dccad32d5bdcdf75cfd554d7329a2773c29d9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\frozenlist\_frozenlist.cp311-win_amd64.pyd

Filesize
24KB

MD5
2ff22166c3bdc9dcb9ea6de5e8d16bbe

SHA1
d0dd16250d01150e93b0ff645cf2acc51ca5ca31

SHA256
776214669dfab09c476e9a26be0e67bf8bb2df9e7b7bf2746e6b3d2a54b09d0f

SHA512
c5ec6ac73e83c3e7879bfd90e662cf537784d37dc15c72fa6ab28331c756ccde5185c72dab4b1e56e1b4a2bedc4ff99233f194fbe32492c03eda3f8df7efb3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\libcrypto-1_1.dll

Filesize
1.1MB

MD5
8a0b20d8e0e7f225693d711d556adc8a

SHA1
9486b7bdba3682f29f918ec22ec3d3f0dd0101fd

SHA256
0b7ba07933749e08f265ce5f9361a52cd00c86c84713db8c7b6955e75fb8359b

SHA512
164b5138e708c494094c60084945b24c73ff345433c8231fcc79a8fa5059634374f8998b04d9a967e37cde8af88bd4ff4484eca641fe112952af4b98081d7bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\libffi-8.dll

Filesize
27KB

MD5
aaf07947fe7aa9980900dfd10145c32f

SHA1
79b605e95c55524ef13ed130fddb277df121aaee

SHA256
55210e5a2e9885c30624cda41bf4a83b2598e661590349e7997ab28be70569a4

SHA512
e17463ecdad0c5fda59197b0bfd2f35ae0580e8791eaad5ef52c2ad876e993709fbe7b6c10e5a16eba276c7f8163f5acffd86fe500652854407ae036b8befabe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\libssl-1_1.dll

Filesize
203KB

MD5
5fba49b16f11befe297103bc28f20940

SHA1
412a4d12b6837314826b3ab8f868182da12b1f1a

SHA256
cc147f1b1467d4646450b66a8e59d26980a50f36fd3176eb2701e7bd28b22c72

SHA512
62881a3b70afea335819ca2fafe85711607ce526f45a628fa775574c36ff3b287d5c9b9a8449131831e15644048a5e8255c3cae91487bd8cdd90e684748dec98

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\multidict\_multidict.cp311-win_amd64.pyd

Filesize
20KB

MD5
926e67372520a3bb5afaf00ecc0a2baa

SHA1
7cd4cddde1a7c6b12168551ce88fbc8e6a9486e1

SHA256
5c120e3ffa9c3ed47455d3e2ea63da488ec77937236c9e91f1213810f9ca1146

SHA512
bc64b93d144b56560f145dccad1849e8e8b982126df074546f08a0276ee33b7d5cf53241eca80223ef7f989f1b10cbdd7e0a5690f9b3d0de433cf1ca7af79195

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\pyexpat.pyd

Filesize
86KB

MD5
a9ee1c53c76d3c2c622a5c4649edcbf2

SHA1
c9b0e3269d9eb5e6aa47c39619f70b3e8b208924

SHA256
446f5b0e6fb174ba8f2c8ffb45d093e87f12b02b1119e9b4baa9642c981321ce

SHA512
e256b074dbf40a662398f0b2eb909a498051e16eb7fedcdd5afe247f80632a60a8cb01cc5aeec52f1d392c90b5aaaa94ca4b72ed2d3e0d4018a840d7408b2fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\python311.dll

Filesize
1.6MB

MD5
5ef44effa518fc9b3acda79684381d75

SHA1
df6d1a46e691dce3373800b188137eed4ce97dfc

SHA256
90fe310cce48c73f05b7e678a36f2d6bb8870c316b9f12495255b60ad7787777

SHA512
ca52ccd9dedfb03d38544cb2f5a248d52873f7ef143ee3693d2fe11e941e81c5a48da277dbe0cdcf5b01701778ba083d0355fdfef0c13faa59411e7e12e5928c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\select.pyd

Filesize
24KB

MD5
ccdb37c527ce2db915e3701ee204c7dd

SHA1
8454bc2761504ea11fbaa6f2683bbca36a3989a9

SHA256
0f8d10473924f0bee9430be8824f8bd626fa4efaf98cdc10eee64e70dd4ef3f0

SHA512
3e04fecf39585445f2541d5ee16c3e522770daa9b1778a5e51db68261d4080e1b5373ded5a9a46f5f2204de1049be85814f86b28dd882ced8cff0632c34b70d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\unicodedata.pyd

Filesize
294KB

MD5
54386c35a62c1a9eb63a29863f623a63

SHA1
7bb961b23816d30b727448c20bb65a57f64c95a1

SHA256
8066be8a9e752be80afff19fb21449998964dc8882cbe947230629ab21dc1009

SHA512
f7294832edc2e0bf87359bee12d60aac6eb397bcdd848317c0444a22b855f986d7c550a0268bf47902d78e9f0aecd206ee487e2081dee6665158f0ceb327e5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23922\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
30KB

MD5
a364a3210e1b7c35f9bb9c1672ad5fc1

SHA1
d1c65204c9ef8d601eb2800fb96925cb85cbf274

SHA256
8ec8b9b6f9cab2aaf787d29e16f1e6a19fe3a88ab1948c4e25922f20f3e22f09

SHA512
b7f96701f284abda7dcd8a6d25cb34a9314c04a401799863672199e84ba72ee207bf92b80ad7135379fde4cd8da078b982a446c11e14d086ed6eb49cbde8d862

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eddpbet3.fs2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/312-498-0x00007FFC5F450000-0x00007FFC5F465000-memory.dmp

Filesize
84KB

Download
memory/312-558-0x00007FFC5F250000-0x00007FFC5F262000-memory.dmp

Filesize
72KB

Download
memory/312-475-0x00007FFC64120000-0x00007FFC6412D000-memory.dmp

Filesize
52KB

Download
memory/312-469-0x00007FFC64330000-0x00007FFC6433D000-memory.dmp

Filesize
52KB

Download
memory/312-466-0x00007FFC5F8C0000-0x00007FFC5F8D9000-memory.dmp

Filesize
100KB

Download
memory/312-480-0x00007FFC5F7B0000-0x00007FFC5F7DE000-memory.dmp

Filesize
184KB

Download
memory/312-463-0x00007FFC5FAE0000-0x00007FFC5FB0D000-memory.dmp

Filesize
180KB

Download
memory/312-482-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp

Filesize
5.9MB

Download
memory/312-483-0x00007FFC5F270000-0x00007FFC5F328000-memory.dmp

Filesize
736KB

Download
memory/312-486-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp

Filesize
144KB

Download
memory/312-489-0x000001A054620000-0x000001A054995000-memory.dmp

Filesize
3.5MB

Download
memory/312-460-0x00007FFC5FB10000-0x00007FFC5FB29000-memory.dmp

Filesize
100KB

Download
memory/312-499-0x00007FFC5F430000-0x00007FFC5F442000-memory.dmp

Filesize
72KB

Download
memory/312-457-0x00007FFC64340000-0x00007FFC6434F000-memory.dmp

Filesize
60KB

Download
memory/312-501-0x00007FFC5F3F0000-0x00007FFC5F404000-memory.dmp

Filesize
80KB

Download
memory/312-455-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp

Filesize
144KB

Download
memory/312-495-0x00007FFC5F410000-0x00007FFC5F424000-memory.dmp

Filesize
80KB

Download
memory/312-492-0x00007FFC4ECB0000-0x00007FFC4F025000-memory.dmp

Filesize
3.5MB

Download
memory/312-449-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp

Filesize
5.9MB

Download
memory/312-1400-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp

Filesize
144KB

Download
memory/312-1402-0x00007FFC5FB10000-0x00007FFC5FB29000-memory.dmp

Filesize
100KB

Download
memory/312-503-0x00007FFC5FB10000-0x00007FFC5FB29000-memory.dmp

Filesize
100KB

Download
memory/312-504-0x00007FFC5F050000-0x00007FFC5F16C000-memory.dmp

Filesize
1.1MB

Download
memory/312-1404-0x00007FFC5F8C0000-0x00007FFC5F8D9000-memory.dmp

Filesize
100KB

Download
memory/312-507-0x00007FFC5FAE0000-0x00007FFC5FB0D000-memory.dmp

Filesize
180KB

Download
memory/312-508-0x00007FFC5F3D0000-0x00007FFC5F3EB000-memory.dmp

Filesize
108KB

Download
memory/312-1403-0x00007FFC5FAE0000-0x00007FFC5FB0D000-memory.dmp

Filesize
180KB

Download
memory/312-511-0x00007FFC5F8C0000-0x00007FFC5F8D9000-memory.dmp

Filesize
100KB

Download
memory/312-513-0x00007FFC5F250000-0x00007FFC5F262000-memory.dmp

Filesize
72KB

Download
memory/312-1405-0x00007FFC64330000-0x00007FFC6433D000-memory.dmp

Filesize
52KB

Download
memory/312-516-0x00007FFC5F230000-0x00007FFC5F245000-memory.dmp

Filesize
84KB

Download
memory/312-1407-0x00007FFC64120000-0x00007FFC6412D000-memory.dmp

Filesize
52KB

Download
memory/312-1406-0x00007FFC5F7E0000-0x00007FFC5F815000-memory.dmp

Filesize
212KB

Download
memory/312-518-0x00007FFC5F010000-0x00007FFC5F04E000-memory.dmp

Filesize
248KB

Download
memory/312-527-0x00007FFC5FAD0000-0x00007FFC5FADB000-memory.dmp

Filesize
44KB

Download
memory/312-1408-0x00007FFC5F7B0000-0x00007FFC5F7DE000-memory.dmp

Filesize
184KB

Download
memory/312-1409-0x00007FFC593F0000-0x00007FFC59406000-memory.dmp

Filesize
88KB

Download
memory/312-521-0x00007FFC5FC20000-0x00007FFC5FC2E000-memory.dmp

Filesize
56KB

Download
memory/312-528-0x00007FFC5F7B0000-0x00007FFC5F7DE000-memory.dmp

Filesize
184KB

Download
memory/312-529-0x00007FFC5FBF0000-0x00007FFC5FBFA000-memory.dmp

Filesize
40KB

Download
memory/312-1410-0x00007FFC5F450000-0x00007FFC5F465000-memory.dmp

Filesize
84KB

Download
memory/312-531-0x00007FFC5F270000-0x00007FFC5F328000-memory.dmp

Filesize
736KB

Download
memory/312-533-0x000001A054620000-0x000001A054995000-memory.dmp

Filesize
3.5MB

Download
memory/312-1411-0x00007FFC5F430000-0x00007FFC5F442000-memory.dmp

Filesize
72KB

Download
memory/312-534-0x00007FFC4ECB0000-0x00007FFC4F025000-memory.dmp

Filesize
3.5MB

Download
memory/312-535-0x00007FFC5F410000-0x00007FFC5F424000-memory.dmp

Filesize
80KB

Download
memory/312-536-0x00007FFC5EFE0000-0x00007FFC5F004000-memory.dmp

Filesize
144KB

Download
memory/312-537-0x00007FFC593D0000-0x00007FFC593E2000-memory.dmp

Filesize
72KB

Download
memory/312-538-0x00007FFC593F0000-0x00007FFC59406000-memory.dmp

Filesize
88KB

Download
memory/312-539-0x00007FFC56690000-0x00007FFC566D3000-memory.dmp

Filesize
268KB

Download
memory/312-540-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp

Filesize
5.9MB

Download
memory/312-541-0x00007FFC5FC30000-0x00007FFC5FC54000-memory.dmp

Filesize
144KB

Download
memory/312-472-0x00007FFC5F7E0000-0x00007FFC5F815000-memory.dmp

Filesize
212KB

Download
memory/312-557-0x00007FFC5F3D0000-0x00007FFC5F3EB000-memory.dmp

Filesize
108KB

Download
memory/312-556-0x00007FFC5F050000-0x00007FFC5F16C000-memory.dmp

Filesize
1.1MB

Download
memory/312-560-0x00007FFC5F010000-0x00007FFC5F04E000-memory.dmp

Filesize
248KB

Download
memory/312-1401-0x00007FFC64340000-0x00007FFC6434F000-memory.dmp

Filesize
60KB

Download
memory/312-1399-0x00007FFC434A0000-0x00007FFC43A89000-memory.dmp

Filesize
5.9MB

Download
memory/1144-381-0x0000022F77E30000-0x0000022F77E52000-memory.dmp

Filesize
136KB

Download
memory/1144-386-0x00007FFC4C6A0000-0x00007FFC4D161000-memory.dmp

Filesize
10.8MB

Download
memory/1144-387-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download
memory/1144-388-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download
memory/1144-389-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download
memory/1144-390-0x0000022F78DC0000-0x0000022F78E04000-memory.dmp

Filesize
272KB

Download
memory/1144-392-0x0000022F78E90000-0x0000022F78F06000-memory.dmp

Filesize
472KB

Download
memory/1144-393-0x0000022F78E10000-0x0000022F78E2E000-memory.dmp

Filesize
120KB

Download
memory/1144-399-0x00007FFC4C6A0000-0x00007FFC4D161000-memory.dmp

Filesize
10.8MB

Download
memory/1144-400-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download
memory/1144-401-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download
memory/1144-402-0x0000022F77E60000-0x0000022F77E70000-memory.dmp

Filesize
64KB

Download