hxxp://sora-6b494[.]web[.]app

Resubmissions

16/04/2024, 08:33

240416-kf8edafc9s 8

15/04/2024, 16:33

240415-t21fbsba22 8

Analysis

max time kernel
370s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sora-6b494.web.app

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
behavioral1/files/0x001700000001da03-406.dat	patched_upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Sora - OpenAi Beta v.1.1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Sora - OpenAi Beta v.1.1.exe

Executes dropped EXE 8 IoCs

pid	Process
4200	Sora - OpenAi Beta v.1.1.exe
2460	php.exe
3600	rhc.exe
3992	php.exe
5752	rhc.exe
5776	php.exe
3280	rhc.exe
5996	Sora - OpenAi Beta v.1.1.exe

Loads dropped DLL 47 IoCs

pid	Process
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
2460	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
3992	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe
5776	php.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Sora - OpenAi v1.1.1.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
2932	NOTEPAD.EXE
884	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4272	vlc.exe
4168	vlc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2268	powershell.exe
2268	powershell.exe
2268	powershell.exe
3992	php.exe
3992	php.exe
5776	php.exe
5776	php.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4272	vlc.exe
4168	vlc.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3416	firefox.exe
Token: SeDebugPrivilege	3416	firefox.exe
Token: SeDebugPrivilege	3416	firefox.exe
Token: SeRestorePrivilege	5648	7zG.exe
Token: 35	5648	7zG.exe
Token: SeSecurityPrivilege	5648	7zG.exe
Token: SeSecurityPrivilege	5648	7zG.exe
Token: SeDebugPrivilege	2268	powershell.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
5648	7zG.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
3416	firefox.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4272	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe
4168	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 4960 wrote to memory of 3416	4960	firefox.exe	91
PID 3416 wrote to memory of 3316	3416	firefox.exe	92
PID 3416 wrote to memory of 3316	3416	firefox.exe	92
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 1408	3416	firefox.exe	93
PID 3416 wrote to memory of 4476	3416	firefox.exe	94
PID 3416 wrote to memory of 4476	3416	firefox.exe	94
PID 3416 wrote to memory of 4476	3416	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://sora-6b494.web.app"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://sora-6b494.web.app
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.0.280459024\504982234" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d26d74-ea96-4a41-aa33-1bbed5e08378} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 1980 1b91c5d8158 gpu
    3⤵
    PID:3316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.1.1969243126\1049825755" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {618f6c4d-8ae5-4d99-a7c0-d17e67103ca4} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 2404 1b91c2fa558 socket
    3⤵
    - Checks processor information in registry
    PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.2.1728628109\281728346" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbda9ad1-c6ab-46ff-b3c7-2cf30c7ea9fa} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 3148 1b9204d4e58 tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.3.798160936\348447729" -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31762bda-7106-403a-8a6e-752fc151478e} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 4000 1b908762558 tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.4.170004256\1524581576" -childID 3 -isForBrowser -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea8320c5-4725-4843-9b4d-dc0fd5e456c7} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 4652 1b921c5fb58 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.5.2117204356\2024787870" -childID 4 -isForBrowser -prefsHandle 3396 -prefMapHandle 4928 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c9fc70-44a2-47db-bb00-2defee4d398d} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 4596 1b922eeab58 tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.6.1149279582\287185780" -childID 5 -isForBrowser -prefsHandle 4576 -prefMapHandle 3404 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d357852c-9be8-4d0f-8c4d-ad3455300e46} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 5008 1b922eeb458 tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.7.1645395090\1950683836" -childID 6 -isForBrowser -prefsHandle 5028 -prefMapHandle 5008 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee503c1-8eac-41eb-a1b4-9ada2e46d325} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 5128 1b922eec958 tab
    3⤵
    PID:3612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3416.8.1772042176\259100592" -parentBuildID 20221007134813 -prefsHandle 5628 -prefMapHandle 5148 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c444c330-8f39-4f8a-914d-ecb6811cb9cc} 3416 "\\.\pipe\gecko-crash-server-pipe.3416" 5616 1b922853858 rdd
    3⤵
    PID:948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4604

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap10879:98:7zEvent22694
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:6120

C:\Users\Admin\Desktop\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe
"C:\Users\Admin\Desktop\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:4200
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  PID:2884
- C:\ProgramData\ContentData\php.exe
  "C:\ProgramData\ContentData\php.exe" C:\ProgramData\ContentData\include.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2460
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c "PowerShell -c "Get-Date -Format 'yyyy-MM-dd HH:mm:ss'""
    3⤵
    PID:892
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      PowerShell -c "Get-Date -Format 'yyyy-MM-dd HH:mm:ss'"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2268

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:3464
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4272

C:\ProgramData\ContentData\rhc.exe
C:\ProgramData\ContentData\rhc.exe php.exe index.php
1⤵
- Executes dropped EXE
PID:3600
- C:\ProgramData\ContentData\php.exe
  php.exe index.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c ""C:\ProgramData\CloudData\rhc.exe" "C:\ProgramData\CloudData\python.exe" "C:\ProgramData\CloudData\main.py""
    3⤵
    PID:3184

C:\ProgramData\ContentData\rhc.exe
C:\ProgramData\ContentData\rhc.exe php.exe index.php
1⤵
- Executes dropped EXE
PID:5752
- C:\ProgramData\ContentData\php.exe
  php.exe index.php
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c ""C:\ProgramData\CloudData\rhc.exe" "C:\ProgramData\CloudData\python.exe" "C:\ProgramData\CloudData\main.py""
    3⤵
    PID:4296

C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\rhc.exe
"C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\rhc.exe"
1⤵
- Executes dropped EXE
PID:3280

C:\Users\Admin\Desktop\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe
"C:\Users\Admin\Desktop\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5996
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  PID:332

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:3684
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4168

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\NewProject.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2932

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\machineId.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d4ofvi2b.j0p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
860987598484dc4f4db24898436d5d40

SHA1
7466a8c912ce52e63450cd52688b16d0286b31d6

SHA256
308e7111f52e116941e087976c01c3afff49f8960a7ad4c8907ea3a82f2e56a9

SHA512
55d76b4df5cfb4a2234d87dc3453e7a33a030463befcbaf8ce4a1a51a1c8853d5476a7c4c08f876477b6e1d7457051dff14ca6a3ac7d495350f0b8a1087dc180

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\1e38d623-2527-436c-8520-cdb6bfcbed7a

Filesize
746B

MD5
6a582f74be55b3405e423590ea581ce7

SHA1
c9b5585ab010062d9561c78ab529ae5c69001a4d

SHA256
a200700e83af490055207d46b22e1cbd03b2df2ba853389e4e78d01041636260

SHA512
2927b9fcff141362b3844e1ff2c59256f8a3a39863567aea804f20ef33ace0ea4cec4eca6533d616ee81a9ffc9d8ddeb42b29ad810531fc5318899f5a1c8a1f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\fb5f607d-1d68-44a0-8c97-3e49f28ff5a7

Filesize
10KB

MD5
5115878280fc1c9048d59e270027ebb9

SHA1
fd2d1174c4951756351558ee6b475e11d1ac916a

SHA256
28495de2b23e81ca0ebad777b21d0efe823e7e69fe58aec490e396beed97d34c

SHA512
e458b4f43201a413df613985a29dbc342fa70d8f4cd182956df14021185315239db7e9317210cca530fd27f2187d1ae7e9f161f4b5c9b5fccbfb77d91c28fb36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
19fde6d00f37cc344dbbc92ce1dbb921

SHA1
27f51fcca99434bf0a76af9b79d847f9592f0953

SHA256
7662326b5ced0244a87b3ff44f8cfdceaab1c14f2d9ba319ac232c7918110446

SHA512
c0c2851410be312154c43f24830b12c7a64c5d4b8dd2088e84cf0a58043a0c9a929b88b14dc08f9d481597722769dc5ea23c4bc10bacb3b05e40dca751ddce47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
d303cc360932ce974c96d309f3539254

SHA1
73780783dbeab0851354f46ac4b897aabb188ae2

SHA256
69c67b8ae4fec832afe4c7164f7ca042256e86c9330dd15644dd825e8bce8fc0

SHA512
88dbb7b941bfe3b1a939e974690c6af05e3130290ee0dc4756289068f74dc33ded6d1f1ffa7bb1337a9a53acdb94304b09e916825aa0c416d6e79b08422bc63d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
009a86db1ff93a794cb9cc42e5615f89

SHA1
a27f56ae39bcf87e4553927c58fe12101aca2412

SHA256
a9ef051a60f3e10ced001ce4201c5a21c017815d8289dd2b5be9394ffce3e014

SHA512
dc41ae1c06d94a9ed451f3e3e4d9968b925da1f15e20aeade285d0ff09f50334ca82ffa31df8ba352d483a00dbce9e923570f9b9ba24b1ee34c0ff267fb6d6e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
d418cf5aec4803047698e41e9622090b

SHA1
4e2be9ae32e43dd30736c5d7efe2ffde350fc781

SHA256
f75fd28e8f92d9c17da9dbf0ec5588072fea29226da391f176f4b0401fa7137f

SHA512
55666e2fb2600482b014bc224ae52f20f67329789384e3655048b29b90e1fc3b4a6a4ab93ec2b07242ad938c95ce2152349b839ee572a19c82f918e39f829a88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c9795325c78006e24a301f79c850d4a6

SHA1
98d93184c618e0c294e6335e29f5e9d59cfe4f1f

SHA256
793d03344c47093ecc7ce2b6f9f7008a7371569bf66c4ff2235bdd101c1af00a

SHA512
5e425321211c795790f765c703ad82179e2ea85bb14aab3ade881786a6a5511dc2fac8a86f914ac51d25fe11c2f7efd547ca9695a87e0abc3bb96549a9afa0d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
01f9d21bf7e0ae1032bd0cab3367efc4

SHA1
9e69da4679fcdc9c694c1f8920c2e0ce37011d48

SHA256
f6be60d300b6060fe3163cc22b0611b5b32df6aa867dbac23961d7c1f45c0c77

SHA512
a36c8979b50daad241f85288af163416ece1a380bfe77d4f9f33b32d2118b7052cd1169cd0eaebb1de626c321e8db3cd4c19f0eb5424a93a93b83cd085e320e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
89fb414d778d11d3a12991de60301815

SHA1
1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

SHA256
935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

SHA512
49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp4168

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.gq4168

Filesize
615B

MD5
79c830a4dabb1101aee7ef2f6521baf6

SHA1
18ac17357dfce6198afedd67dc7819f95b5bc044

SHA256
4d94d7dd4360fffe8a58cac9abe67099de079da9571b8dc83748bea30e2a9439

SHA512
a1ee6d62276274ed2db295e80b7e668170e039fc4a4e62bde6a7c164cd847a2bf9db5706aeeec2593b151fcebacd97b347ad81f2bb630272bd2330ca08952021

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\Sora - OpenAi Beta v.1.1.exe

Filesize
153KB

MD5
37932fd952d6d845927f25f42cb3c628

SHA1
d0d7e1b7cfb13a0999ef4c4733b83275a1de2440

SHA256
cb807472bb6d4d1113fcbc209d6a08fa80ff9e53c83b1aa37f9d6f549affd68c

SHA512
403dce223d9cbb4241f21a773cfc55501e4141b161c3ba60397c75d533c3abbd420a8f526f6aac7f2a0a5b7b91361ed013641f0d40afc00680428db3c1dbb49b

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\WDSync.dll

Filesize
15KB

MD5
a0aae6000f5d7a2abc603afe54d284b5

SHA1
e31070d51d5b26b2d7816b751b2af70a75d60999

SHA256
12e633b25946133b8c6bdb12029a6705dbde6a0b58a8fb028dbc80697c2f14ba

SHA512
3eaa559fd2c7ab9f1554227db0556d68dab6eecf20475529f772370c3599ea1a245091c01130cc522b946cf005b43b7cdfb6d6ed1edbaf7fd56ed298ed011977

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_bz2.dll

Filesize
64KB

MD5
2e83d3a008f9d9bf6c6785d4feba5c75

SHA1
cd634271c56ff3b6c4c141adadb724a581378410

SHA256
d1457076b72d629f0af7e98cd6fe5be4fb0b18fb9c15675f2995b4c5e88a8106

SHA512
09fd9dba3e625dc38ec4587478988252a2ad1916f395a6d84ade09ea1a5f6c2b1353f9cd80455c22d9a0a30285a197801b3dca29664dce43e125ede9f8f379a8

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_com_dotnet.dll

Filesize
69KB

MD5
e6356bb0442e22f4c833c8f3faa12e54

SHA1
aa7867e7b0275e43b162a97ee9ff9417daa60887

SHA256
e7acc59480842e662351c2026f08ab67971ee33c34c663ce509a4c9473e643fa

SHA512
abdff0cac197d1fc73ddc74ce677556bd798e3e2c13f12eeb050785873dc43908f137d95f02f7eceac38dee39ed391b0b820837db97c7c0a96fa414c08ef7de1

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_curl.dll

Filesize
393KB

MD5
c8cce26e1f5c4ebcaf7d4f6f9cf6f994

SHA1
b174076a6b26e160954572c675cce067ba6582c8

SHA256
05c99429e208bc9f345c791e16dd3f68ec628186d64e2acbc7f2f6dcc877bf11

SHA512
a078e5c1cb37857a8e4f1f8430823466a30b51e22b1136afeb4542091e17c79e278a4fc081dac9ad0f85cfd18a63333aec39ec272b1cbcf78037b85af2fa50df

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_fileinfo.dll

Filesize
2.7MB

MD5
f53c9423bd798be924215b6d50dd57e1

SHA1
3453ae45f830d878825e739d1364dd8d9c657c6d

SHA256
1132e7e1cd973f0d44da001bc64ac36a061b69192c9d8ea175cd73e94100bcc0

SHA512
3b8e773321820e0a2e18532692ed027756e2c28ff2452c0e35caf3554e55d8a5510835be6916befd5cce74ea63b40c986e67f9251c722f5a7748a5795ef1a37e

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_gd2.dll

Filesize
1.3MB

MD5
6b5a11b8724dbb00f921d0d3adddc0f8

SHA1
16736b897a691c1298eca0a9df70a82eac69c7f2

SHA256
ddc10933f9d057fbb929f59997f5913182ce928dc8ffad8963eed74c2ef50256

SHA512
729c2cea71d89177473f738e0b342817ce12508dde857b5eb1226ab7fb90d4c64a777a9ed04b083ce57c9129da916e062b1084ee93058593e99487ae4eab4da0

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_ioncube.dll

Filesize
779KB

MD5
c57d5f4ec2992e6b06e891d09dcc3e32

SHA1
f1627024fe4a922a43e2163d77da987918635ca7

SHA256
4b6f679ab3da317ee310d5bd482b41a77f5ebf1fc0d514d3595c3d16db6e7327

SHA512
ed30da1c8950865c380b6d13468af1075e4161a052199ea77d071851d297c14c041e082377935d5a8deb3807df6a6bb375c63d3f017c91b425b63a22c82f6151

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_mbstring.dll

Filesize
1.2MB

MD5
91e97c0ebbe5a7053b9396b1e376283d

SHA1
1906eae6644797e905a1f54c558e83c550440320

SHA256
6653e52f3a7d12afc5e1d5922a73d56a9d914864a1f882004e986ea210005b61

SHA512
3e4e03e4932cf3cdadbc29f0163e81ac430f94e4497f805b31cd0ab12e3975f8152347b78ab1efe1a1feb24101925e671585b8d7080316ac86f4a6d78de9e790

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_openssl.dll

Filesize
86KB

MD5
7b404ba96f7f535fee77b97e0e45de2c

SHA1
3fa2897c6af4d9e2fa7d88748220816cd50c9e06

SHA256
673596e0945d61b3f5ff71d293ff8c2cc38464142bdde00387a87ea9af646aed

SHA512
10368f80234a6d7330616dc94d35238aa3215b3ae95e26ba5cde54eb2d99ce5585a138e2c8f97f52713809199eb15bf7b3555dd92ec9be0dbde0cabd118eb30f

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ext\php_pdo_sqlite.dll

Filesize
475KB

MD5
233fa83055777dfc5602c15e049e381b

SHA1
d0d5bb591515a1a96e1acd486741c1b041517377

SHA256
8b46ab99dad214f30ff11daf08d6b77041165875a04b3d4dc16cdfcfe73ca625

SHA512
401143a7770e429289980b5ef072a630d3246806e77fcbcfa86aef1abbb447aa7b15b29b7a467824580f8c4c2de4ff897c8ed70386f965514ab309cdad14a5d0

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\img\PlayVideoFull.mp4

Filesize
20.1MB

MD5
9804131e8c787e4cbe2dcb43f2a3ff17

SHA1
1641b6f53958dda1bd26b1fbceef332b9066c27d

SHA256
dac5c406f82c5d2c2f6473b6b864f23cd36055be91d01a4670ac1d4b797ffa42

SHA512
745d0f0c37c6fc0ad62e65cc296fd673a7cf3811e5fcc89ef68e9d9a5a95c93c515df65b72a8a6c59d2538edac21ce8dc47cab1763b8bd7f3d160e6c8fec8134

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\include.php

Filesize
9KB

MD5
273bd3d5da3cfcf66b62c219138dff27

SHA1
171899a2b963ebef255551444a9eb8d1705278f8

SHA256
0d78ba7e8a43f92511616c5be20197a2ad2d78b108cd68cad9a8005fde7d80df

SHA512
a09a6b1932efdd5f201558eae93610c8936a3910b503d63b3a2500dbc0846f4599b22621170d98b285b37c53a16ebfe3e1dc4041697185439e0cbec2229e60ef

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\index.php

Filesize
10KB

MD5
e1829b8350d861ff3a3bce5f167a4db3

SHA1
4eb5fa60631706d97cb96dc90984bb7780820f8b

SHA256
996e0e86a18d0b129d48fac97ef3c7a74cfcdfca89f38ea24af92bddb07f7f74

SHA512
cdbb42cc36c639e3ea51c73659139c751018bf9b4e15a837842b25328e980c7d462619708adcbb6933b235c43c1fa4a4ac3e0a71c457719c3830d983759e34d4

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\libeay32.dll

Filesize
1.2MB

MD5
d02143376cdea15b313a398a4caf3735

SHA1
6ed82e6c999974154cccd1b0809e518bf234eafb

SHA256
fe5ceefedcec83d40bd63a7cc2d4ae4012b3f59f1098638056fdc1a477d405f7

SHA512
d9e9e547e21bf3ad0f4474e0d05132c36d4865b8e796dfce888b9f81f5332e3dfe9126988dce938564f1030d069f30d4b912285205f77977c1b4bfee68707624

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\libssh2.dll

Filesize
163KB

MD5
73f95c1b2a23be7a80aa75250b8f25ad

SHA1
20dcce600d126479bd2f0226ae4b8981ee1f147b

SHA256
ed0db696c2ae8b896eab6fd8c71e5fa4c88e6a90b98fffc354593288d59fe119

SHA512
5ee88e0b0215dc7c970e085068f24baf3d7d1df247e7ed56d052dfa20d7dfd603353f036daa0d60e1514277e27d49449fbd9708a5e1c690eb1b90699e7f0e42f

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\openai.api

Filesize
88B

MD5
850952b67ab0c698657c3d908f559816

SHA1
e328f80fedc6c1208340f8ad775c3f350aa949d9

SHA256
fcfaf39e980b6fd20b1c27dae0565145b4e52dad257a780dcc2919800f8856b7

SHA512
b16f9d12d2b8fc6cd31fadd8397a56583bc2ea82ec2f333f85e8ad8ac4b83689cd0e5a2c7664129278f327d7df8b8a9df274ccbb8026e41a626abd1d13e01482

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\php.exe

Filesize
63KB

MD5
a1fe2fe70b38f91230cb5f4ca22b2c0c

SHA1
736bb400f69925493e4fb573e7222ac483ec3b32

SHA256
702d09e982e2af6bf5d828bb1d27bd3a48efcab7cf8837b023953354c4026550

SHA512
1cea0f50aceef5240c096bebf0d58f48e8b6313d71b0dd230b6aa465678e650c91e8e3ccecb7c73f7dc0c4a81eef5c3d14dbea1139543e2907ccca9e31d85dc3

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\php.ini

Filesize
70KB

MD5
dc20e139ccdcf3ab7037a18e52a00755

SHA1
a58c36fae35b20919ea214e17dae765c5a01b144

SHA256
9d2acec331a9e21ac406c8c469f68d943bca1503f9034a1bdd81664c993a9235

SHA512
91dc6e908af6f8f8d61473c03a71ed852cae80a3a5d480fd21fa44a8b4f156ed3194d6118b69376575e7e331c6bb249730ad34c0d54d987e981f105da31e2bb1

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\php5.dll

Filesize
6.7MB

MD5
0f9246f67611db06b9082a03e2680aba

SHA1
12d3ab77f06921aa9d7ebeda5410cc34455df7fa

SHA256
36179be42a85e363099ab57852f6fd1cd12e602e1475841ab169d13fc8955065

SHA512
d10d35febcbf0c036ae12be57cb168841e47f8f171a65b8b11ee625ced9ff0a33fcaa6467e690f8e9880bf8fdbb0f3dd77f5740453fea06ca8292dfdae86f0aa

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\rhc.exe

Filesize
1KB

MD5
abc6379205de2618851c4fcbf72112eb

SHA1
1ed7b1e965eab56f55efda975f9f7ade95337267

SHA256
22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f

SHA512
180c7f400dd13092b470e3a91bf02e98ef6247c1193bf349e3710e8d1e9003f3bc9b792bb776eacb746e9c67b3041f2333cc07f28c5f046d59274742230fb7c1

Download Submit
C:\Users\Admin\Desktop\Sora - OpenAi v1.1\__MACOSX\ssleay32.dll

Filesize
268KB

MD5
a24016af3e4cb13139f7904fd1fd847d

SHA1
60b61964b809de44090bdb7a2cc1b0ccf608bc24

SHA256
df5ca94869c6532d6db6c2aafddc4eab93e867670ce5964728248df68e07ce20

SHA512
227f9f16a4d5d683d3fea82390cc4cc07bb2eac6d8fad1aa41806aed4b825a5372f00bc284d73c2be5ad34e023bbd35cac901a4322ce911b998921a157eb934c

Download Submit
C:\Users\Admin\Downloads\Sora - OpenAi v1.E6KcIUm0.1.1.zip.part

Filesize
26.9MB

MD5
7c9de4d2c78e006f11ad8f1c44966fb4

SHA1
93e54785137b1471ed7530ae0e8da5640dd0cdb0

SHA256
081b2455cbf464eee43082d023137137eaf43b7a6e1f475feeb75b7cdaaa4cac

SHA512
6463c5dcae47226146dddc159105ecaba762fcfb27c330f8d721e742d948a939c0419104d69bc0ee3812b1b0aeaa22fe8edfd75682f2707027c9f9d7adf98a5d

Download Submit
memory/2268-728-0x0000000007440000-0x0000000007ABA000-memory.dmp

Filesize
6.5MB

Download
memory/2268-709-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2268-652-0x00000000027E0000-0x0000000002816000-memory.dmp

Filesize
216KB

Download
memory/2268-666-0x0000000004F40000-0x0000000005568000-memory.dmp

Filesize
6.2MB

Download
memory/2268-710-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2268-732-0x0000000073A50000-0x0000000074200000-memory.dmp

Filesize
7.7MB

Download
memory/2268-712-0x0000000005620000-0x0000000005642000-memory.dmp

Filesize
136KB

Download
memory/2268-729-0x0000000004B60000-0x0000000004B7A000-memory.dmp

Filesize
104KB

Download
memory/2268-727-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2268-726-0x0000000005F00000-0x0000000005F4C000-memory.dmp

Filesize
304KB

Download
memory/2268-725-0x0000000005DD0000-0x0000000005DEE000-memory.dmp

Filesize
120KB

Download
memory/2268-724-0x0000000005950000-0x0000000005CA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-723-0x00000000058E0000-0x0000000005946000-memory.dmp

Filesize
408KB

Download
memory/2268-722-0x0000000005800000-0x0000000005866000-memory.dmp

Filesize
408KB

Download
memory/2268-708-0x0000000073A50000-0x0000000074200000-memory.dmp

Filesize
7.7MB

Download
memory/3280-748-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/3600-735-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/4200-717-0x00007FF9D2F20000-0x00007FF9D39E1000-memory.dmp

Filesize
10.8MB

Download
memory/4200-376-0x00007FF9D2F20000-0x00007FF9D39E1000-memory.dmp

Filesize
10.8MB

Download
memory/4200-373-0x0000025E1B900000-0x0000025E1B928000-memory.dmp

Filesize
160KB

Download
memory/4200-375-0x0000025E1BCE0000-0x0000025E1BCEA000-memory.dmp

Filesize
40KB

Download
memory/4200-741-0x00007FF9D2F20000-0x00007FF9D39E1000-memory.dmp

Filesize
10.8MB

Download
memory/4272-448-0x00007FF9D8310000-0x00007FF9D8377000-memory.dmp

Filesize
412KB

Download
memory/4272-477-0x00007FF9D4670000-0x00007FF9D4681000-memory.dmp

Filesize
68KB

Download
memory/4272-450-0x00007FF9E5EF0000-0x00007FF9E5F01000-memory.dmp

Filesize
68KB

Download
memory/4272-451-0x00007FF9DD9B0000-0x00007FF9DDA06000-memory.dmp

Filesize
344KB

Download
memory/4272-452-0x00007FF9D0320000-0x00007FF9D0498000-memory.dmp

Filesize
1.5MB

Download
memory/4272-453-0x00007FF9DEED0000-0x00007FF9DEEE7000-memory.dmp

Filesize
92KB

Download
memory/4272-454-0x00007FF9CC4B0000-0x00007FF9CC620000-memory.dmp

Filesize
1.4MB

Download
memory/4272-455-0x00007FF9DEEB0000-0x00007FF9DEEC2000-memory.dmp

Filesize
72KB

Download
memory/4272-456-0x00007FF9DD470000-0x00007FF9DD4B2000-memory.dmp

Filesize
264KB

Download
memory/4272-457-0x00007FF9D7A80000-0x00007FF9D7ACC000-memory.dmp

Filesize
304KB

Download
memory/4272-458-0x00007FF9CAE40000-0x00007FF9CAFAB000-memory.dmp

Filesize
1.4MB

Download
memory/4272-459-0x00007FF9D5E60000-0x00007FF9D5EB7000-memory.dmp

Filesize
348KB

Download
memory/4272-460-0x00007FF9CA990000-0x00007FF9CABDB000-memory.dmp

Filesize
2.3MB

Download
memory/4272-461-0x00007FF9C8030000-0x00007FF9C97E0000-memory.dmp

Filesize
23.7MB

Download
memory/4272-462-0x00007FF9CA770000-0x00007FF9CA98D000-memory.dmp

Filesize
2.1MB

Download
memory/4272-463-0x00007FF9D85A0000-0x00007FF9D85B5000-memory.dmp

Filesize
84KB

Download
memory/4272-464-0x00007FF9D56C0000-0x00007FF9D56E3000-memory.dmp

Filesize
140KB

Download
memory/4272-465-0x00007FF9D5FE0000-0x00007FF9D5FF3000-memory.dmp

Filesize
76KB

Download
memory/4272-466-0x00007FF9CF100000-0x00007FF9CF1F4000-memory.dmp

Filesize
976KB

Download
memory/4272-467-0x00007FF9D5690000-0x00007FF9D56BA000-memory.dmp

Filesize
168KB

Download
memory/4272-469-0x00007FF9D5670000-0x00007FF9D568B000-memory.dmp

Filesize
108KB

Download
memory/4272-471-0x00007FF9D5630000-0x00007FF9D5645000-memory.dmp

Filesize
84KB

Download
memory/4272-473-0x00007FF9D4FE0000-0x00007FF9D4FF4000-memory.dmp

Filesize
80KB

Download
memory/4272-472-0x00007FF9D5000000-0x00007FF9D5013000-memory.dmp

Filesize
76KB

Download
memory/4272-470-0x00007FF9D5650000-0x00007FF9D5662000-memory.dmp

Filesize
72KB

Download
memory/4272-474-0x00007FF9D4F50000-0x00007FF9D4F62000-memory.dmp

Filesize
72KB

Download
memory/4272-475-0x00007FF9D4F30000-0x00007FF9D4F45000-memory.dmp

Filesize
84KB

Download
memory/4272-476-0x00007FF9D4F10000-0x00007FF9D4F25000-memory.dmp

Filesize
84KB

Download
memory/4272-478-0x00007FF9D4640000-0x00007FF9D466B000-memory.dmp

Filesize
172KB

Download
memory/4272-480-0x00007FF9D45E0000-0x00007FF9D45F1000-memory.dmp

Filesize
68KB

Download
memory/4272-479-0x00007FF9D4600000-0x00007FF9D4639000-memory.dmp

Filesize
228KB

Download
memory/4272-449-0x00007FF9D5EC0000-0x00007FF9D5F2F000-memory.dmp

Filesize
444KB

Download
memory/4272-481-0x00007FF9D41C0000-0x00007FF9D41D1000-memory.dmp

Filesize
68KB

Download
memory/4272-468-0x00007FF9D5E40000-0x00007FF9D5E53000-memory.dmp

Filesize
76KB

Download
memory/4272-482-0x00007FF9D0C40000-0x00007FF9D0C9D000-memory.dmp

Filesize
372KB

Download
memory/4272-483-0x00007FF9D0290000-0x00007FF9D02DE000-memory.dmp

Filesize
312KB

Download
memory/4272-484-0x00007FF9CFDF0000-0x00007FF9CFE33000-memory.dmp

Filesize
268KB

Download
memory/4272-485-0x00007FF9D4170000-0x00007FF9D4181000-memory.dmp

Filesize
68KB

Download
memory/4272-486-0x00007FF9D3FA0000-0x00007FF9D3FB7000-memory.dmp

Filesize
92KB

Download
memory/4272-447-0x00007FF9E6060000-0x00007FF9E6090000-memory.dmp

Filesize
192KB

Download
memory/4272-446-0x00007FF9E61D0000-0x00007FF9E61E8000-memory.dmp

Filesize
96KB

Download
memory/4272-445-0x00007FF9E68E0000-0x00007FF9E68F1000-memory.dmp

Filesize
68KB

Download
memory/4272-444-0x00007FF9E6900000-0x00007FF9E691B000-memory.dmp

Filesize
108KB

Download
memory/4272-437-0x00007FF9D50E0000-0x00007FF9D52E0000-memory.dmp

Filesize
2.0MB

Download
memory/4272-439-0x00007FF9E6D00000-0x00007FF9E6D21000-memory.dmp

Filesize
132KB

Download
memory/4272-443-0x00007FF9E6980000-0x00007FF9E6991000-memory.dmp

Filesize
68KB

Download
memory/4272-442-0x00007FF9E69A0000-0x00007FF9E69B1000-memory.dmp

Filesize
68KB

Download
memory/4272-441-0x00007FF9E6CE0000-0x00007FF9E6CF1000-memory.dmp

Filesize
68KB

Download
memory/4272-440-0x00007FF9E6DB0000-0x00007FF9E6DC8000-memory.dmp

Filesize
96KB

Download
memory/4272-438-0x00007FF9E6DD0000-0x00007FF9E6E0F000-memory.dmp

Filesize
252KB

Download
memory/4272-436-0x00007FF9CC620000-0x00007FF9CD6CB000-memory.dmp

Filesize
16.7MB

Download
memory/4272-432-0x00007FF9E71A0000-0x00007FF9E71B7000-memory.dmp

Filesize
92KB

Download
memory/4272-433-0x00007FF9E70E0000-0x00007FF9E70F1000-memory.dmp

Filesize
68KB

Download
memory/4272-434-0x00007FF9E6F00000-0x00007FF9E6F1D000-memory.dmp

Filesize
116KB

Download
memory/4272-435-0x00007FF9E6E10000-0x00007FF9E6E21000-memory.dmp

Filesize
68KB

Download
memory/4272-431-0x00007FF9E74D0000-0x00007FF9E74E1000-memory.dmp

Filesize
68KB

Download
memory/4272-430-0x00007FF9E7520000-0x00007FF9E7537000-memory.dmp

Filesize
92KB

Download
memory/4272-429-0x00007FF9E7540000-0x00007FF9E7558000-memory.dmp

Filesize
96KB

Download
memory/4272-428-0x00007FF9CD6D0000-0x00007FF9CD984000-memory.dmp

Filesize
2.7MB

Download
memory/4272-426-0x00007FF74AD20000-0x00007FF74AE18000-memory.dmp

Filesize
992KB

Download
memory/4272-427-0x00007FF9E7560000-0x00007FF9E7594000-memory.dmp

Filesize
208KB

Download
memory/5996-757-0x00007FF9D2F20000-0x00007FF9D39E1000-memory.dmp

Filesize
10.8MB

Download
memory/5996-868-0x00007FF9D2F20000-0x00007FF9D39E1000-memory.dmp

Filesize
10.8MB

Download