Resubmissions
18-04-2024 16:57
240418-vgmjeaaa67 916-04-2024 15:15
240416-sm328sdc55 916-04-2024 14:46
240416-r5c34acf52 916-04-2024 13:32
240416-qs9e4ach4t 915-04-2024 23:55
240415-3yn3kabg48 915-04-2024 22:47
240415-2qtgmsad66 915-04-2024 20:55
240415-zqqpmsgb58 815-04-2024 13:28
240415-qq2x8shg6y 6Analysis
-
max time kernel
1412s -
max time network
1418s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
16-04-2024 13:32
General
-
Target
https://bit.ly/triageshare2024
Score
9/10
Malware Config
Signatures
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Disables RegEdit via registry modification 1 IoCs
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Registers COM server for autorun 1 TTPs 4 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 56 IoCs
-
Detects Pyinstaller 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 8 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Modifies data under HKEY_USERS 21 IoCs
-
Modifies registry class 64 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 54 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bit.ly/triageshare20241⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95722ab58,0x7ff95722ab68,0x7ff95722ab782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4724 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4900 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3052 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4016 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4904 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4204 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\python-3.12.3-amd64.exe"C:\Users\Admin\Downloads\python-3.12.3-amd64.exe"2⤵
- Executes dropped EXE
-
C:\Windows\Temp\{DA577ABB-D6A4-4CF0-977B-12D8F04ABDB9}\.cr\python-3.12.3-amd64.exe"C:\Windows\Temp\{DA577ABB-D6A4-4CF0-977B-12D8F04ABDB9}\.cr\python-3.12.3-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.3-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=5683⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Windows\Temp\{4EF51225-2377-4221-8757-C02D2919AEB0}\.be\python-3.12.3-amd64.exe"C:\Windows\Temp\{4EF51225-2377-4221-8757-C02D2919AEB0}\.be\python-3.12.3-amd64.exe" -q -burn.elevated BurnPipe.{AD2E6330-ECD9-4063-9569-4905DE526008} {ED60A9D4-333C-4144-9544-E6BAB5FF87DF} 48684⤵
- Executes dropped EXE
-
C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe"C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe" -3.12 -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"5⤵
- Executes dropped EXE
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
-
-
C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe"C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe" -3.12 -O -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"5⤵
- Executes dropped EXE
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" -O -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
-
-
C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe"C:\ProgramData\Package Cache\EE7D6E4CB0818E2F1433C0FA7BA1682B6B7B0755\py.exe" -3.12 -OO -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"5⤵
- Executes dropped EXE
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" -OO -E -s -Wi "C:\Program Files\Python312\Lib\compileall.py" -f -x "bad_coding|badsyntax|site-packages|py2_|lib2to3\\tests|venv\\scripts" "C:\Program Files\Python312\Lib"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
-
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3952 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5608 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5148 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5516 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 --field-trial-handle=1904,i,16273712707790129522,6763886053877670043,131072 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Registers COM server for autorun
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding B724A5D9275333B912D61765312D2BFC2⤵
- Loads dropped DLL
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" -E -s -m ensurepip -U --default-pip3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" -W ignore::DeprecationWarning -c " import runpy import sys sys.path = ['C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpd618s8ys\\pip-24.0-py3-none-any.whl'] + sys.path sys.argv[1:] = ['install', '--no-cache-dir', '--no-index', '--find-links', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpd618s8ys', '--upgrade', 'pip'] runpy.run_module(\"pip\", run_name=\"__main__\", alter_sys=True) "4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Python312\Scripts\pip.exe"C:\Program Files\Python312\Scripts\pip.exe" install auto-py-to-exe2⤵
- Executes dropped EXE
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Scripts\pip.exe" install auto-py-to-exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\__pip-runner__.py" install --ignore-installed --no-user --prefix C:\Users\Admin\AppData\Local\Temp\pip-build-env-h9m6b16e\overlay --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- setuptools>=40.8.04⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" get_requires_for_build_wheel C:\Users\Admin\AppData\Local\Temp\tmpesu3svmh4⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\__pip-runner__.py" install --ignore-installed --no-user --prefix C:\Users\Admin\AppData\Local\Temp\pip-build-env-h9m6b16e\normal --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- wheel4⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" prepare_metadata_for_build_wheel C:\Users\Admin\AppData\Local\Temp\tmpaxwved764⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\__pip-runner__.py" install --ignore-installed --no-user --prefix C:\Users\Admin\AppData\Local\Temp\pip-build-env-h4wm2b1i\overlay --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- setuptools>=40.8.04⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" get_requires_for_build_wheel C:\Users\Admin\AppData\Local\Temp\tmpo53pal0k4⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\__pip-runner__.py" install --ignore-installed --no-user --prefix C:\Users\Admin\AppData\Local\Temp\pip-build-env-h4wm2b1i\normal --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- wheel4⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" prepare_metadata_for_build_wheel C:\Users\Admin\AppData\Local\Temp\tmpwst8ckn94⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" build_wheel C:\Users\Admin\AppData\Local\Temp\tmp467xp6zf4⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py" build_wheel C:\Users\Admin\AppData\Local\Temp\tmp5j2aphzl4⤵
- Executes dropped EXE
-
-
-
-
C:\Program Files\Python312\Scripts\auto-py-to-exe.exe"C:\Program Files\Python312\Scripts\auto-py-to-exe.exe"2⤵
- Executes dropped EXE
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Scripts\auto-py-to-exe.exe"3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --app=http://localhost:63199/index.html --disable-http-cache4⤵
- Enumerates system info in registry
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95722ab58,0x7ff95722ab68,0x7ff95722ab785⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=2016,i,2962144237771187594,10705656327688705972,131072 /prefetch:25⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2016,i,2962144237771187594,10705656327688705972,131072 /prefetch:85⤵
-
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 1540 15364⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 3208 33164⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 3344 29284⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 2928 31604⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 3160 31924⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 3192 31884⤵
- Executes dropped EXE
-
-
C:\Program Files\Python312\python.exe"C:\Program Files\Python312\python.exe" "C:\Program Files\Python312\Lib\site-packages\PyInstaller\isolated\_child.py" 3328 33604⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\output\runme.exe"C:\Users\Admin\output\runme.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exe"C:\Users\Admin\output\runme.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\MicrosoftSecurity64\main.py3⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\AppData\Local\Microsoft\Windows\MicrosoftSecurity64\main.py4⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\MicrosoftSecurity64\main.py5⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\MicrosoftSecurity64\main.py6⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py7⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py8⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py9⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py10⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py11⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py12⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py13⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py14⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py15⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py16⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py17⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py18⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py19⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py20⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py21⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py22⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py23⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py24⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py25⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py26⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py27⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py28⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py29⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py30⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py31⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py32⤵
- Executes dropped EXE
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py33⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py34⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py35⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py36⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py37⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py38⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py39⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py40⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py41⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py42⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py43⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py44⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py45⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py46⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py47⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py48⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py49⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py50⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py51⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py52⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py53⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py54⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py55⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py56⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py57⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py58⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py59⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py60⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py61⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py62⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py63⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py64⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py65⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py66⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py67⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py68⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py69⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py70⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py71⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py72⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py73⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py74⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py75⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py76⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py77⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py78⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py79⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py80⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py81⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py82⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py83⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py84⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py85⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py86⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py87⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py88⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py89⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py90⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py91⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py92⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py93⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py94⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py95⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py96⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py97⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py98⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py99⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py100⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py101⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py102⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py103⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py104⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py105⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py106⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py107⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py108⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py109⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py110⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py111⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py112⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py113⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py114⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py115⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py116⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py117⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py118⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py119⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py120⤵
-
C:\Users\Admin\output\runme.exeC:\Users\Admin\output\runme.exe C:\Users\Admin\output\main.py121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-