bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb

Resubmissions

27/04/2024, 15:54

240427-tb9lbadd3z 10

27/04/2024, 15:50

240427-s9943acg29 10

Analysis

max time kernel
29s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PizzaTower.exe
Size

7.1MB
MD5

d4c2e3ad524c2112712f0b762ab38bb9
SHA1

f48e48895154c1f8ee0b389eca15236b920efd1a
SHA256

bf3973747453f2d6437ced09d04d29d2c917ebe3412d2532b5229e949ceef5bb
SHA512

e76d79189bfe32dd4664645b5080063cc71734c6d5e7f54a75116efeff5b61c5ce4e69f72b969e70a77b17952656bed6913f96df07cc6730a4e79ae6df8641aa
SSDEEP

196608:QCT+aj1rpnrJehwiIbZg4TIdQNm5XKCt7ogJwDb2:QCT+aoqbCdQyftNJwDb2

Score

7^/10

spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PizzaTower.exe	PizzaTower.exe

Loads dropped DLL 35 IoCs

pid	Process
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe
3268	PizzaTower.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org
17	api.ipify.org

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
4860	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587068683447829"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeDebugPrivilege	4860	tasklist.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 3268	2640	PizzaTower.exe	83
PID 2640 wrote to memory of 3268	2640	PizzaTower.exe	83
PID 2640 wrote to memory of 3268	2640	PizzaTower.exe	83
PID 3268 wrote to memory of 1324	3268	PizzaTower.exe	87
PID 3268 wrote to memory of 1324	3268	PizzaTower.exe	87
PID 3268 wrote to memory of 1324	3268	PizzaTower.exe	87
PID 1324 wrote to memory of 4860	1324	cmd.exe	89
PID 1324 wrote to memory of 4860	1324	cmd.exe	89
PID 1324 wrote to memory of 4860	1324	cmd.exe	89
PID 4136 wrote to memory of 4928	4136	chrome.exe	94
PID 4136 wrote to memory of 4928	4136	chrome.exe	94
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 4632	4136	chrome.exe	95
PID 4136 wrote to memory of 1784	4136	chrome.exe	96
PID 4136 wrote to memory of 1784	4136	chrome.exe	96
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97
PID 4136 wrote to memory of 2092	4136	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe
"C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe
  "C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1324
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff908c3cc40,0x7ff908c3cc4c,0x7ff908c3cc58
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3668,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3956,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5132,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3288,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4536,i,4413171407886398975,13884960033629061768,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1264

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f76f56e3c29d0a28f89b5dce9f1541f3

SHA1
1660c6c44be62c3664eeb515477c247607b540d7

SHA256
6dea57ce7cc8d543cda1c68cbe30b1e2609fde90a39dd745de16481251ed88b6

SHA512
3837c64b6de9bd23305cf2d1a5d00a94ac873a4747095f33e3d74bb45081625f2245dbaf80b625fb244b058ef127941fec13ea2c23fef24459c48e6b290a2164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56d657ac38e448fbc6f4cb0206954a27

SHA1
3fdd67c056cb2449634af8ff71cab480dc383903

SHA256
22b6bff80d477565acf4489ec7f6535bcc328b31826c2462c591009412492d2c

SHA512
6823279c6fa12e3c0ad8f319e4d05512dbabdd9f8d578936013d9f4fef657c6b688583de443ccfd4d302ca6701b432a859414116efbd10048f81f133ab687fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
656cb05c822641f8b45a30e5f24e51b1

SHA1
2d2cb723d7dfaa22a786c9ba5f75c4a5209aeb12

SHA256
e676ec9dc73ae09569eb4bbc623bad8a0793a4301acb1ded2533524b6c41147a

SHA512
860cd8e01fca83455f687b79984846a31f947a292beab2c9062017b4f436eea7729a979bc1e025357f4c18a5e252f7cf5e70d6472d125f208b725b6f1454aa52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_Salsa20.pyd

Filesize
11KB

MD5
db9617f8c167d0f9be9fb5fb22657c25

SHA1
2226fb91fbfada5020373a5396a652748c97482d

SHA256
3ff968443e1c9641ea2c8931643e7ef51b12bc5a95c87be374aba3bc4411df48

SHA512
9a1809da2d2e6e18c06544f571dc2aaada5d5f7ec069fe68e19af9b4fc194583953b72d9fa0185e4852d1199ef32fe9a1ff3181b9c0327f408cb44b324ee46a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_raw_cbc.pyd

Filesize
9KB

MD5
d841eb263c63b5e4dd9e0eaa76d10b8e

SHA1
5f5ef28ab4bade0725ebe723434785af80c0e8b8

SHA256
f04effa6cc1eccc69edfa9325149e777df651e1a75430cda1b04e38e77b1e4f1

SHA512
c160cc47403692e0075d00129d51f0d1302bfbc497cf0b9c7f27d11d31597e5786db437b836e41e2ab25734c1d4c582113632819805f05994caa9210cdf64582

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_raw_cfb.pyd

Filesize
10KB

MD5
55d8c9b0f340a50ffd3b4af6d91f8558

SHA1
2e0fbab3798a4e9804ef90ef130231a3bc82d9cb

SHA256
25f07818d785397faaf1563437fc7523e9c5faf2949292722a7b379347172ea1

SHA512
f9df0ee37e71e4f2288c3e4e7ec57e1c6100a56c98d824ffd8db31dbf2738325de4b710b2de4c82a7fd47cae9c3636127dd472da336f8275a19d68862ef4b282

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_raw_ctr.pyd

Filesize
11KB

MD5
35f51943c67491380a5136ce9d09ad60

SHA1
6b462683ae8eac284c0593caa0ed5233d77aedc7

SHA256
ca65568532c1072291383ecfd5f10fd0fcfcdfb2ab04e90fbd77d3029ad61adc

SHA512
07e928fc6e3cea3594491b16be7fadffa422d0dd454b10523e800352ac5605d3389815932b070b0ab60d74ee5b21a2806c6c8cabcef2fbaa8b012224ffe711db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_raw_ecb.pyd

Filesize
8KB

MD5
343a85336768660c9fe27519ea59d4e6

SHA1
dad3dd2652d1defb064d07d1c9ccb377a3e77cac

SHA256
6afc2e4d986d212b2bc3a207f1c2b9522ce683042fff73e2b625cdb6288c6c1a

SHA512
4688c87252e3576f540e26c51f468fed4ce1b3d49acbc7aef882ced225c40708669d81bc05e5b45fe54cd02b992544495a3d13f82773356086adafda10bdc3a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Cipher\_raw_ofb.pyd

Filesize
9KB

MD5
21d377cd15af89f9e48d0f1401a0f973

SHA1
2182ccd470f02fb1050b2e7778159922d249832a

SHA256
bd3cff503c58dcbb5f5b51ce96196bd6a563e4d2927869507f6251cd115cc198

SHA512
86cc4643a9364e1fdeede1e2b7aa70dbea6d792685669c484140b77c4b37a29dc2f8f7bfdffddd380d8e6ee28ff9c63430fcac274d43ebd173c763eb91efe70d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_BLAKE2s.pyd

Filesize
11KB

MD5
18815850f5bb02f0e5dade49729271ae

SHA1
b78f3221e43173f393dfee3db42e317b8984484a

SHA256
3df2a9e9dbf8b1977de9284456df18f7960d4b853fae4d6f770fb0cf6d4b0f07

SHA512
1fe7580f60749124e7ec605db578dbe037e91d26454a51757daffd27e9430aa90579160cdebc82224e28e54b75b53e7c97e4be36b1f5a0c72f2a07273816469b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_MD5.pyd

Filesize
12KB

MD5
ac81da346facc29fdc711e4db404ea19

SHA1
4776e720e25c54919d9490ac74cd119b172bbd88

SHA256
157499786ee705c7cdf59249f8bd9ab5b4a73ba6020c7b04480bc8a03a14c22c

SHA512
2e0379ccd261edc297c1de12634abbb6616852854f13d65b529f2397822b18ace3d669161ef30f66609328d2d70e0d660cd0dfedc09aa495aa95b04790730154

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_SHA1.pyd

Filesize
14KB

MD5
1c93c1b17b308a72cb0c6b6905097bbc

SHA1
4803e4740f36a3ab828a6c99c1b7781fc7592fc0

SHA256
7c1d904599569f339880c7454648c70dd9ce1f5774d0523da5ff1bef73011041

SHA512
f97f6b1ea15711a37496a05bf6f378fbefada47c2281614313b4577c7c0efc325985b2da6345da09e9b58644dcd4146769e5ed93bf74fadd712d4f0239a5630b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_SHA256.pyd

Filesize
18KB

MD5
7f78e53eea99e8aa5d5204f7003a21fd

SHA1
553e16a5a0a746d4aff36676a07dfa8d7da130db

SHA256
e4d42bdd9c3c078746502e9a86f9f4ddad105adc1ac79a82b0e6dddc58356f40

SHA512
9a09b40a63787a0bdd782111c80e24e1a1e81d62c3f13fbafa2b63694ac3ed53ae85e4b421f16de81cd9e28deb94647df7fd89ba67154797dfe0dd3a86cdd10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_ghash_clmul.pyd

Filesize
10KB

MD5
da9ad98234fd66b480a5ee9e95ad8dfc

SHA1
69a02c117dcf7a1f8fcd1378b5ccfe277c594623

SHA256
532d66b68cb106b040edb441d3279b2a9f7bad4e8a73660c1f9336908761aad4

SHA512
409ccb274d4a9e54ca91d0c2431299931ba9fd761933dbdd0db7f1476ffff948bada0140dabaea7aa82b9e396940f302c92d3effc295db162478101dcded0896

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Hash\_ghash_portable.pyd

Filesize
10KB

MD5
8d455bf1d01be57b45ae426d3197df7f

SHA1
24dd7537f6d41f94c0fe2421115e22cfc839f6ff

SHA256
ef1e6f109d808de9fe25b6f2951efd0ae1ec675d76ac2f07aa34b4a9ba3ba765

SHA512
98df88df2495abc197e6e60c8a32c6ae065578e3f658bfbdf7d7ea87813b6031fc3efd1e586f8116e521aeaa610800c2ffab51f85e71f372c6e7c2c128d2c8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Protocol\_scrypt.pyd

Filesize
9KB

MD5
c8ba0c5ebb188da0dbcd5f00771973e7

SHA1
9bc93c8781404cd24d6d6ee2c664a9de4d3fd6bb

SHA256
c61089df42fed6ef32ff37de803500ea79cf3761d7de35240f86c2cc9c69939f

SHA512
865cc27ea89b9c120ac676631de4db9ea0858142b6af3c7f51f561114c2c8fb3e4f9730402251256326add155b6be1bd55b9708be12e219d4af77f086a8d8bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Util\_cpuid_c.pyd

Filesize
8KB

MD5
5951664724d348f7be9c497ba597e81c

SHA1
0dbb62b4f860d91f005de7e56f5164c7ef6a62bb

SHA256
e919ccea958bc9a83f51c32ed271b64c7b5fb748267013eede05aad2c860a2f6

SHA512
88961a15871d6321570f70f89b14aeb4bf234a07ab5543f0fb0e6709c705f2093ca76311f0a812503b84abf660274a2893726580d6c6f3607e4f0aba14a63698

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\Crypto\Util\_strxor.pyd

Filesize
8KB

MD5
d7940da21e43b5152cce28442137e984

SHA1
e2692d95aa1d21fc87d43f00e19409820a7432b7

SHA256
4a8494db26c07b2218142238108b61a4d4ec270668809519b8dade68d1dd02f0

SHA512
ff32cde189dd00a3402ea9d659df175d403b04371fa2ee1fb13b52dc8eb8d94df46328d6aeabe5ea50fce5fd51ff29348e0e6d9de2732e5587019d087fb513aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\VCRUNTIME140.dll

Filesize
74KB

MD5
31ce620cb32ac950d31e019e67efc638

SHA1
eaf02a203bc11d593a1adb74c246f7a613e8ef09

SHA256
1e0f8f7f13502f5cee17232e9bebca7b44dd6ec29f1842bb61033044c65b2bbf

SHA512
603e8dceda4cb5b3317020e71f1951d01ace045468eaf118b422f4f44b8b6b2794f5002ea2e3fe9107c222e4cb55b932ed0d897a1871976d75f8ee10d5d12374

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_bz2.pyd

Filesize
66KB

MD5
216f736db1b110548da2f8f21c381412

SHA1
da3781dfe8f6b3bdacc92f82c330cc26248b6b5d

SHA256
ce4f48bdc1f6144b4bcb288896392867176a2b5f10efbfbc2d5454e14cde61ce

SHA512
3bea7426995833f37996468ca3d122c4c182cfcde6f6469d51c211624baa169daacd20101abb1ce8ba50b46fd9f25d1bf1f5e913ebfbea600a5d7ad557f33544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_ctypes.pyd

Filesize
100KB

MD5
30e16eeedd78a40498b600312d18161f

SHA1
c00f657b13e0b0ab5739abf2ee7b627238cd8055

SHA256
92ccf5b99a1f4553001e57fd58bbf8d843b6d6907057e31d236f913f0c51ab82

SHA512
76e213afcec7c06d7fe53b674b983773da8e1d32690bf8ba4ad0aa585e7517f36e7a287d9abb108a438c8937fd0c909ed6ce69658556563648cd581f12536707

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_hashlib.pyd

Filesize
43KB

MD5
f9f0589c4d853060b62b1e83b3c6e8f8

SHA1
11d474d1a0006c0f8746187ed575d2923fdf3b01

SHA256
600ff18011b09cf9d49660dd7f58601ef438a921c1732054fdc5f312425c55e1

SHA512
ee3ef23cf79cd3782a84214548db2bb394e256db5f7e60d00ef6d62fad191d4654b889588ebd0da8cfbee0154ff3df362f2b1a76370e437edfcb398ba7982c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_lzma.pyd

Filesize
139KB

MD5
4a42b4f058c2e58eb3ab47e0166259cc

SHA1
4a55098dbffd59c651b862c2e610961b20f3b9da

SHA256
adddfd498ed73729af21bc139c421411aa40fa9000da1054c1ed73be6b2c8f56

SHA512
dd68e0a20a58c127a91406e7dfbb20f473635974fec15de0e678101241272c70ea7335e3e0cf990bef200d29f73adc519701989992ab55b53894c6d3133df52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_queue.pyd

Filesize
23KB

MD5
d105039da54edcabd7b893068c86d1ce

SHA1
3ce7b89011ac1311243e1935eeb3a8e49ec8bed8

SHA256
214739fe1823ffd6c1d81be15c675743d08b69f73ad2699ff9d193589d8d47f7

SHA512
dfcb68e285957ec3f54d7205a59f295eadc495b1d6119591fd850e8c7471cddd4c3367c68f884729486ca1f9352be8f546ea06a988e9f2d2afae9394be46d5d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_socket.pyd

Filesize
63KB

MD5
c7191cfe1da82b09fbedb5ea207397c5

SHA1
894199e61d3aa786ce2f5f2e159e8a9d6ffc1f68

SHA256
006c61209b77985aae77a8883293be2ac1e3f3913d6d436e16088311135f5bc2

SHA512
c6b35f1573fdea5a51b636243f171a2021b93f29092fc46a2c0717cf2f2ce187c77598c203b3c5fa225936e01fc81d957ae684fc9b5b2ecc70bc010ef9a64f38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_sqlite3.pyd

Filesize
66KB

MD5
864db9d3b9a4da476a3fb06b76263eed

SHA1
6c77e33aab6b8095822d42c6af1c992dfb3eb956

SHA256
4a208afeb6d3f8c2dbdcd710cf7670100e5244a740480f5b6991956590809b40

SHA512
a0a7e1ae4f9b568028950cc8731695b9656e7e41e3b4db57516b6916203587652e2c490d411a9a57ae2ee68788f5461c51a0bbd26d99f74e6dc0fe74ccec7013

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_ssl.pyd

Filesize
133KB

MD5
79595e0f25d0e59d8493f4e6e3c83c64

SHA1
7be5783a05a9555dfb634c58453d3422bcac2f78

SHA256
4f6f68fa2bc4a974b678737dff7ba97600bcbdda4cdc4cd83261401ffadd846c

SHA512
ac1fb03d3cfa7c72b79e0ef13fba72fa9b913e86e7ece2094e3df634a83ee7604b0797d17b3b09c4cee63a63abaab87848df527c9ca399b2d846c286f53c14f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\_uuid.pyd

Filesize
17KB

MD5
54f10c6f7f793fc393bc138c822bf918

SHA1
61a7cb976124e70c36dec56752e25f7d1efcc30c

SHA256
9de300ca515e6c7dc1518b662ccab87f8a23d86f3a387abff71ce2e9a3e0f809

SHA512
1696741d41a1d2c905cb470cb00c25c44094c121d3e93ff143b70ae49855719a723f90063e77d22b3b972f5c487bedef0238f6c2f39d5814d140c54f08013017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\base_library.zip

Filesize
1.0MB

MD5
6c8dd9cc1d89a84d0d76b7ac17c86cbf

SHA1
c6ab37f0efe5d852f5da07e246980ba79d44b601

SHA256
31325fbd6603d1bf5640042723167099b1d30bdaad5bd2e9c267965474bfaafa

SHA512
008fe379b1c0283a4e56f559bf4df18a85ad749b319e4f421c2d450a92498f7e588d56a6d216edaaec1c65ccf40f9c4b5cda128e9bee4b12ffea11d0d7ee9bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\libcrypto-1_1.dll

Filesize
2.2MB

MD5
31c2130f39942ac41f99c77273969cd7

SHA1
540edcfcfa75d0769c94877b451f5d0133b1826c

SHA256
dd55258272eeb8f2b91a85082887463d0596e992614213730000b2dbc164bcad

SHA512
cb4e0b90ea86076bd5c904b46f6389d0fd4afffe0bd3a903c7ff0338c542797063870498e674f86d58764cdbb73b444d1df4b4aa64f69f99b224e86ddaf74bb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\libssl-1_1.dll

Filesize
531KB

MD5
8471e73a5594c8fbbb3a8b3df4fb7372

SHA1
488772cb5bbb50f14a4a9546051edef4ae75dd20

SHA256
380bb2c4ce42dd1ef77c33086cf95aa4fe50290a30849a3e77a18900141af793

SHA512
24025b8f0cc076a6656eba288f5850847c75f8581c9c3e36273350db475050deee903d034ad130d56d1dede20c0d33b56b567c2ef72eb518f76d887f9254b11b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\python310.dll

Filesize
3.9MB

MD5
87bb8d7f9f22e11d2a3c196ee9bf36a5

SHA1
45dfcb22987f5a20a9b32410336c0d097ca91b35

SHA256
1269f15b1c8daa25af81e6ad22f9bcebfd2c76aec81c18c6d800460b7105bf98

SHA512
75bb2ae36b693e2a1e5ba003503d07ba975f9436fb3da9bf3fc4087a281cb172fa9bd13ad6fc27a62f796af6cbe0c800e2a169c65949a96bd4d0e150f4858288

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\select.pyd

Filesize
22KB

MD5
0b16458372bde0b85e84ce467cfc8c95

SHA1
a3ee99f69f0e5ffae36686af479ead1102c2a0a6

SHA256
bc9531896aee675fd8ae0fd2805524b5e9ce921dd5365145b9f32141604082db

SHA512
727cda4aa085c1af0ce3a9a3a6833057b255678666b2f00dca4f737f322a7cc02cd896ef3353bf9add02faf53b90ce6344e85860cc35da969fcee085c2f210bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\sqlite3.dll

Filesize
1.1MB

MD5
619ed191f0de16a3d0c91cd81170a75c

SHA1
b5a97b57bdcc45fb65c242e948091f6911645706

SHA256
5a374374fb7efd50e2d738909fe86196b895d7150747872a4db015572e66a6fc

SHA512
6751528304822a377f369e4c2a604d3a88bd9694bada6669abce861ff41bbeb8061b17e946dbc13df05617d871850390d4d5c18f7fabf134bac66ea12860ac21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26402\unicodedata.pyd

Filesize
1.1MB

MD5
9f0d733a0c240692270fb45ad30028df

SHA1
da06251cae9c6e4c7179ec9e9a67ac6cc1691077

SHA256
0c4342f33bd82f4840e293f5115ed0e87ec4409c5d8c78e43161fa3d60fa235a

SHA512
c72988875256eb1cea0e95a15f3731e95d847eacb52c5cb03b65e41ddc64b2591d34ea499f6e71ed203cf37f6ee09697708acf64d9e37cc4d1d37cb86de9c52b

Download Submit