211f78ffe209ea717d8f340e572455843eed0f1b371cfeaa679c3450089b01d5

Analysis

max time kernel
111s
max time network
115s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mhddos_proxy_win_x86.exe
Size

11.6MB
MD5

7acc0a72c8efcb5dca126c01fb9510eb
SHA1

968507d1b6a7a69571b3cbc5cdc080f3be06f071
SHA256

211f78ffe209ea717d8f340e572455843eed0f1b371cfeaa679c3450089b01d5
SHA512

9a525460c3e5f58b3b5a1cd4ed52e8164892d11db5b38813897f40ce2aaac5d708bf16234123c1ea195f47f532694adee583b6a8eab69803eb9db1c81033d685
SSDEEP

196608:SXTwwzQiMOERyOZAgyc2Xqp2IxdBtarTBWPI2rvs8Yn6xw65IoPP:SXTwxlty0As2XiNAiIccn8w0xP

Score

8^/10

discovery pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4012	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
7460	mhddos_proxy_win.exe
4748	mhddos_proxy_win.exe
4928	mhddos_proxy_win.exe
4924	mhddos_proxy_win.exe

Loads dropped DLL 64 IoCs

pid	Process
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
1116	mhddos_proxy_win_x86.exe
3232	firefox.exe
4088	Process not Found
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
1544	mhddos_proxy_win.exe
7460	mhddos_proxy_win.exe
7460	mhddos_proxy_win.exe

Unexpected DNS network traffic destination 6 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	208.67.222.222
Destination IP	77.88.8.8
Destination IP	1.0.0.1
Destination IP	77.88.8.8
Destination IP	77.88.8.1

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
85	raw.githubusercontent.com
90	raw.githubusercontent.com
3314	raw.githubusercontent.com
80	raw.githubusercontent.com
81	raw.githubusercontent.com
3513	raw.githubusercontent.com
3660	raw.githubusercontent.com
3697	raw.githubusercontent.com

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
1116	mhddos_proxy_win_x86.exe
1544	mhddos_proxy_win.exe
7460	mhddos_proxy_win.exe
4928	mhddos_proxy_win.exe
4924	mhddos_proxy_win.exe

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000800000001cb9f-2222.dat	pyinstaller
behavioral1/files/0x000b000000011ffb-2289.dat	pyinstaller

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\mhddos_proxy_win_x86.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\mhddos_proxy_win.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3232	firefox.exe
Token: SeDebugPrivilege	3232	firefox.exe
Token: SeDebugPrivilege	1544	mhddos_proxy_win.exe
Token: SeDebugPrivilege	7460	mhddos_proxy_win.exe
Token: SeDebugPrivilege	4928	mhddos_proxy_win.exe
Token: SeDebugPrivilege	4924	mhddos_proxy_win.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe
3232	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 1116	2832	mhddos_proxy_win_x86.exe	29
PID 2832 wrote to memory of 1116	2832	mhddos_proxy_win_x86.exe	29
PID 2832 wrote to memory of 1116	2832	mhddos_proxy_win_x86.exe	29
PID 2832 wrote to memory of 1116	2832	mhddos_proxy_win_x86.exe	29
PID 1116 wrote to memory of 872	1116	mhddos_proxy_win_x86.exe	30
PID 1116 wrote to memory of 872	1116	mhddos_proxy_win_x86.exe	30
PID 1116 wrote to memory of 872	1116	mhddos_proxy_win_x86.exe	30
PID 1116 wrote to memory of 872	1116	mhddos_proxy_win_x86.exe	30
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3228 wrote to memory of 3232	3228	firefox.exe	32
PID 3232 wrote to memory of 3408	3232	firefox.exe	33
PID 3232 wrote to memory of 3408	3232	firefox.exe	33
PID 3232 wrote to memory of 3408	3232	firefox.exe	33
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34
PID 3232 wrote to memory of 3472	3232	firefox.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\mhddos_proxy_win_x86.exe
"C:\Users\Admin\AppData\Local\Temp\mhddos_proxy_win_x86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Users\Admin\AppData\Local\Temp\mhddos_proxy_win_x86.exe
  "C:\Users\Admin\AppData\Local\Temp\mhddos_proxy_win_x86.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of WriteProcessMemory
  PID:1116
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.0.1171728783\1027227655" -parentBuildID 20221007134813 -prefsHandle 1260 -prefMapHandle 1252 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4579eb8c-c119-4b2a-874b-16ddae8d201f} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 1372 116f6e58 gpu
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.1.419903668\320395170" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60558f53-db36-4a69-baa5-a794a0735198} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 1524 e71958 socket
    3⤵
    PID:3472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.2.1728103278\1309477477" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 2112 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b87aa93f-6e89-43ee-ad2c-544b1cf0dec1} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 1172 11664158 tab
    3⤵
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.3.467960121\424375181" -childID 2 -isForBrowser -prefsHandle 2508 -prefMapHandle 2500 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbdb45fe-1c7e-4676-828d-887bd9b98c6b} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 2488 e6ab58 tab
    3⤵
    PID:3968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.4.1904480014\208268976" -childID 3 -isForBrowser -prefsHandle 2500 -prefMapHandle 2744 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c778d380-44ef-4517-b0af-b106a60dd38b} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 2924 e5bb58 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.5.1783168194\2102225002" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3796 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35648d39-6d20-4688-b677-e85822412eb1} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 3788 1e526158 tab
    3⤵
    PID:4184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.6.483679566\1348003329" -childID 5 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7661e4a5-89d6-402c-babe-24666a33762b} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 3892 1e526d58 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.7.1636206523\1255084904" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b267a18-5915-441d-bfc2-097aee8d6ccf} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 4068 1e528b58 tab
    3⤵
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.8.1329112630\344269074" -parentBuildID 20221007134813 -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {274dd983-5745-4f9a-8bf2-34448bb0a7b9} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 4392 22b24558 rdd
    3⤵
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.9.892190615\1933904600" -childID 7 -isForBrowser -prefsHandle 4536 -prefMapHandle 2580 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6969dd5e-3ea2-47af-a40a-fa5ba77a67bf} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 2520 e6ab58 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3232.10.355011169\1072620437" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 1092 -prefMapHandle 2288 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a29dbed3-53df-4fd2-8f78-315a38a7a754} 3232 "\\.\pipe\gecko-crash-server-pipe.3232" 2320 184d3d58 utility
    3⤵
    PID:1712
- - C:\Users\Admin\Downloads\mhddos_proxy_win.exe
    "C:\Users\Admin\Downloads\mhddos_proxy_win.exe"
    3⤵
    - Executes dropped EXE
    PID:4012
  - - C:\Users\Admin\Downloads\mhddos_proxy_win.exe
      "C:\Users\Admin\Downloads\mhddos_proxy_win.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of AdjustPrivilegeToken
      PID:1544
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:7428
    - - C:\Users\Admin\Downloads\mhddos_proxy_win.exe
        
        "C:\Users\Admin\Downloads\mhddos_proxy_win.exe" "--multiprocessing-fork" "parent_pid=1544" "pipe_handle=548"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of AdjustPrivilegeToken
        
        PID:7460
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:7356

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
1⤵
PID:1676

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1820

C:\Users\Admin\Downloads\mhddos_proxy_win.exe
"C:\Users\Admin\Downloads\mhddos_proxy_win.exe"
1⤵
- Executes dropped EXE
PID:4748
- C:\Users\Admin\Downloads\mhddos_proxy_win.exe
  "C:\Users\Admin\Downloads\mhddos_proxy_win.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of AdjustPrivilegeToken
  PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4876
- - C:\Users\Admin\Downloads\mhddos_proxy_win.exe
    "C:\Users\Admin\Downloads\mhddos_proxy_win.exe" "--multiprocessing-fork" "parent_pid=4928" "pipe_handle=548"
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of AdjustPrivilegeToken
    PID:4924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\29242

Filesize
56KB

MD5
645fec0657033e722b3e1a2cc7b4f65c

SHA1
3fb07ceffe4bd0cc20440e6c10ba5b4b91fa901c

SHA256
15b403472725213ff8f3993b4083302a73c0dfe9d208f475f4839f3a90e507aa

SHA512
7525b73d616c8b39555c56af61e0dbc8e7a228563a9748d9cd87f64bb407db85dabcd3e5494ca28523be275b3271a3849491d7908de3550e76a525ba1a2d8de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\VCRUNTIME140.dll

Filesize
74KB

MD5
5f9d90d666620944943b0d6d1cca1945

SHA1
08ead2b72a4701349430d18d4a06d9343f777fa6

SHA256
9ec4afad505e0a3dad760fa5b59c66606ae54dd043c16914cf56d7006e46d375

SHA512
be7a2c9dae85e425a280af552dbd7efd84373f780fa8472bab9a5ff29376c3a82d9dfa1fef32c6cf7f45ba6e389de90e090cb579eebff12dcfe12e6f3e7764d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\_ctypes.pyd

Filesize
114KB

MD5
76816a27c925f301f9776ffd76e6f6d4

SHA1
f9d3992c2ec5998436c24b8ef1dbd50072b7b89d

SHA256
3a94a3525b0531524aabc7f8fc9f1253894cd612a9823d9cdd5070ab81b9d329

SHA512
f79fb8513a786c59f1b6dabbe9cfddb930b7def19316451cf75efa5aa5fe0d46f6ee04870c7dcc2d64818c34f7abe5662a8ad8c3ee4490b02c7182051deed3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\_socket.pyd

Filesize
68KB

MD5
e7ad342af27ef2b62c6fba44a2456fba

SHA1
192bc00a74319fc30bd75c4448a126ccef7f110d

SHA256
48f1f1842e6845a197c9be50027bb2a67a868e743bfa81b8d8753c24cdc08b7b

SHA512
673df6fd4a36f66cbefd05718de0f49ad8299662c3978ad6e05ceaa7437aca6a745573819f267ddb109b1eca7fe366aac8f4e89e53bdee28582836900767dab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\base_library.zip

Filesize
775KB

MD5
f7776b9166c7b9ee33525a1e835b579e

SHA1
72d6c7cb575c468c316ef2da5d1a0c0ae4bb8270

SHA256
b0c94e890944099d79180f8f53066256bf3af2da33c64d87252ead197e4ad5a2

SHA512
6f813028d0a9a67eec9f93a103ee27cbc72034da705ef1b77e94c5ad90b8c35e0ba03298eea4024fd4a1f3d47d619484dcf63ab663b6611d7ab4fb08b3f584ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\libffi-7.dll

Filesize
28KB

MD5
bc20614744ebf4c2b8acd28d1fe54174

SHA1
665c0acc404e13a69800fae94efd69a41bdda901

SHA256
0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57

SHA512
0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\python3.DLL

Filesize
58KB

MD5
68bb9599ca71d84de782c2799112b274

SHA1
c751c6892b0cb4f9e87bc877ec01f97ef5bca4f2

SHA256
eac07e177308b8d77e23ef0f510a56b8fb9a56cda876118f9eab1a8e1d9bb399

SHA512
fa904cd9f1c70439b224960e4f4a1e31f0646b45af6ed6ed685af9def511ccfaa7fbe1071e68c2159bd184f90a0aafda50458a4358165a1a50f4ae24616fe9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\python38.dll

Filesize
3.9MB

MD5
9f8e0de6e7d4b165b4a49600daacc3b1

SHA1
8cf37d69fdaf65c49f7f5e048c0085b207f7287b

SHA256
a9675a91d767095c9d4a2ae1df6e17bdb59102dbd2b4504c3493b0bcbed5ef55

SHA512
3201b7adf94d3f4510e0b39b4766d1314da66662819fd6de5f5f71956750bb4fdf4228b6e1ad9d4d3bc1fdeb99b7414ed2eff0374aaa3216b67eeedfb8673b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\pytransform.pyd

Filesize
1.2MB

MD5
470c4eaa190362a58998fe5faeb505c0

SHA1
b920ffb155118a6b500d92c4d7a35d7656fce167

SHA256
a68a0721fc53af69c2e83cc0d5fd5944bf459c4eb704eda027a41ed9d2029827

SHA512
e6ca629043976fae2d07c96256c7df9d696c714d0f57c130d7063b24e0567fe572c0939de8b38dd74b930b6125bad67377f061047114ab2dd5c2b00da58b2a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\select.pyd

Filesize
24KB

MD5
25ae837bec095038db628878c3b12c6a

SHA1
9c77211ed81e51c72e849a3e5d04027cd2ddb9da

SHA256
6d5a3630570035555cea342c3a8e2922ca23451113cb178cd7fee07e59da123c

SHA512
c70ff24bdbfdd995da62d8512b4f703371ee000197f58aa723afc9b050a9329cebc81a5ce86481154fcbc6f31a6831c725d83ce9ce9f551dbbc8756d1f42b417

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28322\tinyaes.cp38-win32.pyd

Filesize
45KB

MD5
e2f789b5fc3c94e54dd53479553011b3

SHA1
e5c30b9188852a5dba2ae4cd986250967d47a597

SHA256
cc51ba58b9c53099d07aab958f0bd24da79a83af136904233bfddc857355c180

SHA512
42e31e8f558f9730df60d3ecbe8f41e114a96b5fa36c987fbcee0351c9ba2f5acc3d1d6fee5cfdac3c5fa503bb10105d07b2cef1bd84fdb15a9bff58a6611cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
b5233e03bde877536db16308f3664cda

SHA1
15ff9d07de90f4a13943b36c30ce2cfaccc67451

SHA256
fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed

SHA512
ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
8ce9f911908bc20529ce03b7836397f5

SHA1
b8554a420c1372474e15d931f2f50e433d3b634e

SHA256
257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b

SHA512
980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-convert-l1-1-0.dll

Filesize
17KB

MD5
ad107dadc3298da8e5b8b5979a429b60

SHA1
cd1e31d3b31f8a07c20addfe6063f8dffd8bb201

SHA256
a3330afde4c96d0bfd58a328d32cec7f47013a737a33fe074678ef5537e9f34e

SHA512
f5032e717a3566c86c9f1a5f0b5fd5f6797a9d298f8bc07d8c955bc156da6ecea66c08a3b8f88fe1007de4c214ade98391f0b3b22252aa67b051b3cea2ae802c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-environment-l1-1-0.dll

Filesize
13KB

MD5
39150685e6ac8cfaf8cd6abc56a2be37

SHA1
50dd3633db29ded2ea70056dbb96b42d4d7c542b

SHA256
a6522d4ec322ba2d55704e5990d465620ab33dbcbf2716bbb1a5c0a997a4c800

SHA512
c082e7611e767f7650cd843b1c03ac10d5585698b68090a3a9d91cbf946699a797aab90fcfa750847b662502a5e407754fe7337d126b71734469c8ee617480c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
15KB

MD5
14e1bafb694fb7c8671649eeac71ae1e

SHA1
5f0bfd72e0a60e01458ac522a79e6afc46bc1a47

SHA256
1817be3001c47078676cc8e43e472efc95bc8a56f73dbcdb303036f6758be398

SHA512
670ef8520b2c3d643deee2cbe3eea5697f575ebe132e5fcb1daf33423a4c9c74e721d10a24873dde238161a3228df7893179d37d957f904ea15e6d274512628f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
17KB

MD5
c0a2e9713ee6e7b04dd1e66915ec32b6

SHA1
12539c6b3f2770f34fc45c61817bd8b9675c1d25

SHA256
973e8a72432bd3169aec3967ce18146938608a335329a9b2d764b43aeeddddbb

SHA512
8c1d313833eb3dae895495ffe313e09cde399ec3409c71c405dd4212b66a9ea8894d8339ad5ecc40c2378755a4d22b1eee1d64f771728474dc28e1ed9818bc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
19KB

MD5
d6dbfe98e6a0c8eb8697c50c8994a2ae

SHA1
0393725acaa5515626ac391977e847f8ec8c2f8c

SHA256
c4fe765c675f30acf8b22040ba77ac0f06d1c334489f0e5da4f98f648a73f0f1

SHA512
a078bcff3e0be316b5fe7da0a7e4101dac0d762b698f6674d082f5c87ec03387872e585e14a73535bb472c7d2bd7afcf2847811485b412e334c80538aca9ceba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-string-l1-1-0.dll

Filesize
19KB

MD5
23438c3d8e1636fa97a61efd902e4527

SHA1
7c93b5e8c0a585a734689ad21356e00319290bb8

SHA256
91fb2c073fcd138b41c34e90b7fee8b852a1371da638aa5e34a365c2fe9e6c9f

SHA512
43cd7ae9ffc193cfc7207694446b834b67d7c35809cb05b5412a4047811437638886e3a0351e889e0787618998cd4eb780fe2770567d9e01c6726d21b79017a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\cryptography-37.0.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40122\python38.dll

Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47482\faker\providers\geo\en_US\__init__.py

Filesize
81B

MD5
258c5fbe242622764463035dfe910727

SHA1
8c617de82326679d335d5a15ff7f82a70249b752

SHA256
7b347419c0eb7100a539825ade44a0e7a2fad309a6e54781cd4f767be6829e28

SHA512
907ed0d78193c11fe1e0fd07e0399372ed0a9497ae5dbef6dce60d43d1a66d8b229e4058020caf7a39e6dfe3eaedc19fe03f13fd0ab4bfaca4aef6dd684dbb16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6e4642c5d6b5106fc3e729015fffba0f

SHA1
9c91a5f9793eaab0690fb88db23f697b2e07be59

SHA256
2767ee25e4331eb724d1b25b1495cf3cc77d126f64166100583f029bf05dff74

SHA512
c278f42bc504d52e7cb2d58c4d09e79e03a3145e6084106c629eba7139e6d80d3c2d445a67ac8c9dfbb1b8740045985fc4f9c3102d141b84377652a38b41c0ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\a09436df-ebc6-49e9-8b76-89f97832f931

Filesize
11KB

MD5
dde4322d9ad5e4d1edcfee7a89550f14

SHA1
706d86d7dfc46a76ecf1a79ee3b8f57d3d3c7950

SHA256
faf191d1f1699bd7e329982653008403afb391460d80b6a4310b40117cbba12f

SHA512
8471a43b688c5fe12559b423b6dabb8f06b5116d0f9cac0e0d8ee5ae8e9991ddff225fddaff09ebfb8be24793c5d5d7b864a6b9f25be2e66ada83e0c0caaea19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\dc877d2c-34c6-4225-91cf-43d39364088e

Filesize
745B

MD5
bf84b941e2c9b27ebf1e5b4176433e18

SHA1
7dd7eb1f55efd1b9ebb27f1725e0a5d5027ac105

SHA256
5d880eb6f2543c3745b8e510ae0910a853dc47c98ec20764ae1283ebffd70e7a

SHA512
fe5357402e14528c5d230c3608a7b5b1f8d47cd55a356f7af6028edd9ddcda7eda9427f06055c4d7ef3c15d387a5b9c1152e9f2ea6c32b3a623e668a23182282

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
5216270072d47501693c2eacee747aeb

SHA1
93450de29a1c1bb0bdf36383bf95bcb241c032f5

SHA256
8b3707b3a6b5226a37ce497c603d67962ebb160c8e2b5e50f9cd1aba9f9f6738

SHA512
17929bb52881a2a23f1f9b0854cb5588ecfe277ded8fc3e7feeac988825f22088afa808d446ac49aba02faf3940d81c65a7951f7533aac0cf6abdf1ed86dbda0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
20c8b55afc56c642350526476033b9f7

SHA1
70b559cf2fb9d0bac9815612aa68d63aafda0659

SHA256
a5f268f462c7b3ed4d90bcd054d9903d49c39977d9b5886ed5a6af994a55e131

SHA512
9473cc21404026e68598bec47645ea73c741399dbde9d26a692f430d49d011783042cb95ff76936ec7b9fdef0733fbfa5ffac7e72321840ec45bd850dc68d4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
f9db227aa6cdb1f64fa95071a0283efc

SHA1
e41d8b9db400d04858df29e70a0afcde90be0c54

SHA256
ca4bda39bd9756d07645e746dac3ca71653813c5594589e8dacb5647ae4d6073

SHA512
275ad1541024179cf22a8f6f6097e5f0dfa8bb5948210e67ee9ab3a9ff120b8cc3f681545343e9b9a146af51eba339f76c3cf0f01e4cf9425c73ef0fa6091b57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
52df312d2abbbe3fc0da12881f26dcd0

SHA1
6f76c14510ca05b8fb7747d78edf2b67d0684e32

SHA256
82339c1813f37aa7c189d94348146e475dc31f9202e0360125e4569fa551cf8c

SHA512
3255df81ef68834c89a94dfc7684c33795c4c24917e4aab3788b18e896e571c1c220d1720ec281d7af32a435b220279fe6aee6c47c2a73ca913f899eaf69d541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
450f8deb95f91bec520b693ced9bd069

SHA1
b4d129e5d75e593944e39ec40e349e21a2969497

SHA256
fe02513118a6fab3ce5a6c3d7b592c482618e40121a61be4f4475d62914d0556

SHA512
bc962b1d2a524ef9f0bfbb663073d431b3b93d9e471ecda56c09ebcad5a1a858b8106c7cfab0d21c33a0e85a0ac2c13a02367710509a5ab30e28c9b14e8162e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ed80a1635ec72da98710f14244ecf95d

SHA1
a7624c0a382c203329a51197491359b54c7aaf67

SHA256
c3da16a4e6e522fb49edebcf8b270c6dd71ac0d7411481875762e17fa52f354f

SHA512
8d4a2ba3a742ef48f42d70907a14b27b0b361e40f974061268168175e73497200a6cc2b695ff51f1a8c3f278bde40959ad9288ca707486318bf885048320edd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
53f0ca9e5c06adabfe2284cbd1c98371

SHA1
d7ed4417dfc2f66cd975b5293f2594649a860cbc

SHA256
e3eb743146aecae6530427db1768c0734765f8d81cbbc7226ed7f75064aae845

SHA512
3c49de223921b2ed15cd447e6658f08510b2115d92973e9d8171e94a6be202f284e803b6ffd09d6f374dd76b5b806ea5b3bf98f6bce912c80d7757065bf85923

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
24ef81d1d44aa87a83cf61c79193617a

SHA1
e6b8418868619ac3ff97c62a96e47e15aa069af9

SHA256
b9028ac5b4d8e6226dae0eb9592fe45c58c930342ce4c5dadd743c188ef9b465

SHA512
9e0de5268f5fcd0b8faad23dc0525c908c77f1f47c625d5a7029129805b4e34b5e28fecb2925b0eefd09ae7f809f3d97ff7926645a0e359945360e1a71529a0c

Download Submit
C:\Users\Admin\Downloads\mhddos_proxy_win.7ZTeSZyW.exe.part

Filesize
16KB

MD5
d551c464eba9301ecba40a20dc7c0c3b

SHA1
60a1aa7f763931e602f0810edb18828790ec0585

SHA256
309709fc19329356f538f780093475921937e72bed68b53471cb93c6db7e2eff

SHA512
a290c0d8717e43d6726848504a35b283382e2428676db6499703c57a27aea16626392c2f280856e48c9809d1c522ca6c8682fca2927e049516aa0b9ee46ebf59

Download Submit
C:\Users\Admin\Downloads\mhddos_proxy_win.exe

Filesize
13.4MB

MD5
5f38eeac72768f92f6588e8a0419f2a8

SHA1
9d117e49f6458ef34e6990d45b7c55e003e3556e

SHA256
09d20ea72e1c0ed56297335a0b8c79e01549d03216230ab30b75e0194474f672

SHA512
f1fdf9d838cde62977604912a96cf161ecdee3446091c757c88176ef0892b6312882afcf2cbefe03faa74a6986658ba1bc855d9916cb4c27a90c45397510f4b2

Download Submit
C:\Users\Admin\Downloads\mhddos_proxy_win_x86.uIxIoPa4.exe.part

Filesize
5.9MB

MD5
8fc0b6734c042570228af16d988fc8ef

SHA1
e07d249ac2a67727d663de85a604520e5bab2747

SHA256
5220dffbc2a6c5e0ec0cb2c22a4407ddb4035667a7aa0899e84b141ca18b4f97

SHA512
7d0d99b6a1dd4a41ced7f24ca73139946fe10adb6c3ba756159cd1ad42e8f735d9aaf1bda74b0229de3644f1e7f9689f777963b229da68296e1e2d782b0a4204

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
da0e628d704f10be357148f2131108b1

SHA1
a9a8c5e002a65d1b43fb990a86c59d290d480464

SHA256
5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6

SHA512
30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
e142049a08327db53b0289cd25bbb70f

SHA1
3289a7c010a613b07b235d13ec96af31b683834a

SHA256
dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87

SHA512
f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
8a7fbe2425592dd419f6cf665613b967

SHA1
af2170a7e5f27111e32fa27ecfdddaa41edc8156

SHA256
a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc

SHA512
57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-conio-l1-1-0.dll

Filesize
14KB

MD5
9e348cb5f8d93c9adafa0907564ba487

SHA1
fac47a2127756581de8a1e49cd86239b2fe90de5

SHA256
a0c144a76b80909a25b202114c07a06927f33ec237131d27c409cb4411bd6f1b

SHA512
1611284adb4491ead21a9088f8890df2d7e9eb6401228104aa4df20f6e8d8e2f59e80378563883722c18be5d31a2da78db43978375f5b8e1b36a723696b06bcf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-heap-l1-1-0.dll

Filesize
14KB

MD5
6b32d1060aade3b0d8b15b171f14d20e

SHA1
7cf40ea05eabf369f4889d5109e4c79df0322912

SHA256
5847f24760d9b392264e02b00933e4e8cbed704238f24075ccdd0e2bef3fd86a

SHA512
93c37c39c2c46fba8a78f8019d123e6d908f5971d91af23ff9704c9bee6c8de1bffeae61dc7c4fae9398ea01764b53a19b9e7d8a47c7a032c3ae5392c0006563

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-locale-l1-1-0.dll

Filesize
13KB

MD5
58f54ccdc55f6d6c8d62dc72d75ee063

SHA1
2e25bdb7de5e9d320cf3439c8b6073b1952784dc

SHA256
556af10c9c9cee5ce7dab89a66693f41b50051bb39abb8365374829004cfe20e

SHA512
f79bcf4098868f82577f3b985551198506359eff50681da925ef951a368b4d48470dae8d887d02985a84fb791036831b7b2bebf6c5b9a7c0701eaaf331609819

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-math-l1-1-0.dll

Filesize
22KB

MD5
db734d502665e4972717837aa2bf2223

SHA1
956b4ff9c59a3a4f4e447d16d0c898dd9bac6147

SHA256
fd7c108c8b26ef8bbb3eee7dbadfa6031dfb6c2c0c1a74953034e0d080219646

SHA512
04443719af07dd7ea50d009ddc3199ff2c9a66a3ce04c9559c82f3db7337113f65974ff104b250fec76bd5765f9e5f5805e381446ccbdd27274e4665de2e50e5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-process-l1-1-0.dll

Filesize
14KB

MD5
c0f3aaed30b614b32a6002cd6e5cf088

SHA1
a61ba3605a61b7076978e91705d7f3d22f9aa2c8

SHA256
369422b6ba609abad09208c9618a57030a0b5e77d6e7b171b6f2cb6c32567103

SHA512
3e7495d74ed0d1b5e438ec60aceaf9c52043ee9e13d98202b5013d2cc9bdb506337ed895b523287c1791732cb89c46763e60434ce890e49b4a68b9f9ceb94db4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\api-ms-win-crt-time-l1-1-0.dll

Filesize
15KB

MD5
f59baedde0a1bb608edc3fbec21e1956

SHA1
ee415e6cb3833945496df71ea427b6df2c32b2ab

SHA256
88e5cb9f5e3981e0792991583d2c5b4309787498f5a4a317d8bf3ef3658e9710

SHA512
4182db934fecc25eadc2a2dacd233ed219781ebf5a77cf1afd7f9257ad2105c01015c9fc6bbe646c44b81f0a516622d2e4aa907075da4a279bb79d79cd4fbe17

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI40122\ucrtbase.dll

Filesize
987KB

MD5
6b9880ec69f2988d1035fa11969fa894

SHA1
add955b1826c79aa43afb268682aad5614d5f1e6

SHA256
c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

SHA512
747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

Download Submit
memory/1116-279-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-303-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-305-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-307-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-309-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-311-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-313-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-315-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-317-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-319-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-321-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-323-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-301-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-299-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-297-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-295-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-281-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-283-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-285-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-287-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-289-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-293-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-291-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-277-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-275-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-273-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-271-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-269-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-267-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-265-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-263-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-261-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1116-260-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

Filesize
4KB

Download