928673a32b95a40f2d2ef6a38cfea67369c4111f0df743efa75daa836f880e13

Resubmissions

15/05/2024, 05:31

240515-f7q7ysbf54 7

15/05/2024, 05:29

240515-f6lababe78 7

15/05/2024, 05:26

240515-f4v2qsbd88 7

15/05/2024, 05:25

240515-f4melabd76 3

Analysis

max time kernel
150s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
15/05/2024, 05:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

usefulshortcuts.exe
Size

7.2MB
MD5

315eb885356d5d55c421b0c1ba6eca34
SHA1

13c5520989c0a23e670d59ee8d531674f1cbfd99
SHA256

928673a32b95a40f2d2ef6a38cfea67369c4111f0df743efa75daa836f880e13
SHA512

d408d11c6097383a83efd6ea3c4555afc35a75cd745325e9777f0793c2ed11f6d0c685dfe91ae46f922285974ddaee023a49d7948c7190c81920eca2041bb96c
SSDEEP

196608:t0heA+1W903eV4Q2tpDjIIAcwD0RPgv/k9jpILAj:6hGW+eGQi9jo0tucj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe
2160	usefulshortcuts.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602244280824863"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
4644	msedge.exe
4644	msedge.exe
4632	msedge.exe
4632	msedge.exe
4336	msedge.exe
4336	msedge.exe
4224	identity_helper.exe
4224	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe
Token: SeShutdownPrivilege	3460	chrome.exe
Token: SeCreatePagefilePrivilege	3460	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
3460	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2160	usefulshortcuts.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2160	2320	usefulshortcuts.exe	79
PID 2320 wrote to memory of 2160	2320	usefulshortcuts.exe	79
PID 3460 wrote to memory of 4844	3460	chrome.exe	86
PID 3460 wrote to memory of 4844	3460	chrome.exe	86
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 1848	3460	chrome.exe	87
PID 3460 wrote to memory of 400	3460	chrome.exe	88
PID 3460 wrote to memory of 400	3460	chrome.exe	88
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89
PID 3460 wrote to memory of 2416	3460	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\usefulshortcuts.exe
"C:\Users\Admin\AppData\Local\Temp\usefulshortcuts.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\usefulshortcuts.exe
  "C:\Users\Admin\AppData\Local\Temp\usefulshortcuts.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com/watch?v=a3Z7zEc7AXQ
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2a5a3cb8,0x7ffb2a5a3cc8,0x7ffb2a5a3cd8
      4⤵
      PID:2076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
      4⤵
      PID:404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:1656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
      4⤵
      PID:4596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      PID:1100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:2172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,18139098933663639282,3509809683240021657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
      4⤵
      PID:5156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffb2c5dab58,0x7ffb2c5dab68,0x7ffb2c5dab78
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3296 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1820,i,774987350664585096,4332531462709850339,131072 /prefetch:8
  2⤵
  PID:2432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c670e7189d30567463fba233ab03c2fe

SHA1
4793dcb75fdd2721474efe420ab46405503b375b

SHA256
18aefd1e52a4d27a449f886c3e7774c3c92e0f2a28dbcf9f0bba28f91884439b

SHA512
80afba66769c9166909b01ed1bfff8bf279c67dc11cf9f96c2ff7dea35275210e94b34e71e87def540eff067cca2bf9ebd1c69f3f19c5f3c38d5bf5c6699bdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
79cffc3bf91599ae17883d04939329d2

SHA1
037c5deb6c030d460a4fe718f800b3e603be2a63

SHA256
199fe22aafa71c1f8947d929b969a8deb0b2d06f2e6ecab9274687575dd7b0a5

SHA512
b1a61a37beb58297a9a8fd8103fe0942fe75b7ed2f60cff95297e5011182900959e3de73836d8f556c2308a6ce9b77ab377780faad7f1ec8fda7ccbeec4f6fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f9218364d159f99c30cb1ebb295931d

SHA1
050992be8c359b4db5b02ed89e7c7cd5baad8a1a

SHA256
27817dcd8b22df6f679d08d7761a99a2e453acf1b8c7ccc22ea906db144d8ca0

SHA512
4a3189b03b8df077571baa669d34272fd76c296646b4858607816a3fe5d2977cdbd129a3fddd161d713baa06be3079c77c5843652711285f86e239d1d5a9d5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
447cc3c1abed681f0201165b99288002

SHA1
c0bf967204f508beed8b934794d2e2d579697691

SHA256
48afb2b1a90b2e76542dc1d46dff9e5cf610af3a4981183db53ba39191fdd755

SHA512
3a9d03f774e512434aca68bc7c24a32cad196b1f83c0c64b589d66e7b94a92f7115ef2e466148b04c2961e693a38f8e1105a82548c97ce7e8e4230065404cc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d19de78e-d3ef-4dab-9148-0ce0f2689822.tmp

Filesize
257KB

MD5
098c56692ba6babb19c62f24908313c3

SHA1
9c95e8fd2089ef96b18130d76feb523a146efab3

SHA256
601ccffc348f0fd4750fcae42043abab8025a626505b3e74aa11847b2fbaeb0b

SHA512
730d742875a8ddd3e2a74a24dbd8fb14eaa69ca736b1de1ceb14052b7c5f76e8528b51ac2b003a3afbc9cda9b9383178e9535462501a04654097916cbda94359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
5aca993aebaf58c1884172bfc795f2c5

SHA1
df512f82620590bee742fa32248734b5a84922f6

SHA256
7a0abd463214e0c3f76d6dc9e97cd9259354ecd70f1211a077ca3575cc7aebce

SHA512
908c9b648444a986ae342e964923110351a1f11e918243b6a3ec9b3d15cd35556681ab374810fa19919559908f0c0d125f98e4a7bb10b8f82f6026b33955685f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
922f3ff843acb1811ad1bf309429c4b2

SHA1
95fd1a18d34693d5509ae1fd2c3c805b4f419206

SHA256
81a5d5a51bd59b4741c672b213e341f607555d51bf80dc73974a94b077268f37

SHA512
de0a147afbd46e54e6f2278627950c7b4ef14c354c6b1e2e1a5d72b54c77a548e22de9740361d53ae8e2801a0a363811d13e40152a08a353954e94cd1ca84199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da2fd009dec491129f357f6ff8a06867

SHA1
76623c56a93001c247226f3836d54cfbf56478f1

SHA256
1d3b77087ea20acaa97f4e434e1a4113e702b1960fb3669b6d15006dd88f5c60

SHA512
7b85df0d56c757a9649056fb329d986db1733f902a4b4635caddc205c8a4458368ad26aeb92060932d4748cde8b9b6416a4b20a6bea28b72aa055c642fe6ade5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0cf735eacbb43b8e5e8ff5742510675

SHA1
335dac55e1e0c1dc7bf5cbf96f53d2fa41acd589

SHA256
677c96cb5f0495d345e9b17ff44babd807a1609bfa92fd0747a7cee889e0638d

SHA512
49a1563a57b95d78b7ce3cca66d409b18b7a857a01257f49495052a6e161f605bc56cfc14a26706eeefeff5fe97c07182030bc2eea9fca90800985d9a1dfbf9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
70fca1f1ac6e3678d0b1e5cab7e093a7

SHA1
f7e5281ac8526810139ab876b7da8507395b6a70

SHA256
93bf2f56b3caee7817c861a36c65117afd673564807160d20149833246d3cda3

SHA512
99b3987882450248d37011f65a1eee380b02395282d9e648c665ee31684245e67f9c64152a0c0793c76d3baacffb02af97a716e25c33bd0d08b59b5e0e852d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
62e82301863be1100257cc78905ceede

SHA1
22ad2f88b3e29cec804e475ba13e7fe564abe18d

SHA256
2770986d2b347bb73e485d390821915de3a90d70925007b4f8cf83269b83422f

SHA512
241fc1499653c5e82d755dd3b7c6193a96c005d42ce34476936c35640c9f383d5ebe862956046bb25412fde8997b2585356e39d894c411a727e6e7d93f8a2753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583208.TMP

Filesize
89B

MD5
0b517d2d0b3bf7bc0f5e490bc82ce698

SHA1
bd46f300a0897d2430baccd2dc7c2dfd6ea5cf4b

SHA256
35445b9b5302b2daa0674c41fda54bea3e4547cfa0842dcdabb74321054ad3e2

SHA512
90c86dcd80cc0ac601684487016c207adb7a9e3a1bdf2fe2c639db92b47788247e565020847fcea7dbba4f4382b34675a232d42ad5e77d6e028c28212e077e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
749f6d8da54b62dc5e918acb605990e3

SHA1
94a59a68ceab2052c2262d770cadecdc0806438a

SHA256
03f1061b4ffc385c8a0d53bfffdfd1208399bfc69ba4f890c0a260e259a55777

SHA512
735ae119d3b879ea808ba407d69e9e0d160914a7615350d34ab9ed3b1a6d7ac2d55add41bac4c43e3499dca5e6b554506e30a07c8109c4cf4205f455c79a0476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5880a5.TMP

Filesize
48B

MD5
b043c7d48f5560be173960385c5b9f46

SHA1
76050a0bcc449b151c8778d6a5ee2895b0e27659

SHA256
3ecf245c3d474ec4e55f04c1eb8fc6041b7d161bb62f1bb9ae15183162862c5e

SHA512
b7afd2f807b29ecf53c7f188193aca4bc4525c8aff841cf9b1613cb55114be82d7d7aa9d54b302c7fb5a0703ee01628b428780460ad711bc91d4f2ac240c2fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2222f9b33db5171ffa9ed3091b6324a7

SHA1
6087360243d90a73117ebbd5198ca6b5b854206b

SHA256
48be6f5e2beaf74cc1af49a4e49340f7a514a57e56ad34eaa7ce7a7d28c5660e

SHA512
d2e83663e645cd06a2ad60aa0d6660a127bf4b75461c10c72ce223abb0b473ae77a0a503f810e92388810064da90ee3e28ba7ba9e927cd7a5629e1a271f2a89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5874ed.TMP

Filesize
706B

MD5
ce93293b0f6e49f3a47d5355c8c89d8d

SHA1
7aaf199ceaef5641f1ca0bf347d3392b17237ee2

SHA256
b3c73f957ecbcf5f7e349cdc686f99cf37ecc97969900705b2df814403bbd30d

SHA512
108d8b3d57b1bbdbece22b7c74651fd12101bcaa28fc13edb40dfc813f0461bccd88532c6aeab49401a089c98cecf547d06ea30ff1e17948261d04b056e0e696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4745f8f7b154ca308fbeb673c57c978

SHA1
4b6a547f32e31cbf0709dddcf55f78b47d46f517

SHA256
fedb518b411f31ac268ff5641f97d93619388b5bc1c2103e5fe76ac7307329d6

SHA512
712ad917c51290d317de88a362645aead47cd3f894bd5210e069ccbaa7333bb96254bf59ea81789562e4269a9c766ce92affa720af09ea9af1c03f01da016599

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_bz2.pyd

Filesize
82KB

MD5
c7ce973f261f698e3db148ccad057c96

SHA1
59809fd48e8597a73211c5df64c7292c5d120a10

SHA256
02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde

SHA512
a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_ctypes.pyd

Filesize
121KB

MD5
10fdcf63d1c3c3b7e5861fbb04d64557

SHA1
1aa153efec4f583643046618b60e495b6e03b3d7

SHA256
bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3

SHA512
dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_decimal.pyd

Filesize
247KB

MD5
21c73e7e0d7dad7a1fe728e3b80ce073

SHA1
7b363af01e83c05d0ea75299b39c31d948bbfe01

SHA256
a28c543976aa4b6d37da6f94a280d72124b429f458d0d57b7dbcf71b4bea8f73

SHA512
0357102bffc2ec2bc6ff4d9956d6b8e77ed8558402609e558f1c1ebc1baca6aeaa5220a7781a69b783a54f3e76362d1f74d817e4ee22aac16c7f8c86b6122390

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_hashlib.pyd

Filesize
63KB

MD5
f495d1897a1b52a2b15c20dcecb84b47

SHA1
8cb65590a8815bda58c86613b6386b5982d9ec3f

SHA256
e47e76d70d508b62924fe480f30e615b12fdd7745c0aac68a2cddabd07b692ae

SHA512
725d408892887bebd5bcf040a0ecc6a4e4b608815b9dea5b6f7b95c812715f82079896df33b0830c9f787ffe149b8182e529bb1f78aadd89df264cf8853ee4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_lzma.pyd

Filesize
155KB

MD5
4e2239ece266230ecb231b306adde070

SHA1
e807a078b71c660db10a27315e761872ffd01443

SHA256
34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be

SHA512
86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_queue.pyd

Filesize
31KB

MD5
6e00e0821bb519333ccfd4e61a83cb38

SHA1
3550a41bb2ea54f456940c4d1940acab36815949

SHA256
2ad02d49691a629f038f48fcdee46a07c4fcc2cb0620086e7b09ac11915ae6b7

SHA512
c3f8332c10b58f30e292676b48ecf1860c5ef9546367b87e90789f960c91eae4d462dd3ee9cb14f603b9086e81b6701aab56da5b635b22db1e758ed0a983e562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\_socket.pyd

Filesize
81KB

MD5
899380b2d48df53414b974e11bb711e3

SHA1
f1d11f7e970a7cd476e739243f8f197fcb3ad590

SHA256
b38e66e6ee413e5955ef03d619cadd40fca8be035b43093d2342b6f3739e883e

SHA512
7426ca5e7a404b9628e2966dae544f3e8310c697145567b361825dc0b5c6cd87f2caf567def8cd19e73d68643f2f38c08ff4ff0bb0a459c853f241b8fdf40024

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\base_library.zip

Filesize
1.3MB

MD5
73f91fe1b7771f022020ddf0ac619cde

SHA1
d9ecb3061627c94f2cf6c1b7a34fea2cdbd13df7

SHA256
763457ec96d1d2afddffa85523d59aa351208bfdf607f5c5f3fb79a518b6d0c2

SHA512
cb85666c7e50e3dbf14fc215ec05d9576b884066983fe97fa10a40c6a8d6be11c68ca853e7f7039ec67e6b2d90e8c8a3273039b4b86d91d311bcddcdd831b507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\select.pyd

Filesize
30KB

MD5
bffff83a000baf559f3eb2b599a1b7e8

SHA1
7f9238bda6d0c7cc5399c6b6ab3b42d21053f467

SHA256
bc71fbdfd1441d62dd86d33ff41b35dc3cc34875f625d885c58c8dc000064dab

SHA512
3c0ba0cf356a727066ae0d0d6523440a882aafb3ebdf70117993effd61395deebf179948f8c7f5222d59d1ed748c71d9d53782e16bd2f2eccc296f2f8b4fc948

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\unicodedata.pyd

Filesize
1.1MB

MD5
a1388676824ce6347d31d6c6a7a1d1b5

SHA1
27dd45a5c9b7e61bb894f13193212c6d5668085b

SHA256
2480a78815f619a631210e577e733c9bafecb7f608042e979423c5850ee390ff

SHA512
26ea1b33f14f08bb91027e0d35ac03f6203b4dfeee602bb592c5292ab089b27ff6922da2804a9e8a28e47d4351b32cf93445d894f00b4ad6e2d0c35c6c7f1d89

Download Submit
memory/2160-45-0x000002164CF90000-0x000002164CF91000-memory.dmp

Filesize
4KB

Download