bded5cf8faf4c7ff8a7582538cd325da029adcae50b14f38ed4dc6adabc5673b

Analysis

max time kernel
148s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
17-05-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lofy Cloner & Casa Cloner.exe
Size

8.3MB
MD5

66e6140ba9e19c29529dceb265b17b41
SHA1

fefdb348596c3160bac45888d56e6e940a452907
SHA256

bded5cf8faf4c7ff8a7582538cd325da029adcae50b14f38ed4dc6adabc5673b
SHA512

b0a26c3d34e1f1043e06ca759d645d10c7b1ab6f05a1d5e1788714b0d568c27f2763450f2af608cf01c7947dc7f55cc403dfa3355d51c45227f2951e4d5a6944
SSDEEP

196608:GJi56vBAoiL2Vmd6+DNnNgwQ+dtLZ7k30szjad0tNNlezM:GIL2Vmd6mZNjd7NszjJle

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe
4680	Lofy Cloner & Casa Cloner.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604489477241757"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	4680	Lofy Cloner & Casa Cloner.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4680	1316	Lofy Cloner & Casa Cloner.exe	78
PID 1316 wrote to memory of 4680	1316	Lofy Cloner & Casa Cloner.exe	78
PID 4680 wrote to memory of 4336	4680	Lofy Cloner & Casa Cloner.exe	79
PID 4680 wrote to memory of 4336	4680	Lofy Cloner & Casa Cloner.exe	79
PID 4680 wrote to memory of 2336	4680	Lofy Cloner & Casa Cloner.exe	80
PID 4680 wrote to memory of 2336	4680	Lofy Cloner & Casa Cloner.exe	80
PID 4680 wrote to memory of 2988	4680	Lofy Cloner & Casa Cloner.exe	81
PID 4680 wrote to memory of 2988	4680	Lofy Cloner & Casa Cloner.exe	81
PID 4680 wrote to memory of 2428	4680	Lofy Cloner & Casa Cloner.exe	82
PID 4680 wrote to memory of 2428	4680	Lofy Cloner & Casa Cloner.exe	82
PID 1204 wrote to memory of 2488	1204	chrome.exe	86
PID 1204 wrote to memory of 2488	1204	chrome.exe	86
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 1876	1204	chrome.exe	87
PID 1204 wrote to memory of 672	1204	chrome.exe	88
PID 1204 wrote to memory of 672	1204	chrome.exe	88
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89
PID 1204 wrote to memory of 4700	1204	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe
"C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe
  "C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Casa Cloner - Developed by Noritem#6666
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcc461ab58,0x7ffcc461ab68,0x7ffcc461ab78
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4280 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4904
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff61605ae48,0x7ff61605ae58,0x7ff61605ae68
    3⤵
    PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3780 --field-trial-handle=1896,i,3508047442562279780,7268765477816914994,131072 /prefetch:1
  2⤵
  PID:4452

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a6754725b953e2f71f89426221b3f81c

SHA1
790e24452b83c9fd6fe17f88de67eaf2e0a0ab0c

SHA256
0f30757a519ed5fb1954ee9a055b1cfe747859da7956738dcf48450524625b6c

SHA512
c19800c634e2718e11e5f318ee52770d1a9c14d5676e59ff462cf90fbd5be2360b6c099cb6e1ca1477f33a01279a83ebb5b1271817acfeaf5b19b1746f0ba286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d6fc2adf8aa903fcf6bc7fa4c493192

SHA1
6e0bbef23428840ad17fefe698d71c11004284cc

SHA256
e06b9e839b15c8ea3184e937a2c6489f4e600e64de325381b3f86a4585798fa6

SHA512
29af845960236261acc0b85cb5f9b13030f027640d5e6d7f20bbf01f8ac028c65da9adcd67dc9ed691978b7199c5c5ae139aedac134ec0d81fd72222999d2719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8f822957397f120ebf1405912154c2e8

SHA1
c3beaa7905e6453aea17ac8741dd85f6150a49f6

SHA256
98a0c5f175cf9f80db9d0b0f4f68cc0fc5a2a2fb93cb4c68adb5628805b71fba

SHA512
2c7b8094935a5d79d765561cf43a04494e9feafb0ca0af7bf06e55659ee152a2df4f087ed2168dc5b9d8deda8b6f616af9164399c08b3f41a1e9eae3bd3e6d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae3ec6628198267d7042de0cb97509fc

SHA1
3f0a55a9f1f59811c4c77360c4b7f72d105d4dfd

SHA256
9d9e342e7af78b62016f5fbc1172b52c2047874329bb15d10860b7b7e77323b5

SHA512
3dca1b4eecd09dd2630fab76aa14c9c9ddd3710b22c373b342362e0294d78c65e372fef76fcde2e2691a20280b32e9869fc986aa0222f10f7622ae30d57abf0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3db99c4997291dae346c729f44313e0d

SHA1
0192966544fcdd3a5c844329d74fcefbea967ed2

SHA256
80fc0df6a041dddd89865fe1f692cead480150ffa283d99ab8396fbeb5fdc6d9

SHA512
5362b76c716fb222ee5c61db6b4a0c2f6eab6fc72c56c4072ceb7d535a3226660cf33bef23b320e7f79ce3f6dbf8af626213a7cb6e7ccccaf439f15bd3f499f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
517ec4dee97ad122464b2b380049853c

SHA1
5cfe33e487de5b39790d83d2452c828170e41398

SHA256
c60aa349866d163847c8272fe47688d73cfd0a81a3ea6a11efc36b6aceb69be3

SHA512
0d0b9c0e9d6a006c10f5df5dae1dc06b7bc38b21fd12c2568b3d00502d7f1d7ff44518980aa43f19b3b88ab02d33139405edadbc06e4fbdb6bec1c164b13c04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_asyncio.pyd

Filesize
59KB

MD5
483bfc095eb82f33f46aefbb21d97012

SHA1
def348a201c9d1434514ca9f5fc7385ca0bd2184

SHA256
5e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6

SHA512
fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_bz2.pyd

Filesize
77KB

MD5
a1fbcfbd82de566a6c99d1a7ab2d8a69

SHA1
3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76

SHA256
0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095

SHA512
55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_ctypes.pyd

Filesize
116KB

MD5
92276f41ff9c856f4dbfa6508614e96c

SHA1
5bc8c3555e3407a3c78385ff2657de3dec55988e

SHA256
9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850

SHA512
9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_hashlib.pyd

Filesize
59KB

MD5
ad6e31dba413be7e082fab3dbafb3ecc

SHA1
f26886c841d1c61fb0da14e20e57e7202eefbacc

SHA256
2e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4

SHA512
6401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_lzma.pyd

Filesize
150KB

MD5
a6bee109071bbcf24e4d82498d376f82

SHA1
1babacdfaa60e39e21602908047219d111ed8657

SHA256
ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f

SHA512
8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_overlapped.pyd

Filesize
44KB

MD5
bf3e86152b52d3f0e73d0767cde63f9f

SHA1
3863c480a2d9a24288d63f83fa2586664ec813a2

SHA256
20c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d

SHA512
8643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_queue.pyd

Filesize
26KB

MD5
8dd33fe76645636520c5d976b8a2b6fc

SHA1
12988ddd52cbb0ce0f3b96ce19a1827b237ed5f7

SHA256
8e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595

SHA512
e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_socket.pyd

Filesize
73KB

MD5
c5378bac8c03d7ef46305ee8394560f5

SHA1
2aa7bc90c0ec4d21113b8aa6709569d59fadd329

SHA256
130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9

SHA512
1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_ssl.pyd

Filesize
152KB

MD5
9d810454bc451ff440ec95de36088909

SHA1
8c890b934a2d84c548a09461ca1e783810f075be

SHA256
5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7

SHA512
0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\_uuid.pyd

Filesize
20KB

MD5
6cfc03bc247a7b8c3c38f1841319f348

SHA1
c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf

SHA256
b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750

SHA512
bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\base_library.zip

Filesize
812KB

MD5
9425444153fe49d734503889ce8d1e20

SHA1
7676bc66117f1a65161c4f3da7cfb949e16ee812

SHA256
da56060a8dc19c3c3b148efda5123de9ab7ef2bb568c1ca0ac1238d000ff5d09

SHA512
ab890f7490acfa62be23989923ef430a0a26ad86bc65abcde0d2e4599ca659ab9933a87f99ead894025af202aeca89350f09099414f06e4570e3cef8aa1cef94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\multidict\_multidict.cp310-win_amd64.pyd

Filesize
45KB

MD5
1b59c87f0871fed4ff2be93c5d9234ab

SHA1
7e5c8827a5b2dec5417800ab0a2001af46ab8924

SHA256
b7151a6ffa3dc7436d09b1e35343801e11f423c6b391f1177254236ec47a3ad7

SHA512
6092628a4c73ca2d29b6f6a0d1ed34627795363c89b2a45bfc75951f8148a288707231575183ef73d4fb24c022883ab3ab30da61c92664295fffd8a36e9200df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\psutil\_psutil_windows.cp310-win_amd64.pyd

Filesize
67KB

MD5
6e04a1d41b0897878583702d398bdc88

SHA1
33f396728c57505b0b897b547c692a9cf8959a36

SHA256
be9701a1c3e48599d8c22c2c371d5493e9a97fa5063022c110842ecb886214e3

SHA512
f9fc5d2c480fb7edcad9490925b75007523adecdd0400adaaab888d12f1e67abfd614a142e38a93ba3b42de2e466f1aa0f48625e76bbe3868b9c308b0bdf4d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\python310.dll

Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\select.pyd

Filesize
25KB

MD5
63ede3c60ee921074647ec0278e6aa45

SHA1
a02c42d3849ad8c03ce60f2fd1797b1901441f26

SHA256
cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5

SHA512
d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\unicodedata.pyd

Filesize
1.1MB

MD5
d67ac58da9e60e5b7ef3745fdda74f7d

SHA1
092faa0a13f99fd05c63395ee8ee9aa2bb1ca478

SHA256
09e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f

SHA512
9d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13162\yarl\_quoting_c.cp310-win_amd64.pyd

Filesize
78KB

MD5
7e620bd4ba53daae5df632f2774b9788

SHA1
28ec3b998f376b59483ad4391a0c2df2c634f308

SHA256
84c696ed1b5ba6a3819d73b6f27aee93bca72286b32307fe259e23dfc1cfacec

SHA512
e2d012dd9a7959c0e06340de3728d6e800b56cc0bc8d525c38dd49d9874095d2edc3ae06862d1a21e873c0da0678e8ab3bc95a57777d746f0d6d8b0c6c08c202

Download Submit