90a18e8f7d30ea42319e7fc0353466182980864ba73502d6d0fa4752b193f519

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vantafortnite.exe
Size

26.4MB
MD5

86d421b77088b8e4de12b80cdbc532cc
SHA1

f726ccdff5674fa612638c440c2382a410cee618
SHA256

90a18e8f7d30ea42319e7fc0353466182980864ba73502d6d0fa4752b193f519
SHA512

88b13b2a4be27994cf9ed99b7676c299947a07d7ef05fb99659bb05b2a53edd722263eb3a29a9cdf9f200b271f7f7134f091e109d3e90281b264ab863095879d
SSDEEP

786432:Stqiv6brRQ1QW7hXxZ5Z+zqr6O2hNJr4bjbb1BGzmCN:SY321QWVhwzqrt2fJG3RsmO

Score

7^/10

spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 27 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000002382c-702.dat	acprotect
behavioral2/files/0x0007000000023459-708.dat	acprotect
behavioral2/files/0x000700000002347a-713.dat	acprotect
behavioral2/files/0x0007000000023457-717.dat	acprotect
behavioral2/files/0x000700000002345c-721.dat	acprotect
behavioral2/files/0x0007000000023462-739.dat	acprotect
behavioral2/files/0x0007000000023460-737.dat	acprotect
behavioral2/files/0x0007000000023461-738.dat	acprotect
behavioral2/files/0x000700000002345f-736.dat	acprotect
behavioral2/files/0x000700000002345e-735.dat	acprotect
behavioral2/files/0x000700000002345d-734.dat	acprotect
behavioral2/files/0x000700000002345b-733.dat	acprotect
behavioral2/files/0x000700000002345a-732.dat	acprotect
behavioral2/files/0x0007000000023458-731.dat	acprotect
behavioral2/files/0x0007000000023456-730.dat	acprotect
behavioral2/files/0x000700000002383b-729.dat	acprotect
behavioral2/files/0x000700000002383a-728.dat	acprotect
behavioral2/files/0x0007000000023830-726.dat	acprotect
behavioral2/files/0x000700000002382a-725.dat	acprotect
behavioral2/files/0x000700000002347b-723.dat	acprotect
behavioral2/files/0x0007000000023479-722.dat	acprotect
behavioral2/files/0x000700000002382f-747.dat	acprotect
behavioral2/files/0x000700000002382e-753.dat	acprotect
behavioral2/files/0x000700000002383e-756.dat	acprotect
behavioral2/files/0x0007000000023847-771.dat	acprotect
behavioral2/files/0x000700000002346a-782.dat	acprotect
behavioral2/files/0x0007000000023490-787.dat	acprotect

Loads dropped DLL 51 IoCs

pid	Process
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002382c-702.dat	upx
behavioral2/memory/3960-706-0x0000000075090000-0x00000000755A9000-memory.dmp	upx
behavioral2/files/0x0007000000023459-708.dat	upx
behavioral2/files/0x000700000002347a-713.dat	upx
behavioral2/memory/3960-716-0x0000000075030000-0x000000007503D000-memory.dmp	upx
behavioral2/memory/3960-715-0x0000000075040000-0x000000007505E000-memory.dmp	upx
behavioral2/files/0x0007000000023457-717.dat	upx
behavioral2/memory/3960-720-0x0000000075010000-0x0000000075028000-memory.dmp	upx
behavioral2/files/0x000700000002345c-721.dat	upx
behavioral2/memory/3960-727-0x0000000074FE0000-0x0000000075007000-memory.dmp	upx
behavioral2/files/0x0007000000023462-739.dat	upx
behavioral2/files/0x0007000000023460-737.dat	upx
behavioral2/files/0x0007000000023461-738.dat	upx
behavioral2/files/0x000700000002345f-736.dat	upx
behavioral2/files/0x000700000002345e-735.dat	upx
behavioral2/files/0x000700000002345d-734.dat	upx
behavioral2/files/0x000700000002345b-733.dat	upx
behavioral2/files/0x000700000002345a-732.dat	upx
behavioral2/files/0x0007000000023458-731.dat	upx
behavioral2/files/0x0007000000023456-730.dat	upx
behavioral2/files/0x000700000002383b-729.dat	upx
behavioral2/files/0x000700000002383a-728.dat	upx
behavioral2/files/0x0007000000023830-726.dat	upx
behavioral2/files/0x000700000002382a-725.dat	upx
behavioral2/files/0x000700000002347b-723.dat	upx
behavioral2/files/0x0007000000023479-722.dat	upx
behavioral2/memory/3960-742-0x0000000074FB0000-0x0000000074FE0000-memory.dmp	upx
behavioral2/memory/3960-744-0x0000000074F90000-0x0000000074FA6000-memory.dmp	upx
behavioral2/files/0x000700000002382f-747.dat	upx
behavioral2/files/0x000700000002382e-753.dat	upx
behavioral2/memory/3960-752-0x0000000074F00000-0x0000000074F27000-memory.dmp	upx
behavioral2/memory/3960-751-0x0000000074F30000-0x0000000074F3C000-memory.dmp	upx
behavioral2/memory/3960-750-0x0000000074F40000-0x0000000074F4C000-memory.dmp	upx
behavioral2/memory/3960-754-0x0000000075090000-0x00000000755A9000-memory.dmp	upx
behavioral2/memory/3960-755-0x0000000074E60000-0x0000000074F00000-memory.dmp	upx
behavioral2/files/0x000700000002383e-756.dat	upx
behavioral2/memory/3960-758-0x0000000074990000-0x00000000749B4000-memory.dmp	upx
behavioral2/memory/3960-760-0x0000000075040000-0x000000007505E000-memory.dmp	upx
behavioral2/memory/3960-762-0x0000000074920000-0x000000007494E000-memory.dmp	upx
behavioral2/memory/3960-766-0x00000000744D0000-0x0000000074863000-memory.dmp	upx
behavioral2/memory/3960-765-0x0000000074870000-0x0000000074919000-memory.dmp	upx
behavioral2/files/0x0007000000023847-771.dat	upx
behavioral2/files/0x000700000002346a-782.dat	upx
behavioral2/memory/3960-785-0x0000000074250000-0x0000000074368000-memory.dmp	upx
behavioral2/files/0x0007000000023490-787.dat	upx
behavioral2/memory/3960-784-0x0000000074370000-0x0000000074392000-memory.dmp	upx
behavioral2/memory/3960-778-0x00000000743B0000-0x00000000743C0000-memory.dmp	upx
behavioral2/memory/3960-777-0x00000000743C0000-0x0000000074435000-memory.dmp	upx
behavioral2/memory/3960-775-0x0000000074F90000-0x0000000074FA6000-memory.dmp	upx
behavioral2/memory/3960-773-0x00000000744A0000-0x00000000744AF000-memory.dmp	upx
behavioral2/memory/3960-772-0x0000000074FB0000-0x0000000074FE0000-memory.dmp	upx
behavioral2/memory/3960-769-0x00000000744B0000-0x00000000744C2000-memory.dmp	upx
behavioral2/memory/3960-794-0x0000000074010000-0x000000007414E000-memory.dmp	upx
behavioral2/memory/3960-796-0x0000000074920000-0x000000007494E000-memory.dmp	upx
behavioral2/memory/3960-797-0x0000000073FD0000-0x0000000074001000-memory.dmp	upx
behavioral2/memory/3960-801-0x0000000073F40000-0x0000000073F4D000-memory.dmp	upx
behavioral2/memory/3960-802-0x0000000074870000-0x0000000074919000-memory.dmp	upx
behavioral2/memory/3960-810-0x0000000073E90000-0x0000000073EB5000-memory.dmp	upx
behavioral2/memory/3960-808-0x0000000073C90000-0x0000000073E84000-memory.dmp	upx
behavioral2/memory/3960-807-0x0000000073EC0000-0x0000000073ECA000-memory.dmp	upx
behavioral2/memory/3960-806-0x0000000073ED0000-0x0000000073EE0000-memory.dmp	upx
behavioral2/memory/3960-805-0x0000000073EE0000-0x0000000073EEA000-memory.dmp	upx
behavioral2/memory/3960-804-0x0000000073F00000-0x0000000073F0A000-memory.dmp	upx
behavioral2/memory/3960-803-0x00000000744D0000-0x0000000074863000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
20	raw.githubusercontent.com
21	raw.githubusercontent.com
22	discord.com
25	discord.com
33	discord.com
34	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
31	ip-api.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1204	WMIC.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
6716	PING.EXE

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
3960	vantafortnite.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3960	vantafortnite.exe
Token: SeIncreaseQuotaPrivilege	4364	WMIC.exe
Token: SeSecurityPrivilege	4364	WMIC.exe
Token: SeTakeOwnershipPrivilege	4364	WMIC.exe
Token: SeLoadDriverPrivilege	4364	WMIC.exe
Token: SeSystemProfilePrivilege	4364	WMIC.exe
Token: SeSystemtimePrivilege	4364	WMIC.exe
Token: SeProfSingleProcessPrivilege	4364	WMIC.exe
Token: SeIncBasePriorityPrivilege	4364	WMIC.exe
Token: SeCreatePagefilePrivilege	4364	WMIC.exe
Token: SeBackupPrivilege	4364	WMIC.exe
Token: SeRestorePrivilege	4364	WMIC.exe
Token: SeShutdownPrivilege	4364	WMIC.exe
Token: SeDebugPrivilege	4364	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4364	WMIC.exe
Token: SeRemoteShutdownPrivilege	4364	WMIC.exe
Token: SeUndockPrivilege	4364	WMIC.exe
Token: SeManageVolumePrivilege	4364	WMIC.exe
Token: 33	4364	WMIC.exe
Token: 34	4364	WMIC.exe
Token: 35	4364	WMIC.exe
Token: 36	4364	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4364	WMIC.exe
Token: SeSecurityPrivilege	4364	WMIC.exe
Token: SeTakeOwnershipPrivilege	4364	WMIC.exe
Token: SeLoadDriverPrivilege	4364	WMIC.exe
Token: SeSystemProfilePrivilege	4364	WMIC.exe
Token: SeSystemtimePrivilege	4364	WMIC.exe
Token: SeProfSingleProcessPrivilege	4364	WMIC.exe
Token: SeIncBasePriorityPrivilege	4364	WMIC.exe
Token: SeCreatePagefilePrivilege	4364	WMIC.exe
Token: SeBackupPrivilege	4364	WMIC.exe
Token: SeRestorePrivilege	4364	WMIC.exe
Token: SeShutdownPrivilege	4364	WMIC.exe
Token: SeDebugPrivilege	4364	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4364	WMIC.exe
Token: SeRemoteShutdownPrivilege	4364	WMIC.exe
Token: SeUndockPrivilege	4364	WMIC.exe
Token: SeManageVolumePrivilege	4364	WMIC.exe
Token: 33	4364	WMIC.exe
Token: 34	4364	WMIC.exe
Token: 35	4364	WMIC.exe
Token: 36	4364	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4784	wmic.exe
Token: SeSecurityPrivilege	4784	wmic.exe
Token: SeTakeOwnershipPrivilege	4784	wmic.exe
Token: SeLoadDriverPrivilege	4784	wmic.exe
Token: SeSystemProfilePrivilege	4784	wmic.exe
Token: SeSystemtimePrivilege	4784	wmic.exe
Token: SeProfSingleProcessPrivilege	4784	wmic.exe
Token: SeIncBasePriorityPrivilege	4784	wmic.exe
Token: SeCreatePagefilePrivilege	4784	wmic.exe
Token: SeBackupPrivilege	4784	wmic.exe
Token: SeRestorePrivilege	4784	wmic.exe
Token: SeShutdownPrivilege	4784	wmic.exe
Token: SeDebugPrivilege	4784	wmic.exe
Token: SeSystemEnvironmentPrivilege	4784	wmic.exe
Token: SeRemoteShutdownPrivilege	4784	wmic.exe
Token: SeUndockPrivilege	4784	wmic.exe
Token: SeManageVolumePrivilege	4784	wmic.exe
Token: 33	4784	wmic.exe
Token: 34	4784	wmic.exe
Token: 35	4784	wmic.exe
Token: 36	4784	wmic.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3960	2280	vantafortnite.exe	86
PID 2280 wrote to memory of 3960	2280	vantafortnite.exe	86
PID 2280 wrote to memory of 3960	2280	vantafortnite.exe	86
PID 3960 wrote to memory of 3696	3960	vantafortnite.exe	89
PID 3960 wrote to memory of 3696	3960	vantafortnite.exe	89
PID 3960 wrote to memory of 3696	3960	vantafortnite.exe	89
PID 3960 wrote to memory of 4920	3960	vantafortnite.exe	96
PID 3960 wrote to memory of 4920	3960	vantafortnite.exe	96
PID 3960 wrote to memory of 4920	3960	vantafortnite.exe	96
PID 4920 wrote to memory of 4364	4920	cmd.exe	98
PID 4920 wrote to memory of 4364	4920	cmd.exe	98
PID 4920 wrote to memory of 4364	4920	cmd.exe	98
PID 3960 wrote to memory of 4784	3960	vantafortnite.exe	99
PID 3960 wrote to memory of 4784	3960	vantafortnite.exe	99
PID 3960 wrote to memory of 4784	3960	vantafortnite.exe	99
PID 3960 wrote to memory of 2344	3960	vantafortnite.exe	101
PID 3960 wrote to memory of 2344	3960	vantafortnite.exe	101
PID 3960 wrote to memory of 2344	3960	vantafortnite.exe	101
PID 2344 wrote to memory of 1204	2344	cmd.exe	103
PID 2344 wrote to memory of 1204	2344	cmd.exe	103
PID 2344 wrote to memory of 1204	2344	cmd.exe	103
PID 3960 wrote to memory of 3192	3960	vantafortnite.exe	105
PID 3960 wrote to memory of 3192	3960	vantafortnite.exe	105
PID 3960 wrote to memory of 3192	3960	vantafortnite.exe	105
PID 3192 wrote to memory of 1832	3192	cmd.exe	107
PID 3192 wrote to memory of 1832	3192	cmd.exe	107
PID 3192 wrote to memory of 1832	3192	cmd.exe	107
PID 3960 wrote to memory of 3232	3960	vantafortnite.exe	108
PID 3960 wrote to memory of 3232	3960	vantafortnite.exe	108
PID 3960 wrote to memory of 3232	3960	vantafortnite.exe	108
PID 3232 wrote to memory of 4452	3232	cmd.exe	110
PID 3232 wrote to memory of 4452	3232	cmd.exe	110
PID 3232 wrote to memory of 4452	3232	cmd.exe	110
PID 3960 wrote to memory of 2764	3960	vantafortnite.exe	111
PID 3960 wrote to memory of 2764	3960	vantafortnite.exe	111
PID 3960 wrote to memory of 2764	3960	vantafortnite.exe	111
PID 2764 wrote to memory of 2800	2764	cmd.exe	113
PID 2764 wrote to memory of 2800	2764	cmd.exe	113
PID 2764 wrote to memory of 2800	2764	cmd.exe	113
PID 3960 wrote to memory of 3396	3960	vantafortnite.exe	115
PID 3960 wrote to memory of 3396	3960	vantafortnite.exe	115
PID 3960 wrote to memory of 3396	3960	vantafortnite.exe	115
PID 3396 wrote to memory of 5048	3396	cmd.exe	117
PID 3396 wrote to memory of 5048	3396	cmd.exe	117
PID 3396 wrote to memory of 5048	3396	cmd.exe	117
PID 3960 wrote to memory of 1256	3960	vantafortnite.exe	119
PID 3960 wrote to memory of 1256	3960	vantafortnite.exe	119
PID 3960 wrote to memory of 1256	3960	vantafortnite.exe	119
PID 1256 wrote to memory of 6716	1256	cmd.exe	121
PID 1256 wrote to memory of 6716	1256	cmd.exe	121
PID 1256 wrote to memory of 6716	1256	cmd.exe	121

C:\Users\Admin\AppData\Local\Temp\vantafortnite.exe
"C:\Users\Admin\AppData\Local\Temp\vantafortnite.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\vantafortnite.exe
  "C:\Users\Admin\AppData\Local\Temp\vantafortnite.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3960
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3696
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4364
- - C:\Windows\SysWOW64\Wbem\wmic.exe
    wmic cpu get Name
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4784
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2344
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:1204
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3192
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:1832
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Windows\SysWOW64\wbem\WMIC.exe
      C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
      4⤵
      PID:4452
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic path softwarelicensingservice get OA3xOriginalProductKey
      4⤵
      PID:2800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3396
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      PID:5048
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\AppData\Local\Temp\vantafortnite.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1256
  - - C:\Windows\SysWOW64\PING.EXE
      ping localhost -n 3
      4⤵
      Runs ping.exe
      PID:6716

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Browser\cc's.txt

Filesize
91B

MD5
5aa796b6950a92a226cc5c98ed1c47e8

SHA1
6706a4082fc2c141272122f1ca424a446506c44d

SHA256
c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c

SHA512
976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Browser\history.txt

Filesize
23B

MD5
5638715e9aaa8d3f45999ec395e18e77

SHA1
4e3dc4a1123edddf06d92575a033b42a662fe4ad

SHA256
4db7f6559c454d34d9c2d557524603c3f52649c2d69b26b6e8384a3d179aeae6

SHA512
78c96efab1d941e34d3137eae32cef041e2db5b0ebbf883e6a2effa79a323f66e00cfb7c45eb3398b3cbd0469a2be513c3ff63e5622261857eefc1685f77f76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Common Files\Are.docx

Filesize
11KB

MD5
a33e5b189842c5867f46566bdbf7a095

SHA1
e1c06359f6a76da90d19e8fd95e79c832edb3196

SHA256
5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454

SHA512
f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Common Files\BackupLock.ppt

Filesize
623KB

MD5
0e02139a3c9b4372698977b2f9e24c53

SHA1
1cef3b22ff392591900740260e770d43f374a531

SHA256
60ddc570de41f67eb34b6007ea64d7fb98598046edd63717b8381c2bee36d0e1

SHA512
2804fa0b6f88f4f88f7fe8ace6f83700ef2e3562587bc72ba648841f26ae654f7859f7589e6634e03a3206d4816ab4daf1d79dfd8fd2be294c89de2f96fc89ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Common Files\BackupMerge.xlt

Filesize
640KB

MD5
c2ffdbbc5a10fe8863cec5361b304b66

SHA1
fb31dbbce8a45e89f22887f49040d35e872f862e

SHA256
3beaf083f04e4794ee4907a94f56310e420cab1803219e9744ae4b59f34fcd63

SHA512
26c06daf1b4fabd288a0b77b0d2634fb4ce0f71ee0bec8f65019413320f1ef10b41de95e261d74382fc18ab5d79f66770409ff844fd22ce959e7ce9b8c8fc078

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Common Files\BackupWrite.asf

Filesize
203KB

MD5
1f79e8ee9d0657a554a59e89308d4949

SHA1
190001068fa11e0945abeb014b08b0711e49bc36

SHA256
275914e01d832e4b8bf254eac0f8f6ed51c713afc40d9324233cdc2c6bbc33bb

SHA512
fb28e1bafa735937a04e51bb0452f57ec08def724cc5e22a20d53a6b7caa1bdec68b3d40b9692d59d58b496df760422750a482148c9951fe32da816bbd91ee3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BA2L5vnhJw\Common Files\Files.docx

Filesize
11KB

MD5
4a8fbd593a733fc669169d614021185b

SHA1
166e66575715d4c52bcb471c09bdbc5a9bb2f615

SHA256
714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42

SHA512
6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\VCRUNTIME140.dll

Filesize
88KB

MD5
17f01742d17d9ffa7d8b3500978fc842

SHA1
2da2ff031da84ac8c2d063a964450642e849144d

SHA256
70dd90f6ee01854cecf18b1b6d1dfbf30d33c5170ba07ad8b64721f0bdcc235e

SHA512
c4e617cd808e48cc803343616853adf32b7f2e694b5827392219c69145a43969384d2fc67fa6fa0f5af1ca449eb4932004fbcdd394a5ba092212412b347586f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_asyncio.pyd

Filesize
33KB

MD5
f0737332bf08aae05a48b48e29c5bbee

SHA1
817db3420110fe8d79587bdd42e9cdaa3a4ea4d6

SHA256
cb96b10394ab30a996eb1afe8c2cc9691e21695e725f58a589e25b5b41d670b2

SHA512
f1d81ef2c457656ed0b29503de1345c22a8924adc58b5863a925da0f39ff1cd38922342874eeef0e3231fe2574d54e71e3785dbeff71e6da85dcfcae0a0afbbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_bz2.pyd

Filesize
44KB

MD5
d2bbc367a8844542cc5e6f75448f04f4

SHA1
d12e99547f07025e27d9c87a82cc018c6d2a3ca1

SHA256
3f261d8cecc7bc77cca9ab45f0588a7c3f1ad5e0327f9c35e412894c84f7d9bc

SHA512
5bbbbd3b1fc0f0386ca30926aec7a8b734b67a0accfb818774c7bab9a05f64f8c19dc911546d33410ac5703c95f4e13864ebd5d287b031f095623192945fe584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_cffi_backend.cp311-win32.pyd

Filesize
61KB

MD5
b1a0fc0cd03f30763656c6d3a2e8ff2b

SHA1
a380a0d24ae920fe24ce92d45d99851bb0e4f93a

SHA256
8ef5813767d0230a1712bc1ce6ff6c8d78039d2866858046ba151659b19f60ce

SHA512
62f6498d3b72e2f5123a2b0479fd3c442e315ab2a25b9ce86c9d2b6b9bd3301d0ed80dee336215074d55cd9354a4d82f5fe33e1a1044d8e7c31353a123c722df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_ctypes.pyd

Filesize
52KB

MD5
539d0ed7782f15eb8c8a0777fd53b379

SHA1
2f41419ef505c3aa36a63f4f620ff2d6a6e2f5d6

SHA256
2923a95dbb6fb9179914b87cd885795b53e3efdcec6efe2bf963a8dc79a6f2b1

SHA512
ade775b1e6d3eaa2909395fa8f737f4b5de9ac7ae3abce50bc136d4db234b66a58cfacd59a2762ce0af43346da35ce36939ae647bceb82f1d7522808e9abd60f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_decimal.pyd

Filesize
79KB

MD5
dc186d958e2599212cc704b73995925f

SHA1
0701ec0e25eb372321df4180aee8d1eca4b69193

SHA256
02cb104ef656c1c84ee3f40b0608ab92d87bc433c3de096e7194810d01153a39

SHA512
3721c057fbe5292c39e25c89714e50698630b706c18553961593042071b6f2d2d92b238f6c68fd2db3caeab00e84b6548fb18031e7c1dcc3915b1536534d9131

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_hashlib.pyd

Filesize
30KB

MD5
7747ba85a83f80102a6fe55c94bea429

SHA1
5fd239e6d18adb39822009754b6a36f2f7cf20bc

SHA256
78eb6372d83c3ac149304dbc957b75a794f4b8feeff5f8afb64c07dd51048456

SHA512
bdd2ae1d59d0ca9ff0e2bb43ddc733054ba6ceeb1ba73a99e1bc75d9aa0fe4cdfaaba0bae2787fddf3fe41e4a514ceb0c4c0341c32153927fe3c726d0de05237

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_lzma.pyd

Filesize
79KB

MD5
1c824ef5fbcde9b6b8a2e9210e635035

SHA1
645d3ea617cda3259126f2cbd113b453bb746d5d

SHA256
9206a8dc814ec5bfc32725b153064c477b6de1d2e9285d1d284548934683dc72

SHA512
bd948f122083ee54e2ca3328ba9fc97449682285b792b6e055fe74c9185e913955b15d91180d194fbfd55d5a587b440a46c7b9f37c29f359bfa5532c4a9f0388

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_multiprocessing.pyd

Filesize
25KB

MD5
a7bcd974cb526c191e7093fe7cc121c3

SHA1
91eb1f907c56c2fa1937bcecc5b565d5ade47879

SHA256
f6c1de17457a9d35bc3e815462189cb328cb8bc012450cc92e3d1986d59daed9

SHA512
149151bbd6713efe30ea9da8c853c9f1422da15e4e5381ea0726789d9c2cc61ea0b4e4d6197d4de67105f2ac0f77de49b160ee6cdeefc9c442311b45bb6a30c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_overlapped.pyd

Filesize
29KB

MD5
cd99722b95bbddf2b8b57b7a5818b33d

SHA1
a29bbcfd75fac0f15916d8f0a5d3e5dd9882919e

SHA256
5c02200d4f8461af6cf85f533ff38161f8966bbda5741422618d08fd762dde23

SHA512
d1499550037b1d68e3c02a7986d778f9ee6517836ed64f46ae099f7d815d4c626518de7c7051381cb15d34f5cfecc20b53bf4832bdfb98e8c737686d451c94bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_queue.pyd

Filesize
24KB

MD5
7b40bb9bf63cab2a1e9e445d843b0ed2

SHA1
afff65ca4241404942c823f70bbf353c6c958c93

SHA256
f8c3cb2b55e893b585f924f6f9f4eddd7283186235ab7ec6ad45adf40bd691e9

SHA512
133b278654c824958901760f44e96812c53d808ceeb1fe9500793d6da8059f91c7561ad563a4ad74dc59d76705292c782d5486af204a17da61f50d4901d6b5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_socket.pyd

Filesize
38KB

MD5
dd991868f1a17ab21893d043f01637a0

SHA1
c5754e8fd4e27c189cef288a897019ea62e402bd

SHA256
fed73096e7c76971fa52765af700ef113690302d160ad53334bda9879c7cc6f5

SHA512
f1dbf2dfed91cadeed83a89aef454a123dd9f242e67036085dea5a5387e96d74e90b2051b55dc7c6fa76cab379c9c7151815689101971acb29019087d4447674

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_sqlite3.pyd

Filesize
44KB

MD5
fa1dc5b4d37e9e3c80287a34eaf6c5d6

SHA1
649034ef30874131582a8b68bbf7aa5026da6ceb

SHA256
1b9c556203f8bf74d046151ff73ceb9fdcaaffed4b939bd2a9c68d9c3f470942

SHA512
27eebb4b17088519f586796a5b251951dafb0dbb62bf15eea72716f40d6208408d6ac32e0b90face362231992cbd17a05a1749e35cab2968f6e2f0c5d277436c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_ssl.pyd

Filesize
61KB

MD5
ab980618948f90063ac2e5beabc6c0e3

SHA1
3f0b7788ba3323ad5fc16497e35ebf7bc370a888

SHA256
8ba914951092a9c5368dfd4ea581f9f4640ec7f4b946c40b0000f040e75e57df

SHA512
0adf732d146a3f7f980bee43aa9ec580085d6fe7fae205569b6e28f630f131599b457d0af9abf081494f7ae21a6a9bb564691c4ad0a542491f9c24cb03db37db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\_uuid.pyd

Filesize
22KB

MD5
65a5d7842d70b78df20b8ac193b6ad2b

SHA1
581f6278382aee830c38d0d7564b9e23c530de90

SHA256
5ca04e3c06ccae8e63afa25f9acc0df1f28afe6bf97e4d1995dee68e3af7141d

SHA512
ffad2aed7a5c78a898805c98506e9d9c045b991581547c5d219c933b0c20b2cabc37bc0713cced2dc7888871990ec532e9a77dd62678da77dc5908e6512d9c1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\base_library.zip

Filesize
1.4MB

MD5
4b011f052728ae5007f9ec4e97a4f625

SHA1
9d940561f08104618ec9e901a9cd0cd13e8b355d

SHA256
c88cd8549debc046a980b0be3bf27956ae72dcdcf1a448e55892194752c570e6

SHA512
be405d80d78a188a563086809c372c44bcd1ccab5a472d50714f559559795a1df49437c1712e15eb0403917c7f6cfaf872d6bb0c8e4dd67a512c2c4a5ae93055

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\charset_normalizer\md.cp311-win32.pyd

Filesize
8KB

MD5
5242622c9818ff5572c08d3f9f96ea07

SHA1
f4c53ef8930a2975335182ad9b6c6a2ab3851362

SHA256
85f6e0b522d54459e7d24746054d26ba35ea4cc8505a3dd74a2bf5590f9f40fc

SHA512
c2ef2a5632eb42b00756bee9ffb00e382cbc1b0c6578243f3f1fe48eff18a1033187a5d7bf8bda4d9cf8d6cb4131ca37c47d8238ff264e1b1c496b16740b79a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\charset_normalizer\md__mypyc.cp311-win32.pyd

Filesize
31KB

MD5
5cc80e3524e7f2d527c3975ae6a33023

SHA1
a52f046a8e22ed3423ce593af054a818ed17ebd7

SHA256
34e63fec44c046a04919318da4a5fc03d60129b98700bf05031ce79138e16173

SHA512
03516aada3c5765bc93f1a3cd6aeda5d2e4fed2754e5dcf9e85ee6c550d59df8f31d857c823099952bd5bf01eb87ed442904ba6e610ba6133f856bc9be1c294f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\libcrypto-3.dll

Filesize
1.0MB

MD5
de718793467ad65bace698f10a021592

SHA1
f602f5f17baf9c3a9ecf6b1f7d6788f6c58edc50

SHA256
fda077ba79e26d5a751c5a61e5e56ee041c078ea8e2d1c8f4174569ebc6f002e

SHA512
5b519a1c4f731e78bf345529bbf486601c76223d71bca637fe052d4cf1a79f32affad309dd7e5c0be429b64f0f871b1357bd463f1bcc5609b56034b05e40a63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\libffi-8.dll

Filesize
28KB

MD5
3c58ad414b8aa577f3d9d6d8a8034d17

SHA1
71ab81bfd5f5d849bf6376ec89740b58a7ad16c2

SHA256
434b1bb37a7680ab6ac42ba53e83d0591a0924d654f6b56d40612fc6d07a4400

SHA512
2a8f395b42268638c8453f4d750525854e75337f82a3bf74de9eceeebafe997391306950576b3df5d409d94de5937e1638fefcdfbc9697c6f2e427bb77d57624

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\libssl-3.dll

Filesize
189KB

MD5
c4e3e78efce41b75b407c0614f70c65d

SHA1
c03279f2c7b3fae1e5618243d3c789c03056de93

SHA256
db7f999537890c5fd3f1fb2e177743c1667ba3a2eb4f8f0f2a8bdde5bae42bd0

SHA512
501fa0f6189bd2739b2b0f0afc174893235f1d9a0555532905de35f5d37856f290f27e39c274eb8a3c20b8a89445a7ca144db2a8ceb19d25f1d60cea2cba90dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\luna.aes

Filesize
63KB

MD5
e4d69a9c75617479819b0c58ec7dc3fb

SHA1
d37082f9033c3de5bf77669404e3f658043f9c3d

SHA256
eba0000350c7a467f1af4859aee16e76e90e4bd17efb6ee741f0f19688804064

SHA512
67659e666e7d571e590513470dabe1d3bc0c92b2d38b377f27079bc87a5e13665c5e12fd3ebcee2e18bc376fcb616dec760790bda868b35829cb95d83cda3a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\psutil\_psutil_windows.pyd

Filesize
26KB

MD5
d4f5d5f69cc9bf55457945999e0a6e7b

SHA1
413110e5bf5eeca88847ec39ecedc5f4593a9969

SHA256
fd513fff0d04d4ccc26d7b1fddd4e3067092c1f71522867997515d064d3dc4fb

SHA512
f1d5c074774ad08335efc33fc2c41c8e5962dd293a030644f437dcf622019164bcb28cc2af70c171daf0c974c588d7e54206cdc10f61daa8cf0c9f460b956f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\pyexpat.pyd

Filesize
72KB

MD5
5b6e1769b155ab228aa80e9b1278d6f8

SHA1
e68fce902e0d13119b7ab28667025d71d4a9875e

SHA256
9b2d70ca304a7a394766d42dacf71033abdc693ef9f384558b8f55c27c786427

SHA512
bc72619a730bc1017a75bdc2921bbe6f28c99b86f06db02a78c8c736000f9d620577355d21f8805b4e5c040680f00f9afe8c0d0800019ee37ee552ee932d4cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\python3.DLL

Filesize
65KB

MD5
187b055c37e4a1aedb158b107ed498fc

SHA1
3f777614379aa41859b6d7df37127ee5b958d22b

SHA256
4e5d4e72033eda5cd5e6e30e6ddaed4f4ff82c41f3ea89ffce2e9fb7d7b9f370

SHA512
fd9efc27b9bb3ba1f2549208ec01fdbd5a7ccaff90dab998b9f910bea4fcb26bbe7883e1c7ff7635a12153862d66a3cfff77706ba16b78db10d7198f8a72b955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\python311.dll

Filesize
1.4MB

MD5
f2a325757354e63d942b22de797cfa07

SHA1
28243905a31f141e29411f50de4228a888f1ba78

SHA256
e9c919f4451c039cd9e88c49361a4adcad3ca12eb1718851c7aa89154b540203

SHA512
e1dc229e8bf8e74e65063824917cae1554e8cb931927f036fba1812c1c5d5cc2b82a11b7596a1bf6566c20b161110607edb86111104883b10552b754a20c2df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\pywin32_system32\pythoncom311.dll

Filesize
132KB

MD5
e703a33afae7dc61cf6f9a39fd126aca

SHA1
5b8bb661d5d6621240d12b262c7c9776824dad76

SHA256
1fce44ae5726fbc01b334314fdb073383bf6d618eac099d9bc48360f93746034

SHA512
e60a93cecae5b0bbbd988b6449d170526b6fb8d28bd21babb5a052fc039adc669b39934a23f32033ae050caa583a7fcb08985f94ec500da0fe2af9b33b925938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\pywin32_system32\pywintypes311.dll

Filesize
53KB

MD5
365f88a897d8e1204270bce69fb5fd07

SHA1
3a2d31b7048e949231e6eae2f4fe6c6c42036e46

SHA256
7c00cc78c48b5062e8ebc6af8b33cc8ddcfc697ecc2cbb52cc78ef9faf507dda

SHA512
fa60173f770025e655c23cfc935dcca15325f6e47b625ba5ec48fea31747b0a0179e3701fd1fa09182466dd4df27083d62f7560d9867b89ce822a8bcde0491a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\select.pyd

Filesize
24KB

MD5
9ab11382a18662fb329e1da48917b7b2

SHA1
1f3c16a122d33943cd73ba58944c91a16b26cc48

SHA256
70e831588fa7a64baa4a7f3da300284a762c71a85ab94f1b58d1d17d2b7c5353

SHA512
35eeab50178298e15ffadd89c4f129265207bbc7aba7dbb66a334b2ca43281a368c931c25c03555b061fee73a1f667ed7f316ca516663449b762949d641c9651

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\sqlite3.dll

Filesize
523KB

MD5
a1d5efcc701bccd22da2334cf296097c

SHA1
3eafdc8867debc879c0a1d6ffdfcb20836be580a

SHA256
738cfcaa0bc77fb0161e97131eed85f8533e222e0827d4ae4fd0e6b928bfd1c6

SHA512
fd0048dd4d1b33e0a58abef3daf1eefba75d50ef5b28e70a847ba49d9f8a108f36f9698c032ec059182446de99f403698dd399122934923b6520b01ea29ad6f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\unicodedata.pyd

Filesize
291KB

MD5
a0ee839ea318ad6e439209464608f2f5

SHA1
b580078e1cdbc04a3829fb7f6c99683a20e12a30

SHA256
42f6adc16da8613b8090f42523238929788bd70bfbe964c3f750d9bb749f9792

SHA512
433f8cba3a168ae983f9c8494cef162bc3a416dcc285d4bbaffbf0320d10bcbbb86eb5985a6709a639de273f5d15b9b8ba37dfd9abf0312eb7ec57f9cc027466

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\win32\win32api.pyd

Filesize
37KB

MD5
9b1b6850d25e6b26ffc8a066cdd4eaa0

SHA1
5c60906e7c0aba45b7fde7060305773c6a0f2d0f

SHA256
c3427ebc66696ef26ec680296ef58a1da08d32d398884935ce2ed6c8cdc5c61b

SHA512
0d2a0815e5fea244d0886e3347b2ae20bd3da99b1264a69415b1d3c1db6d5e2473a6d702028823d2a34a9514c3a842236edb4b973fc310268fbbb18f3752dfa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\zstandard\backend_c.cp311-win32.pyd

Filesize
146KB

MD5
0502df09e7654b452c63925a58ff0848

SHA1
29d832b6a0ee3e682e473311b0d97a6d58582ed9

SHA256
c940352d5742eb1f313e4221d3e64c7f082a53afca319a4f70f83117e4acd24c

SHA512
de5b939e74a26b4b165f3ba7c3375e23b21ee5cc5e43ded7dd8ac68ad58ad9e0d2171d823a8938abba7df1f864f81b751100bb0cc4e9a80910a2ee85ab23aeae

Download Submit
memory/3960-808-0x0000000073C90000-0x0000000073E84000-memory.dmp

Filesize
2.0MB

Download
memory/3960-861-0x0000000075090000-0x00000000755A9000-memory.dmp

Filesize
5.1MB

Download
memory/3960-760-0x0000000075040000-0x000000007505E000-memory.dmp

Filesize
120KB

Download
memory/3960-762-0x0000000074920000-0x000000007494E000-memory.dmp

Filesize
184KB

Download
memory/3960-766-0x00000000744D0000-0x0000000074863000-memory.dmp

Filesize
3.6MB

Download
memory/3960-767-0x0000000004370000-0x0000000004703000-memory.dmp

Filesize
3.6MB

Download
memory/3960-765-0x0000000074870000-0x0000000074919000-memory.dmp

Filesize
676KB

Download
memory/3960-755-0x0000000074E60000-0x0000000074F00000-memory.dmp

Filesize
640KB

Download
memory/3960-754-0x0000000075090000-0x00000000755A9000-memory.dmp

Filesize
5.1MB

Download
memory/3960-785-0x0000000074250000-0x0000000074368000-memory.dmp

Filesize
1.1MB

Download
memory/3960-750-0x0000000074F40000-0x0000000074F4C000-memory.dmp

Filesize
48KB

Download
memory/3960-784-0x0000000074370000-0x0000000074392000-memory.dmp

Filesize
136KB

Download
memory/3960-751-0x0000000074F30000-0x0000000074F3C000-memory.dmp

Filesize
48KB

Download
memory/3960-778-0x00000000743B0000-0x00000000743C0000-memory.dmp

Filesize
64KB

Download
memory/3960-777-0x00000000743C0000-0x0000000074435000-memory.dmp

Filesize
468KB

Download
memory/3960-775-0x0000000074F90000-0x0000000074FA6000-memory.dmp

Filesize
88KB

Download
memory/3960-773-0x00000000744A0000-0x00000000744AF000-memory.dmp

Filesize
60KB

Download
memory/3960-772-0x0000000074FB0000-0x0000000074FE0000-memory.dmp

Filesize
192KB

Download
memory/3960-769-0x00000000744B0000-0x00000000744C2000-memory.dmp

Filesize
72KB

Download
memory/3960-794-0x0000000074010000-0x000000007414E000-memory.dmp

Filesize
1.2MB

Download
memory/3960-796-0x0000000074920000-0x000000007494E000-memory.dmp

Filesize
184KB

Download
memory/3960-797-0x0000000073FD0000-0x0000000074001000-memory.dmp

Filesize
196KB

Download
memory/3960-801-0x0000000073F40000-0x0000000073F4D000-memory.dmp

Filesize
52KB

Download
memory/3960-802-0x0000000074870000-0x0000000074919000-memory.dmp

Filesize
676KB

Download
memory/3960-809-0x0000000004370000-0x0000000004703000-memory.dmp

Filesize
3.6MB

Download
memory/3960-810-0x0000000073E90000-0x0000000073EB5000-memory.dmp

Filesize
148KB

Download
memory/3960-752-0x0000000074F00000-0x0000000074F27000-memory.dmp

Filesize
156KB

Download
memory/3960-807-0x0000000073EC0000-0x0000000073ECA000-memory.dmp

Filesize
40KB

Download
memory/3960-806-0x0000000073ED0000-0x0000000073EE0000-memory.dmp

Filesize
64KB

Download
memory/3960-805-0x0000000073EE0000-0x0000000073EEA000-memory.dmp

Filesize
40KB

Download
memory/3960-804-0x0000000073F00000-0x0000000073F0A000-memory.dmp

Filesize
40KB

Download
memory/3960-803-0x00000000744D0000-0x0000000074863000-memory.dmp

Filesize
3.6MB

Download
memory/3960-800-0x0000000073F50000-0x0000000073F5C000-memory.dmp

Filesize
48KB

Download
memory/3960-799-0x0000000073F60000-0x0000000073F6A000-memory.dmp

Filesize
40KB

Download
memory/3960-798-0x0000000073F80000-0x0000000073F8A000-memory.dmp

Filesize
40KB

Download
memory/3960-793-0x0000000074150000-0x000000007416B000-memory.dmp

Filesize
108KB

Download
memory/3960-792-0x0000000074220000-0x0000000074236000-memory.dmp

Filesize
88KB

Download
memory/3960-791-0x0000000074E60000-0x0000000074F00000-memory.dmp

Filesize
640KB

Download
memory/3960-744-0x0000000074F90000-0x0000000074FA6000-memory.dmp

Filesize
88KB

Download
memory/3960-742-0x0000000074FB0000-0x0000000074FE0000-memory.dmp

Filesize
192KB

Download
memory/3960-727-0x0000000074FE0000-0x0000000075007000-memory.dmp

Filesize
156KB

Download
memory/3960-720-0x0000000075010000-0x0000000075028000-memory.dmp

Filesize
96KB

Download
memory/3960-715-0x0000000075040000-0x000000007505E000-memory.dmp

Filesize
120KB

Download
memory/3960-716-0x0000000075030000-0x000000007503D000-memory.dmp

Filesize
52KB

Download
memory/3960-706-0x0000000075090000-0x00000000755A9000-memory.dmp

Filesize
5.1MB

Download
memory/3960-856-0x00000000744B0000-0x00000000744C2000-memory.dmp

Filesize
72KB

Download
memory/3960-857-0x0000000073A80000-0x0000000073A8C000-memory.dmp

Filesize
48KB

Download
memory/3960-758-0x0000000074990000-0x00000000749B4000-memory.dmp

Filesize
144KB

Download
memory/3960-895-0x0000000074E60000-0x0000000074F00000-memory.dmp

Filesize
640KB

Download
memory/3960-901-0x0000000074370000-0x0000000074392000-memory.dmp

Filesize
136KB

Download
memory/3960-911-0x0000000073A80000-0x0000000073A8C000-memory.dmp

Filesize
48KB

Download
memory/3960-910-0x0000000073C90000-0x0000000073E84000-memory.dmp

Filesize
2.0MB

Download
memory/3960-909-0x0000000073EC0000-0x0000000073ECA000-memory.dmp

Filesize
40KB

Download
memory/3960-908-0x0000000073ED0000-0x0000000073EE0000-memory.dmp

Filesize
64KB

Download
memory/3960-907-0x0000000073EE0000-0x0000000073EEA000-memory.dmp

Filesize
40KB

Download
memory/3960-906-0x0000000073F00000-0x0000000073F0A000-memory.dmp

Filesize
40KB

Download
memory/3960-905-0x0000000073F40000-0x0000000073F4D000-memory.dmp

Filesize
52KB

Download
memory/3960-904-0x0000000073F50000-0x0000000073F5C000-memory.dmp

Filesize
48KB

Download
memory/3960-903-0x0000000073F60000-0x0000000073F6A000-memory.dmp

Filesize
40KB

Download
memory/3960-902-0x0000000073F80000-0x0000000073F8A000-memory.dmp

Filesize
40KB

Download
memory/3960-900-0x00000000743C0000-0x0000000074435000-memory.dmp

Filesize
468KB

Download
memory/3960-899-0x00000000743B0000-0x00000000743C0000-memory.dmp

Filesize
64KB

Download
memory/3960-898-0x00000000744A0000-0x00000000744AF000-memory.dmp

Filesize
60KB

Download
memory/3960-897-0x00000000744B0000-0x00000000744C2000-memory.dmp

Filesize
72KB

Download
memory/3960-896-0x0000000073E90000-0x0000000073EB5000-memory.dmp

Filesize
148KB

Download
memory/3960-894-0x0000000074F30000-0x0000000074F3C000-memory.dmp

Filesize
48KB

Download
memory/3960-893-0x0000000074F40000-0x0000000074F4C000-memory.dmp

Filesize
48KB

Download
memory/3960-892-0x0000000074F90000-0x0000000074FA6000-memory.dmp

Filesize
88KB

Download
memory/3960-891-0x0000000074FB0000-0x0000000074FE0000-memory.dmp

Filesize
192KB

Download
memory/3960-890-0x0000000074FE0000-0x0000000075007000-memory.dmp

Filesize
156KB

Download
memory/3960-889-0x0000000075010000-0x0000000075028000-memory.dmp

Filesize
96KB

Download
memory/3960-888-0x0000000074F00000-0x0000000074F27000-memory.dmp

Filesize
156KB

Download
memory/3960-887-0x0000000075040000-0x000000007505E000-memory.dmp

Filesize
120KB

Download
memory/3960-886-0x0000000075030000-0x000000007503D000-memory.dmp

Filesize
52KB

Download
memory/3960-885-0x0000000073FD0000-0x0000000074001000-memory.dmp

Filesize
196KB

Download
memory/3960-884-0x0000000074010000-0x000000007414E000-memory.dmp

Filesize
1.2MB

Download
memory/3960-883-0x0000000074150000-0x000000007416B000-memory.dmp

Filesize
108KB

Download
memory/3960-882-0x0000000074220000-0x0000000074236000-memory.dmp

Filesize
88KB

Download
memory/3960-875-0x00000000744D0000-0x0000000074863000-memory.dmp

Filesize
3.6MB

Download
memory/3960-874-0x0000000074870000-0x0000000074919000-memory.dmp

Filesize
676KB

Download
memory/3960-873-0x0000000074920000-0x000000007494E000-memory.dmp

Filesize
184KB

Download
memory/3960-872-0x0000000074990000-0x00000000749B4000-memory.dmp

Filesize
144KB

Download
memory/3960-881-0x0000000074250000-0x0000000074368000-memory.dmp

Filesize
1.1MB

Download
memory/4676-1560-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1558-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1559-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1570-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1569-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1568-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1567-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1566-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1565-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download
memory/4676-1564-0x0000028B4E8C0000-0x0000028B4E8C1000-memory.dmp

Filesize
4KB

Download