hxxps://gofile[.]io/d/1V9rST

Analysis

max time kernel
107s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/1V9rST

Score

7^/10

persistence pyinstaller

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

HydraV1.3.EXECheat.exeCheat.exe

pid process

4484 HydraV1.3.EXE
4808 Cheat.exe
2424 Cheat.exe
Loads dropped DLL 5 IoCs

Processes:

Cheat.exe

pid process

2424 Cheat.exe
2424 Cheat.exe
2424 Cheat.exe
2424 Cheat.exe
2424 Cheat.exe

pid	process
4484	HydraV1.3.EXE
4808	Cheat.exe
2424	Cheat.exe

pid	process
2424	Cheat.exe
2424	Cheat.exe
2424	Cheat.exe
2424	Cheat.exe
2424	Cheat.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

HydraV1.3.EXE

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	HydraV1.3.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

103 raw.githubusercontent.com

flow	ioc
103	raw.githubusercontent.com

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608948841950150"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

380 chrome.exe
380 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe
380 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe
Token: SeShutdownPrivilege	380	chrome.exe
Token: SeCreatePagefilePrivilege	380	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe7zG.exe

pid	process
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
4736	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe
380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 380 wrote to memory of 4160	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 4160	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3968	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 2824	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 2824	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe
PID 380 wrote to memory of 3952	380	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/1V9rST
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89307ab58,0x7ff89307ab68,0x7ff89307ab78
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:2
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4124 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4768 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5060 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5616 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5740 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5976 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:1
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1912,i,10875749545860594944,7420699055594892057,131072 /prefetch:8
2⤵
PID:3552

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4368

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HydraSpoofer\" -ad -an -ai#7zMap26348:86:7zEvent332
1⤵
- Suspicious use of FindShellTrayWindow
PID:4736

C:\Users\Admin\Downloads\HydraSpoofer\HydraSpoofer\HydraV1.3.EXE
"C:\Users\Admin\Downloads\HydraSpoofer\HydraSpoofer\HydraV1.3.EXE"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4484

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
2⤵
- Executes dropped EXE
PID:4808

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2424

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
af7879299aae7d2ff86ea3cbfd5db067

SHA1
a9ef13b44728e80a1dbc06a15eec3a8b6a72f5eb

SHA256
368e24c4cf0163b958f4aea0e4575706d86e93422328786865ee78cc323d0274

SHA512
f9d44f42097cf3079885413303ca4fa1a2c18e9a7d155ade9d6c13654e446260cdee63e0df63ab68cc438a0fa455b7d54609aa2fca072f309560a824b9b0b675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
48f6d22e139082ff0b876571d64402c1

SHA1
b1ef6d6aafe1f68a403b45193d72f1e8254926b9

SHA256
c4671d2782455df494083024f198739c176f34eca5cd77fcb2f8c866304682b7

SHA512
d9153d68a88edf219f7bde82e28933263b1d488eff080811108cead7647457512bb61767781bb39c07148f2ff8bc6724134a7cc2995e220e3c5c7a893fe5808e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
858B

MD5
9035fb0fa16d455b558c792535dc7d3c

SHA1
8e1738ffa79c7586baf9e84d78004ece68837ab9

SHA256
b89f1c658069f455bcc8e2ffa00191435b7502018147bfdd6035b24ef0530a57

SHA512
d1b7adbef83fe6e869e603fe8ab06c88aa9a9e1fd7dcb9098413b7b7e713cd6da9bd1a1e4455450b7b14545ef54ae41ca8d961809469123e49da898e4764aa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f590968556a292cdd4a562f3cdc49623

SHA1
80336ab91d3ecb43a30df274925bf958dcb1e6e8

SHA256
07d986eb6dc61615badf407f63b6311ff7baacfabf887fdffb74303a565ba2e5

SHA512
f05301f4c72a423f17d5415a15a7b45fbf96b26009118bfa54d71e43efc08d83ac05610c38eb98cd11bb56e14637a7f8c302d3c1edcea08af7b11ab4c68850b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4ded18fec626bebd727101088e2d8484

SHA1
512920857666009ddaa2adbc8a319096d3f3e9e8

SHA256
ba4dabccd554364add0bf7f275c879d820afda63154c2854fc06d6d01b30317c

SHA512
3cc4275451fe0b5f550aac2502c28886de36a3b2bc98ba1450ffe3dbfd290fe8a36c53adb5bf58831a80486d31ba65545d29f11d98affbca5d7379fd7c74faee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c498557810ca1cc12029bedb786303df

SHA1
9d527234aa5f5bdaa4a8a5ff7084425a56444839

SHA256
3d605450fdd4a55fc808a2ebc143fb98d84a177e2db6f25c7e612865dcd1b40f

SHA512
b0b97153760e8f0aad965b778948695f969761c67223ef53729d26c11bd6d98f2d94d211020482f7acea3672975d1325049b99bfcfe31ccddadcd36a1083753a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
03b59fb51eb2ecdcc8c4c233d3500d9e

SHA1
788c7ce21c56f922b81d3c7b9905b81007c3d42b

SHA256
52a49e8bf4bec9e9621b738636b0ed70a45d23880ba4a3b63d607639fa37631e

SHA512
8e21b14643a04fa68ad92752591bd9bac6e5386e58ffa8b238ba6abbb8db7e4aedbf30c8a5fdb47e134101010309803f6751491bff9751c4c851f3a52bf48839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7a9aacd108d3771315741e38f6999984

SHA1
5540f7718010dd72ed7b0bf8aa29da25783e48db

SHA256
c66b03d73e30a431fb08d993a96ee9fd995c9c5a848cf0f86b0d1b5dadff4fd3

SHA512
b214740986f3442d0689d8126bdb5fd885f24d37bc222797ae4b218d7371e949150c344d76a2dc2b506fd8b1ae57411f6c3450eb18bca766b279c8d18f742f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
5d768c27d450c8168285c976419f877f

SHA1
ce535bda5a26edf8513919889b8c6e459198e675

SHA256
23ee238d463e664b009201a5c927d815dd189e1d3e4347295bf09b89d4474333

SHA512
c6aafe22863aa7bdc48beeb5cca5dbcd5b1495a3a4a19d7c3f02b3b1b13e48c4caf2b4342f856f8f290dca92202ec97e4faecc9a727a3ed10c8e1ac1041352bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
3c8ee88ebd5b8a637f185f0bb6163472

SHA1
7d75af4640bbaca06a8b5a7e36af030a896324f5

SHA256
b605b68bb95e0940bf0806eaee7b74298a5edcad17a78628d6d933bfcce365c4

SHA512
a2d6033b0b696baad75955223eb6647de0ae6292c0cb1688a8aca087b9135673b8abbf7fc637ba97f76fe9dd039a406b351a0aec89ae13bf0ff9f06f430ef8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c2d3.TMP
Filesize
87KB

MD5
9c39b4f7949957c94bcaa76c1257fb36

SHA1
4ad0665c9b056dbf23b1e7ee22d6c32b09476c82

SHA256
571881bb304234711029c0c8186b33e5cfd7f4653ed7c3912c5a99788115995f

SHA512
6a6eeef7e7ff2c86cbe5d10786a3acf3bcdc9726cfdb2da86072be1a4f09ee7761aae616ceede572ced72f72537094188143cf5b1a57c4cabb76b5994769a223

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
Filesize
8.0MB

MD5
1865683e49a401e02e57058ae9761c92

SHA1
4fe814655b0b2cbfb4fe56daf7fb3e059ba75560

SHA256
008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619

SHA512
b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\VCRUNTIME140.dll
Filesize
78KB

MD5
1e6e97d60d411a2dee8964d3d05adb15

SHA1
0a2fe6ec6b6675c44998c282dbb1cd8787612faf

SHA256
8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9

SHA512
3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_bz2.pyd
Filesize
77KB

MD5
f73ea2b834471fb01d491a65caa1eea3

SHA1
00e888645e0a1638c639a2c21df04a3baa4c640a

SHA256
8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda

SHA512
b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_decimal.pyd
Filesize
193KB

MD5
bcdbf3a04a8bfd8c8a9624996735fc1a

SHA1
08d35c136fe5c779b67f56ae7165b394d5c8d8ef

SHA256
1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7

SHA512
d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_hashlib.pyd
Filesize
46KB

MD5
303a1d7d21ca6e625950a966d17f86be

SHA1
660aaad68207dc0a4d757307ad57e86b120f2d91

SHA256
53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f

SHA512
99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_lzma.pyd
Filesize
144KB

MD5
b4251ed45538a2a7d79737db8fb139db

SHA1
cded1a4637e7e18684d89cd34c73cfae424183e6

SHA256
caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210

SHA512
d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_socket.pyd
Filesize
65KB

MD5
b55ce33c6ba6d7af221f3d8b1a30a6f7

SHA1
b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0

SHA256
ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f

SHA512
4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\_tkinter.pyd
Filesize
51KB

MD5
992ec7ea4dcbb3cdbe94f3099f5e7ca2

SHA1
85520ae918f92144c29b916bd94d3657e7485d73

SHA256
eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f

SHA512
ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\base_library.zip
Filesize
1.4MB

MD5
83d235e1f5b0ee5b0282b5ab7244f6c4

SHA1
629a1ce71314d7abbce96674a1ddf9f38c4a5e9c

SHA256
db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0

SHA512
77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\libcrypto-1_1.dll
Filesize
2.2MB

MD5
90311ea0cc27e27d2998969c57eba038

SHA1
4653f1261fb7b16bc64c72833cfb93f0662d6f6d

SHA256
239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367

SHA512
6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\python311.dll
Filesize
4.7MB

MD5
b8769a867abc02bfdd8637bea508cab2

SHA1
782f5fb799328c001bca77643e31fb7824f9d8cc

SHA256
9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8

SHA512
bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\select.pyd
Filesize
25KB

MD5
aae48cf580702fec3a79524d1721305c

SHA1
33f68231ff3e82adc90c3c9589d5cc918ad9c936

SHA256
93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265

SHA512
1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl86t.dll
Filesize
1.4MB

MD5
d99809b3282ce68bffc5ee22ff7f78e3

SHA1
9608d2e0d5c8f786ad8e6d74fb8ec0592700e860

SHA256
7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df

SHA512
8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl8\8.5\msgcat-1.6.1.tm
Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\auto.tcl
Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\encoding\cp1252.enc
Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\http1.0\pkgIndex.tcl
Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\init.tcl
Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\opt0.4\pkgIndex.tcl
Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\package.tcl
Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\tclIndex
Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tcl\tm.tcl
Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk86t.dll
Filesize
1.2MB

MD5
2d22c933ab895730b49058514ac16a5f

SHA1
86a589ea7a942f9f09adc99e037ccb7bfabe28e1

SHA256
f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b

SHA512
5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\button.tcl
Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\entry.tcl
Filesize
17KB

MD5
f109865c52d1fd602e2d53e559e56c22

SHA1
5884a3bb701c27ba1bf35c6add7852e84d73d81f

SHA256
af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

SHA512
b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\icons.tcl
Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\listbox.tcl
Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\menu.tcl
Filesize
38KB

MD5
078782cd05209012a84817ac6ef11450

SHA1
dba04f7a6cf34c54a961f25e024b6a772c2b751d

SHA256
d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

SHA512
79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\panedwindow.tcl
Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\pkgIndex.tcl
Filesize
376B

MD5
3367ce12a4ba9baaf7c5127d7412aa6a

SHA1
865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

SHA256
3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

SHA512
f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\scale.tcl
Filesize
7KB

MD5
857add6060a986063b0ed594f6b0cd26

SHA1
b1981d33ddea81cfffa838e5ac80e592d9062e43

SHA256
0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

SHA512
7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\scrlbar.tcl
Filesize
12KB

MD5
5249cd1e97e48e3d6dec15e70b9d7792

SHA1
612e021ba25b5e512a0dfd48b6e77fc72894a6b9

SHA256
eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

SHA512
e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\spinbox.tcl
Filesize
16KB

MD5
77dfe1baccd165a0c7b35cdeaa2d1a8c

SHA1
426ba77fc568d4d3a6e928532e5beb95388f36a0

SHA256
2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

SHA512
e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\tk\tk.tcl
Filesize
23KB

MD5
338184e46bd23e508daedbb11a4f0950

SHA1
437db31d487c352472212e8791c8252a1412cb0e

SHA256
0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

SHA512
8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48082\unicodedata.pyd
Filesize
1.1MB

MD5
b98d5dd9980b29ce394675dc757509b8

SHA1
7a3ad4947458baa61de998bc8fde1ef736a3a26c

SHA256
1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf

SHA512
ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2

Download Submit
\??\pipe\crashpad_380_UVAZLHKYJSKAHOYQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit