hxxps://easyupload[.]io/jn2h03

Resubmissions

22-05-2024 19:49

240522-yjwrmsec82 1

22-05-2024 19:41

240522-yd22gaeb25 7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://easyupload.io/jn2h03

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Lucid.exemain-obf.exe

pid process

6832 Lucid.exe
7060 main-obf.exe

pid	process
6832	Lucid.exe
7060	main-obf.exe

Loads dropped DLL 24 IoCs

Processes:

main-obf.exe

pid	process
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemain-obf.exe

pid	process
4608	msedge.exe
4608	msedge.exe
3516	msedge.exe
3516	msedge.exe
4040	identity_helper.exe
4040	identity_helper.exe
5884	msedge.exe
5884	msedge.exe
5908	msedge.exe
5908	msedge.exe
6264	msedge.exe
6264	msedge.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe
7060	main-obf.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

6720 7zFM.exe

pid	process
6720	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

msedge.exe

pid	process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zFM.exemain-obf.exe

description	pid	process
Token: SeRestorePrivilege	6720	7zFM.exe
Token: 35	6720	7zFM.exe
Token: SeSecurityPrivilege	6720	7zFM.exe
Token: SeDebugPrivilege	7060	main-obf.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

msedge.exe7zFM.exe

pid	process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
6720	7zFM.exe
6720	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3516 wrote to memory of 2344	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 2344	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 1836	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4608	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4608	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe
PID 3516 wrote to memory of 4560	3516	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyupload.io/jn2h03
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7880 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7656 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17901724706586633565,17235885799095758917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6628

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lucid.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6720
- C:\Users\Admin\AppData\Local\Temp\7zO04A22FC7\Lucid.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO04A22FC7\Lucid.exe"
  2⤵
  - Executes dropped EXE
  PID:6832
- - C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\main-obf.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO04A22FC7\Lucid.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:7060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "start key"
      4⤵
      PID:6092
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls & title Key System
      4⤵
      PID:6104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
252537e4765354f73aa72700834c2b3b

SHA1
9f4f69f726313430c89740f4a26d8fdf4eeb652b

SHA256
36a9985f30db8279d08419966b6c3eb430266df42e7e1d4ebda05bc478decb4e

SHA512
89134a151e9349c7908bd60c3fb901ef30c0a9a37bbc1f07373677647acfaa5c99438cd85bcb0f07bb645208ca1c6b7191eb2e528014db12e26020066eb24e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
8.3MB

MD5
bf1b390ccfdf48e3cf509bf6b7639e30

SHA1
8853f17931d1da5063ec724ff7bb862ce8b4db9b

SHA256
8465778370dda01dab075cb6e9a110106c41a95263ff6e44263a0acfd357753e

SHA512
2ebdb9c4d5613958aea53b308ca9b8363b6983f34c5e741632c13790428158cdd2bb742eae4aaa33ca900c21e8c60cdecc380551b11d2cf3416d0effbefe8867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b537ebe70f5bdf3e61f1d91199ce5400

SHA1
f49f9c78dbcda53a8625593550417bf5e6e69aee

SHA256
1f01badd9d2405467106334226d3c5ae101dcf4f122af61e47f528845dca59ff

SHA512
b2e6905eb1e9a90a4bc933efb3cd77061110205b28c21cd200495d3cbe85a698b3ac289aa2172da349b848dc2de8c16713a33fa3db584ad148f24923e72c3fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5caeef90737b2f05d0a08bb4fed5f5d9

SHA1
a168bca4b783b23fee8c82aeb32f2f1680ef5c56

SHA256
7cdd1693165d7866347710e1a96e30db3939e7bc71feb85a48b6d579457d5d31

SHA512
bf79bd93c3ea9610bb823c303d336f84b1a22dc828a4658e32abf27dc1a6737a0d7105bdd1ef8780e35e1cf6390c8afcec6a90731c3407bf7866df7ae3826ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
d158912bdde567d124bfc4bbdec4e09f

SHA1
ce1073a1d681e1292ca77808c2b2d02d1880345b

SHA256
308ef53257c237e601e48d606e100a6af9cd736bcae8b4e40153060a1bff5951

SHA512
e9e6524a735a513f42a99fb602460b4158567e83f0326135f605ac5f712174c540e42130fa9f06f7ce78a9d2aa5eaf5a28f1994396c4e6b4c03c53c1aa3f4ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92757e6aa540c6cdc29ae5264595aaf9

SHA1
34bc9b6a2967b7279d79f1058db2d280cf0c29d7

SHA256
e2b69dd6c7a974200d73b0aa644af7e19c015eba22a84534bdfc72191e06c7b6

SHA512
3827ef54f44c413bcbb6061583352d332a1352bc283ae8f38ef7f9c1ede672bc18a51844c42cc65d1f942b84cc7fd4cbae6a5a1943f051a8df377962af20c268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d3d7a486c6a43d3a75cd54e9244b1e11

SHA1
147291678e983ddb07f595748956a873991970ef

SHA256
31e516e220dabb9b2400a7c4150f57255f0e334263f8b01ea24f320ba725f1ef

SHA512
698732df4d1082c9bc441aca0229160cf6bc4b053e99e466588a90e9bcce2bf8aefe121012572254311c1e8637167619089281eaa8d739ed2c8daabe8d744d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
2293493b3ae400229b451be8a920f772

SHA1
6f68f1cf57d294650897bfb71c70f9019137058c

SHA256
58f3fa16bd6192eed7e67af6e1fa60c767169a10d22fc0262900db28f1d55c47

SHA512
ca626d06919dbdb295f67741e7be110dfea963d9b1a6843f1e496b164ca59a016a504752c63c094d01a3784a25bbaa3080a9d16c33f9d2e6f018676e79f0ae90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aff3e484909ed45166d5e6b0f9a3754b

SHA1
892ffaa7fc1a12c96b391dce9c04b24cc5d69b0a

SHA256
2d2c996a686f8f84a677f86c366e71ca7b3200433dec93d78e0bbc6cdedf3a5b

SHA512
82fb6d3b738382f16f0bbd9a42503fbeed688527025f051781762bfa21a424ff65ac57ff0a996d2607a03483ce880ad2a2fe23f268586beec4f4606428b1e543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f482.TMP

Filesize
1KB

MD5
6ddeb80d2cb187e3055a9a63b66d6602

SHA1
ccc1235e3f760e9c19fa89553a3263c7cf5d3f47

SHA256
25a14eff7348b41c90e0aff4444522ece8587ffae0389de25aae0f6a28197626

SHA512
93ff153947cbdc20d5a189448bb0ff84b56b21bb1502a917cc8c5d11b365b629debed4ac1886b4e62852e6abb48a0b4435628e0602b53e877cdbe841fc00f73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
163778bf6bee431666ce0c44dc14e87c

SHA1
97b1ffd1fd5b85185aaf7db48ddec859d31cbea4

SHA256
8a95ae0e389215f8483069cfbc8c841f955a2de9202e4d50def9866d6aed7743

SHA512
38e58f93052911b5072b9880b74069c36229142bcf5877dd8a7a1ae2aa41c5e2537efe57a44f2bdda915317ffc7ef2eca16429e58f3fd301ce15abcc5a21e901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c751ed458089b04f277e550ed2008dad

SHA1
cf262d5dbb1269d333d486497bbe8fbb209fca2d

SHA256
a43136a6a123ad069e9bbd3f58aefe2517c9958237d1dfc8a923120a0ed517fe

SHA512
ffbee5dcf337bc705a933d9e49d49ae2efaa2e05649320c59adc50d9d178d6e2a850379af2c639c0d46db2b080f25a06e130371690222e342577fa8fca9b4888

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO04A22FC7\Lucid.exe

Filesize
8.4MB

MD5
ac6657f44801b542f717e18665145e5b

SHA1
efbf677cfce4054813fb3004e42e524dbdfa4501

SHA256
e462d3688c61db7516a7ada8fb4a990b77cfdd33f2df7e84005042dfdf74c544

SHA512
3ec5ab2455e249834d2d83b29d14d9105d7dc2fcb93ab84dc0c174317a40eb4adeaa438836579fc0befb1d5605f3aec84e43cf4c91ddf020808aa7e164c4ed3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\main-obf.exe

Filesize
15.7MB

MD5
28447c8cd853450387c545fe62c35617

SHA1
3dfa562c2b3f5e2848bbb97ae9d5ca302cfc6ef5

SHA256
430d10e790fa8008cb65e1118489a6b24d464bd9fab0a6109d562c38941823b0

SHA512
05ec2abd2e1cead0c1bf44fcb08362db0be344b9df906fcefc3e56f05a31ced3c527115a141a517b2bda41c5673417ae9619895c6f11e8a0d3c8e4589c851488

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\psutil\_psutil_windows.pyd

Filesize
65KB

MD5
3cba71b6bc59c26518dc865241add80a

SHA1
7e9c609790b1de110328bbbcbb4cd09b7150e5bd

SHA256
e10b73d6e13a5ae2624630f3d8535c5091ef403db6a00a2798f30874938ee996

SHA512
3ef7e20e382d51d93c707be930e12781636433650d0a2c27e109ebebeba1f30ea3e7b09af985f87f67f6b9d2ac6a7a717435f94b9d1585a9eb093a83771b43f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_6832_133608807573507140\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\??\pipe\LOCAL\crashpad_3516_YUAZGORICSOMLKUB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6832-337-0x00007FF616110000-0x00007FF61698E000-memory.dmp

Filesize
8.5MB

Download
memory/7060-436-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-401-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-411-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-390-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-359-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-438-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-440-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-442-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-444-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-449-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-462-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download
memory/7060-473-0x00007FF73CB70000-0x00007FF73DB61000-memory.dmp

Filesize
15.9MB

Download