7bfb1cff5026070f51356da0154594567f5bef98bfb91ec5285cf81999737382

Resubmissions

20/06/2024, 00:25

240620-aq13yatapl 10

14/06/2024, 18:17

240614-wxen6svgpl 10

Analysis

max time kernel
127s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader_prod.exe
Size

64.6MB
MD5

ca51d2b9d3c378224d77bfaf910a5c80
SHA1

67657cd30df07feafa49bbce07099714a86dcc67
SHA256

7bfb1cff5026070f51356da0154594567f5bef98bfb91ec5285cf81999737382
SHA512

a339c8c0872d1ffe2a3aa2726549145f0e248c8c04dcc49c1443313d67f698cbb77d667448fdcfa79993e07d4c5b81c307d7fa76d330a7ecd6373be9ba2ad0f1
SSDEEP

1572864:RRWAPVsp8irAH8+1osuTCSxOB6xMLiIpa2qHWB75iVuPrZRW8jrNU0i:RUAWp8S6xjKcBa6c2qHO5iVuzXDB

Score

9^/10

evasion execution persistence

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	loader_prod.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	loader_prod.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
640	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4688	attrib.exe

Executes dropped EXE 1 IoCs

pid	Process
556	loader_prod.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eul3n_loader_prod = "C:\\Users\\Admin\\eul3n\\loader_prod.exe"	loader_prod.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5236	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628627233705442"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
1860	loader_prod.exe
640	powershell.exe
640	powershell.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1860	loader_prod.exe
Token: SeDebugPrivilege	640	powershell.exe
Token: SeDebugPrivilege	5236	taskkill.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe
Token: SeCreatePagefilePrivilege	5716	chrome.exe
Token: SeShutdownPrivilege	5716	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe
5716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 1860	3960	loader_prod.exe	85
PID 3960 wrote to memory of 1860	3960	loader_prod.exe	85
PID 1860 wrote to memory of 640	1860	loader_prod.exe	87
PID 1860 wrote to memory of 640	1860	loader_prod.exe	87
PID 1860 wrote to memory of 5112	1860	loader_prod.exe	89
PID 1860 wrote to memory of 5112	1860	loader_prod.exe	89
PID 5112 wrote to memory of 4688	5112	cmd.exe	91
PID 5112 wrote to memory of 4688	5112	cmd.exe	91
PID 5112 wrote to memory of 556	5112	cmd.exe	92
PID 5112 wrote to memory of 556	5112	cmd.exe	92
PID 5112 wrote to memory of 5236	5112	cmd.exe	93
PID 5112 wrote to memory of 5236	5112	cmd.exe	93
PID 5716 wrote to memory of 5792	5716	chrome.exe	96
PID 5716 wrote to memory of 5792	5716	chrome.exe	96
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5972	5716	chrome.exe	97
PID 5716 wrote to memory of 5992	5716	chrome.exe	98
PID 5716 wrote to memory of 5992	5716	chrome.exe	98
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99
PID 5716 wrote to memory of 6040	5716	chrome.exe	99

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4688	attrib.exe

C:\Users\Admin\AppData\Local\Temp\loader_prod.exe
"C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Users\Admin\AppData\Local\Temp\loader_prod.exe
  "C:\Users\Admin\AppData\Local\Temp\loader_prod.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\eul3n\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\eul3n\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5112
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4688
  - - C:\Users\Admin\eul3n\loader_prod.exe
      "loader_prod.exe"
      4⤵
      Executes dropped EXE
      PID:556
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "loader_prod.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff94762ab58,0x7ff94762ab68,0x7ff94762ab78
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1388 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:2
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1560 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3628 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4824 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=244 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4428 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3368 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2232 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3968 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4472 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1716 --field-trial-handle=1956,i,12785185660442520751,12082400238855512011,131072 /prefetch:1
  2⤵
  PID:4900

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
2ec50d1f2d6df1d4b65d043db8b5cce0

SHA1
232712098d1d05cce51fa88fdfa6df66cc69b806

SHA256
86e0c1d11790825ead5b387441b89f2fd781ec4d9ceb55ff89f28dde099edca4

SHA512
6cacd6aa2eea11118bace76cdfd684e57b28b5b5684ad0fe802cd35af10fdb42ebdb6026c2b883686cd72e3e2b5e1b74a195f0801002f42086530670753d25ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
19c8d50ff9dbe0ffa351bbeba8ead448

SHA1
42f719b00b55d06cd95367c8917e3524935ec603

SHA256
e054e4b15ec0f12f1c72127b168241d4cf50a971cc2cb59c902ec8aa76eb7c1b

SHA512
1b5ca043eb63a41288dfc7f4f84872264adf1f4625c1eae22e1f789efaa6807e1896ea3ad855617ad2ab4dc383990c9290c57ca985c5adb5fa718c55cc7820f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2030343c153073c6c533c213d7f7530f

SHA1
63568a936db6372f5f9416c0b489ae47ebe496be

SHA256
7f552c0062d14ab3037e3f5b75a1344861a99f589a48ffcfc6078902d02f8cbe

SHA512
7b7ac81dbe2ed2e95b18fa299a6a6c40aaf7942c8f09409dec1df94a787cf93b7e1709f33cb6f63b65b769f8f2f9ece341da7dff445b00b27c09f4cbed7d3195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
28c34758e2f46988d0f7fcd8f44cee74

SHA1
74882a462fc8d8089066ee2afc858d5595c1113a

SHA256
422bd4643c97d8c5d9ddb8dadb5d1842128e9bbb9f4e1a0b23b210efa5211e68

SHA512
ff4a4d624a3a3623ec5470a82bf8091a09f06da14951001689d9ceb0a94d587a778eebe658db629ebf8a630e0e3a850e6c3065a2d52b2f0f2c5b8bf9cc84809f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
306KB

MD5
d6839f4d2586c255ac2a5dfca1d18fea

SHA1
6ff447f61024f628ff7bdbbd5034c2456d5a5fee

SHA256
1e6f04309406f2e639ac1ada959c74103cd4d9243a0e8aace2edf65d2e00461c

SHA512
e29d793fdeda218291c85ef70247d824b700c7e566d43869003fe4676e9b8193a14f3b7d69809a2d53e147c4b0e31d750112dddf68cf6d46bf1b312c35a7153d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c3879758130ef012d93f4933e962ffcf

SHA1
ec532006667ae7df7df803f47ef2668811c33f6c

SHA256
474f0132b70bb19f1fa71d99bae8ee7ee6f01b809295f3659703391de35c2e20

SHA512
963a4b1f9b8fd8a58559dc6f61e911f4290239851fed05f43027fdabd3697788406eca3ad621a7e1616371b9d902e9282db66fe6becc773eb8a5e35d49c49dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
339KB

MD5
4a7942835dadfd61e80e19aa3090735c

SHA1
2ab3e73bd00d7f8405322288b61d4e3f2e9d0e45

SHA256
8e3fe5fbba29170b195fa0087173f02cef455882eb1ee2723587e69d73104028

SHA512
3d09855260460ac3b56b02c4a418e543d0c8a9a2a7bab6cdacfacba6c5de14694364d5de31773bf1ad4cd1296c316f8ba0ddda4bca8faebeb8d1310384fd6e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
e8b1bd9fde4cc0aac64f07a67ca6f274

SHA1
5c59528d77e9a7ce5f9eb04f6376a7de5d623dbb

SHA256
5d8ef6c20cbfd47cf3a9e87d311080ed13c052f1a7abc94c471271aac4275e0d

SHA512
683994ab41966c97798e2cd2e846f3a3e623a4728864cae54a3e3b80c2bd9793d2e6ae22d62ad1c6970b9b06bdce23f5b62b6c94ef115bf6dc52ff82ab9f341a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585dea.TMP

Filesize
89KB

MD5
66aa32dfedfe77854392acc18b00b9a2

SHA1
d926b92a1cb3badde15d96d418020ebbe2bd55cc

SHA256
c842fbe6c3dba174b8da97361c687e3ee1a9a612a6205a48eeedd5e745bb158d

SHA512
0e2d698896de20b597820f340a6b9815aa1d2b2cdf0cdbc02c6b7fb05aba441e3ec10a13f1b5b6ed0efaa3cedced817259f263604c9f73f2fbc6cfa496c6f4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f64a2d5ab4f661b54fa9acf98f0e1ba0

SHA1
430830690503c102a1541a899d5e5630cffb1ab9

SHA256
bffb907690f28f6b8dfed446d26ea669080b62468d145714ea9ce8fa108a1601

SHA512
6d55e4bad3d5c640d2dfe910f478ffe63c739899b3221863a9150da30d4250100cc705b3424225b21cc79661123dd371bf3b644a5e0f80e82cebfd9fa7ef4a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\SDL2.dll

Filesize
2.4MB

MD5
0293f98e4ae63f376f293c95f197b9ce

SHA1
6e6ae66a791001399d7dde625de50799decfbe9c

SHA256
2e4e823b46e95a29ad4ce4e7134417b0cd60145fefe606920ef6dc0ebcfb0021

SHA512
0f5f7537e414fbf04e54e744bd2c0d587c920e93ac8dcca58a15fbe041e53383b66bd7b2c1cd75f3584cab435e9ddb38354cfd7d4676dcf515642de601f3ed46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\SDL2_mixer.dll

Filesize
285KB

MD5
201aa86dc9349396b83eed4c15abe764

SHA1
1a239c479e275aa7be93c5372b2d35e98d8d8cec

SHA256
2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8

SHA512
bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\SDL2_ttf.dll

Filesize
1.5MB

MD5
f187dfdccc102436e27704dc572a2c16

SHA1
be4d499e66b8c4eb92480e4f520ccd8eaaa39b04

SHA256
fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63

SHA512
75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_asyncio.pyd

Filesize
69KB

MD5
477dba4d6e059ea3d61fad7b6a7da10e

SHA1
1f23549e60016eeed508a30479886331b22f7a8b

SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6

SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_decimal.pyd

Filesize
251KB

MD5
492c0c36d8ed1b6ca2117869a09214da

SHA1
b741cae3e2c9954e726890292fa35034509ef0f6

SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1

SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_elementtree.pyd

Filesize
130KB

MD5
f89c26a967569f393e8e958c9127d4d7

SHA1
ea09407004b2b279f9424c20ba555cfc8909f154

SHA256
4869325e5cffbd13d3cc02dc78226478adfb51a802b52ff65b5adfacff3511f1

SHA512
eb2090ed5e00ea1a1b7b0c21f27bab45ec271dfb8e16c2df07be16df12ceaa1f8d0e0430b0ed65e4945e443aeb5248b42a6448decfc4157a39fa2c3dea20f5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_multiprocessing.pyd

Filesize
34KB

MD5
2bd43e8973882e32c9325ef81898ae62

SHA1
1e47b0420a2a1c1d910897a96440f1aeef5fa383

SHA256
3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d

SHA512
9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_overlapped.pyd

Filesize
54KB

MD5
7e4553ca5c269e102eb205585cc3f6b4

SHA1
73a60dbc7478877689c96c37107e66b574ba59c9

SHA256
d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91

SHA512
65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_queue.pyd

Filesize
31KB

MD5
b7e5fbd7ef3eefff8f502290c0e2b259

SHA1
9decba47b1cdb0d511b58c3146d81644e56e3611

SHA256
dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173

SHA512
b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_sqlite3.pyd

Filesize
122KB

MD5
c3a41d98c86cdf7101f8671d6cebefda

SHA1
a06fce1ac0aab9f2fe6047642c90b1dd210fe837

SHA256
ee0e9b0a0af6a98d5e8ad5b9878688d2089f35978756196222b9d45f49168a9d

SHA512
c088372afcfe4d014821b728e106234e556e00e5a6605f616745b93f345f9da3d8b3f69af20e94dbadfd19d3aa9991eb3c7466db5648ea452356af462203706c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_ssl.pyd

Filesize
174KB

MD5
c87c5890039c3bdb55a8bc189256315f

SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de

SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2

SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_tkinter.pyd

Filesize
64KB

MD5
276791cca50a8b8a334d3f4f9ff520e2

SHA1
c0d73f309ef98038594c6338c81606a9947bd7f8

SHA256
a1c74836bad3d9b0aaec8dccd92e552b5ad583bfea7ef21cd40713a265d94f7e

SHA512
ef1ed2eacf86885531fc0963c84c1c99773d963d5a709030df6cfee5027604e1402a55b6fe26019a3ab922fd27895d0e2ef5572a50195372b1bfb1539eac0dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_uuid.pyd

Filesize
25KB

MD5
50521b577719195d7618a23b3103d8aa

SHA1
7020d2e107000eaf0eddde74bc3809df2c638e22

SHA256
acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78

SHA512
4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\_wmi.pyd

Filesize
36KB

MD5
8a9a59559c614fc2bcebb50073580c88

SHA1
4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d

SHA256
752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12

SHA512
9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\base_library.zip

Filesize
1.3MB

MD5
43935f81d0c08e8ab1dfe88d65af86d8

SHA1
abb6eae98264ee4209b81996c956a010ecf9159b

SHA256
c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0

SHA512
06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libopusfile-0.dll

Filesize
45KB

MD5
245498839af5a75cd034190fe805d478

SHA1
d164c38fd9690b8649afaef7c048f4aabb51dba8

SHA256
ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4

SHA512
4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libtiff-5.dll

Filesize
422KB

MD5
7d40a697ca6f21a8f09468b9fce565ad

SHA1
dc3b7f7fc0d9056af370e06f1451a65e77ff07f7

SHA256
ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95

SHA512
5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\libwebp-7.dll

Filesize
437KB

MD5
2c5aca898ff88eb2c9028bbeefebbd1e

SHA1
7a0048674ef614bebe6cc83b1228d670372076c9

SHA256
9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50

SHA512
46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\portmidi.dll

Filesize
41KB

MD5
df538704b8cd0b40096f009fd5d1b767

SHA1
d2399fbb69d237d43624e987445694ec7e0b8615

SHA256
c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013

SHA512
408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\pyexpat.pyd

Filesize
197KB

MD5
958231414cc697b3c59a491cc79404a7

SHA1
3dec86b90543ea439e145d7426a91a7aca1eaab6

SHA256
efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f

SHA512
fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\python3.DLL

Filesize
66KB

MD5
a07661c5fad97379cf6d00332999d22c

SHA1
dca65816a049b3cce5c4354c3819fef54c6299b0

SHA256
5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b

SHA512
6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\sqlite3.dll

Filesize
1.5MB

MD5
e52f6b9bd5455d6f4874f12065a7bc39

SHA1
8a3cb731e9c57fd8066d6dad6b846a5f857d93c8

SHA256
7ef475d27f9634f6a75e88959e003318d7eb214333d25bdf9be1270fa0308c82

SHA512
764bfb9ead13361be7583448b78f239964532fd589e8a2ad83857192bf500f507260b049e1eb7522dedadc81ac3dfc76a90ddeb0440557844abed6206022da96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\tcl86t.dll

Filesize
1.7MB

MD5
108d97000657e7b1b95626350784ed23

SHA1
3814e6e5356b26e6e538f2c1803418eb83941e30

SHA256
3d2769e69d611314d517fc9aad688a529670af94a7589f728107180ae105218f

SHA512
9475cd1c8fe2e769ed0e8469d1f19cdf808f930cccc3baf581888a705f195c9be02652168d9c1c25ba850502f94e7eb87687c2c75f0f699c38309bc92b9004a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\tk86t.dll

Filesize
1.5MB

MD5
4cdd92e60eb291053d2ad12bf0710749

SHA1
31424e8d35459ba43672f05abba1e37c23f74536

SHA256
b30576b60aee548838243601952a05b70a9fc937f5a607f6b1413cd5ed04d900

SHA512
80c3bb58817578708e14ba173bfbe8f62fb54efa22feb8ff08b9eefa4462b74062654f956f965c7caa8aa16295229b58ef9eea8d2c4c94652bde1e61038e6ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39602\zlib1.dll

Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0enu5g33.2wz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/640-1221-0x00007FF9427A0000-0x00007FF943261000-memory.dmp

Filesize
10.8MB

Download
memory/640-1218-0x00007FF9427A0000-0x00007FF943261000-memory.dmp

Filesize
10.8MB

Download
memory/640-1217-0x00007FF9427A0000-0x00007FF943261000-memory.dmp

Filesize
10.8MB

Download
memory/640-1216-0x00007FF9427A0000-0x00007FF943261000-memory.dmp

Filesize
10.8MB

Download
memory/640-1206-0x0000020FD72E0000-0x0000020FD7302000-memory.dmp

Filesize
136KB

Download
memory/640-1205-0x00007FF9427A3000-0x00007FF9427A5000-memory.dmp

Filesize
8KB

Download