029802d89e8f57492d477c07a680e700c88d62a2f2fc175b7bfcd1d93620bffe

Analysis

max time kernel
399s
max time network
439s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CheatEngineUnpacker3.41.exe
Size

61.5MB
MD5

aae4cc6e0c6a69647c6329ef0182dc33
SHA1

eeaea31356db3ea20224f121f9fbba22a3258186
SHA256

029802d89e8f57492d477c07a680e700c88d62a2f2fc175b7bfcd1d93620bffe
SHA512

b4a9cf2b7ec19ac632bc5858f315113b0c2370aa42aac9ce57159d190c9a42a5cd073b2233afaf30aeba43ee1438f1a477dcb30f69f616ff595adc3fa6f95475
SSDEEP

1572864:n2SpimMZrPE+yqPONDf3/1FGipBeowfrnjD62hHLCd/5HY:3iZzE2OZv1FGiDerTXF9O3Y

Score

8^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 21 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3524	powershell.exe
6120	powershell.exe
864	powershell.exe
5492	powershell.exe
2964	powershell.exe
5396	powershell.exe
3992	powershell.exe
1852	powershell.exe
1588	powershell.exe
1400	powershell.exe
4156	powershell.exe
3868	powershell.exe
4316	powershell.exe
4500	powershell.exe
3812	powershell.exe
2236	powershell.exe
1612	powershell.exe
5588	powershell.exe
5808	powershell.exe
5468	powershell.exe
432	powershell.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	CheatEngineUnpacker3.41.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 6 IoCs

pid	Process
6020	data.exe
1748	insta3d311.exe
5884	insta3d311.exe
4800	data.exe
1152	insta3d311.exe
5604	insta3d311.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1748 set thread context of 5884	1748	insta3d311.exe	130
PID 1152 set thread context of 5604	1152	insta3d311.exe	198

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2364	5884	WerFault.exe	130
2656	5604	WerFault.exe	198
5056	3468	WerFault.exe	229
1868	3468	WerFault.exe	229

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
1396	NOTEPAD.EXE
4536	NOTEPAD.EXE

Runs net.exe

Runs ping.exe 1 TTPs 64 IoCs

Remote System Discovery

T1018

pid	Process
5852	PING.EXE
5336	PING.EXE
396	PING.EXE
4152	PING.EXE
5652	PING.EXE
3588	PING.EXE
348	PING.EXE
2364	PING.EXE
4824	PING.EXE
2332	PING.EXE
4784	PING.EXE
116	PING.EXE
5052	PING.EXE
2184	PING.EXE
2688	PING.EXE
5312	PING.EXE
5372	PING.EXE
3528	PING.EXE
4976	PING.EXE
1236	PING.EXE
5788	PING.EXE
5200	PING.EXE
2536	PING.EXE
4712	PING.EXE
4684	PING.EXE
5456	PING.EXE
1128	PING.EXE
2744	PING.EXE
4564	PING.EXE
5688	PING.EXE
2804	PING.EXE
4068	PING.EXE
928	PING.EXE
5604	PING.EXE
4984	PING.EXE
2992	PING.EXE
4124	PING.EXE
5756	PING.EXE
2544	PING.EXE
6028	PING.EXE
4312	PING.EXE
5824	PING.EXE
1320	PING.EXE
1084	PING.EXE
5300	PING.EXE
2468	PING.EXE
3656	PING.EXE
220	PING.EXE
1840	PING.EXE
4336	PING.EXE
5956	PING.EXE
5400	PING.EXE
5620	PING.EXE
1968	PING.EXE
6056	PING.EXE
4236	PING.EXE
5036	PING.EXE
6100	PING.EXE
4392	PING.EXE
3116	PING.EXE
1560	PING.EXE
3320	PING.EXE
4368	PING.EXE
4140	PING.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1612	powershell.exe
1612	powershell.exe
1588	powershell.exe
1588	powershell.exe
864	powershell.exe
864	powershell.exe
3992	powershell.exe
3992	powershell.exe
1852	powershell.exe
1852	powershell.exe
5492	powershell.exe
5492	powershell.exe
5808	powershell.exe
5808	powershell.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	1612	powershell.exe
Token: SeDebugPrivilege	1588	powershell.exe
Token: SeDebugPrivilege	864	powershell.exe
Token: SeDebugPrivilege	3992	powershell.exe
Token: SeDebugPrivilege	1852	powershell.exe
Token: SeDebugPrivilege	5492	powershell.exe
Token: SeDebugPrivilege	5808	powershell.exe
Token: SeDebugPrivilege	1748	insta3d311.exe
Token: SeDebugPrivilege	1748	insta3d311.exe
Token: SeDebugPrivilege	1152	insta3d311.exe
Token: SeDebugPrivilege	1152	insta3d311.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4800	data.exe
4800	data.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 2480	1452	CheatEngineUnpacker3.41.exe	86
PID 1452 wrote to memory of 2480	1452	CheatEngineUnpacker3.41.exe	86
PID 1452 wrote to memory of 2480	1452	CheatEngineUnpacker3.41.exe	86
PID 2480 wrote to memory of 1944	2480	cmd.exe	89
PID 2480 wrote to memory of 1944	2480	cmd.exe	89
PID 2480 wrote to memory of 1944	2480	cmd.exe	89
PID 1944 wrote to memory of 4972	1944	cmd.exe	91
PID 1944 wrote to memory of 4972	1944	cmd.exe	91
PID 1944 wrote to memory of 4972	1944	cmd.exe	91
PID 4972 wrote to memory of 4332	4972	cmd.exe	93
PID 4972 wrote to memory of 4332	4972	cmd.exe	93
PID 4972 wrote to memory of 4332	4972	cmd.exe	93
PID 1944 wrote to memory of 4684	1944	cmd.exe	94
PID 1944 wrote to memory of 4684	1944	cmd.exe	94
PID 1944 wrote to memory of 4684	1944	cmd.exe	94
PID 4332 wrote to memory of 2776	4332	net.exe	95
PID 4332 wrote to memory of 2776	4332	net.exe	95
PID 4332 wrote to memory of 2776	4332	net.exe	95
PID 4972 wrote to memory of 3528	4972	cmd.exe	96
PID 4972 wrote to memory of 3528	4972	cmd.exe	96
PID 4972 wrote to memory of 3528	4972	cmd.exe	96
PID 3528 wrote to memory of 3616	3528	cmd.exe	98
PID 3528 wrote to memory of 3616	3528	cmd.exe	98
PID 3528 wrote to memory of 3616	3528	cmd.exe	98
PID 3616 wrote to memory of 3496	3616	net.exe	99
PID 3616 wrote to memory of 3496	3616	net.exe	99
PID 3616 wrote to memory of 3496	3616	net.exe	99
PID 3528 wrote to memory of 1612	3528	cmd.exe	100
PID 3528 wrote to memory of 1612	3528	cmd.exe	100
PID 3528 wrote to memory of 1612	3528	cmd.exe	100
PID 1944 wrote to memory of 4236	1944	cmd.exe	101
PID 1944 wrote to memory of 4236	1944	cmd.exe	101
PID 1944 wrote to memory of 4236	1944	cmd.exe	101
PID 1944 wrote to memory of 4976	1944	cmd.exe	102
PID 1944 wrote to memory of 4976	1944	cmd.exe	102
PID 1944 wrote to memory of 4976	1944	cmd.exe	102
PID 3528 wrote to memory of 1588	3528	cmd.exe	103
PID 3528 wrote to memory of 1588	3528	cmd.exe	103
PID 3528 wrote to memory of 1588	3528	cmd.exe	103
PID 1944 wrote to memory of 1084	1944	cmd.exe	104
PID 1944 wrote to memory of 1084	1944	cmd.exe	104
PID 1944 wrote to memory of 1084	1944	cmd.exe	104
PID 3528 wrote to memory of 864	3528	cmd.exe	105
PID 3528 wrote to memory of 864	3528	cmd.exe	105
PID 3528 wrote to memory of 864	3528	cmd.exe	105
PID 1944 wrote to memory of 5400	1944	cmd.exe	106
PID 1944 wrote to memory of 5400	1944	cmd.exe	106
PID 1944 wrote to memory of 5400	1944	cmd.exe	106
PID 3528 wrote to memory of 3992	3528	cmd.exe	107
PID 3528 wrote to memory of 3992	3528	cmd.exe	107
PID 3528 wrote to memory of 3992	3528	cmd.exe	107
PID 1944 wrote to memory of 4124	1944	cmd.exe	108
PID 1944 wrote to memory of 4124	1944	cmd.exe	108
PID 1944 wrote to memory of 4124	1944	cmd.exe	108
PID 3528 wrote to memory of 1852	3528	cmd.exe	109
PID 3528 wrote to memory of 1852	3528	cmd.exe	109
PID 3528 wrote to memory of 1852	3528	cmd.exe	109
PID 1944 wrote to memory of 5620	1944	cmd.exe	111
PID 1944 wrote to memory of 5620	1944	cmd.exe	111
PID 1944 wrote to memory of 5620	1944	cmd.exe	111
PID 3528 wrote to memory of 5492	3528	cmd.exe	113
PID 3528 wrote to memory of 5492	3528	cmd.exe	113
PID 3528 wrote to memory of 5492	3528	cmd.exe	113
PID 1944 wrote to memory of 2364	1944	cmd.exe	114

C:\Users\Admin\AppData\Local\Temp\CheatEngineUnpacker3.41.exe
"C:\Users\Admin\AppData\Local\Temp\CheatEngineUnpacker3.41.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\run.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\installer.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1944
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\1.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4972
    - - C:\Windows\SysWOW64\net.exe
        
        NET FILE
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4332
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 FILE
        6⤵
        
        PID:2776
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /C "C:\Users\Admin\AppData\Local\Temp\1.bat"
        5⤵
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:3528
      - C:\Windows\SysWOW64\net.exe
        
        NET FILE
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3616
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 FILE
        7⤵
        
        PID:3496
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1612
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1588
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:864
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3992
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1852
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5492
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 127.0.0.1 -n 3
        6⤵
        Runs ping.exe
        
        PID:5852
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -inputformat none -outputformat none -NonInteractive -Command "Expand-Archive 'C:\Users\Admin\AppData\Local\Temp\comm.zip' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\'"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5808
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 127.0.0.1 -n 1
        6⤵
        Runs ping.exe
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\data.exe
        
        C:\Users\Admin\AppData\Local\Temp\data.exe -p"bfeuebfmd9AD" -d"C:\Users\Admin\AppData\Local\Temp\"
        6⤵
        Executes dropped EXE
        
        PID:6020
      - C:\Windows\SysWOW64\PING.EXE
        
        ping 127.0.0.1 -n 2
        6⤵
        Runs ping.exe
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
        
        "C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
        
        "C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
        7⤵
        Executes dropped EXE
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 372
        8⤵
        Program crash
        
        PID:2364
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4684
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4236
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4976
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1084
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5400
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4124
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5620
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2364
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5824
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:5140
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2184
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1968
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5788
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5336
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:396
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:220
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5956
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5756
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:928
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1236
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5300
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2544
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4152
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:6100
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5604
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:5264
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5652
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:6028
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:4904
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:3588
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5456
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:348
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5200
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2688
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2536
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:4812
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1320
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2468
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2332
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4784
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1128
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2744
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4984
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:1840
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:3656
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:116
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:6056
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:3236
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2992
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4392
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:6120
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:4136
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5312
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4368
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4336
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4564
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4312
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:4712
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5372
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:5688
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      PID:5692
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:3116
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:2804
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 3
      4⤵
      Runs ping.exe
      PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5884 -ip 5884
1⤵
PID:4792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4528

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\installer.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:1396

C:\Users\Admin\AppData\Local\Temp\data.exe
"C:\Users\Admin\AppData\Local\Temp\data.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
"C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1152
- C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
  "C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
  2⤵
  - Executes dropped EXE
  PID:5604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 344
    3⤵
    - Program crash
    PID:2656

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1.bat" "
1⤵
PID:5844
- C:\Windows\system32\net.exe
  NET FILE
  2⤵
  PID:5596
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 FILE
    3⤵
    PID:980
- C:\Windows\system32\cmd.exe
  cmd /C "C:\Users\Admin\AppData\Local\Temp\1.bat"
  2⤵
  PID:740
- - C:\Windows\system32\net.exe
    NET FILE
    3⤵
    PID:3608
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 FILE
      4⤵
      PID:5820
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5588
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:1400
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3868
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4316
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4500
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5396
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:5052
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -outputformat none -NonInteractive -Command "Expand-Archive 'C:\Users\Admin\AppData\Local\Temp\comm.zip' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:5468
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 1
    3⤵
    - Runs ping.exe
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\data.exe
    C:\Users\Admin\AppData\Local\Temp\data.exe -p"bfeuebfmd9AD" -d"C:\Users\Admin\AppData\Local\Temp\"
    3⤵
    PID:744
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 2
    3⤵
    - Runs ping.exe
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
    insta3d311.exe
    3⤵
    PID:4692

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1.bat" "
1⤵
PID:2120
- C:\Windows\system32\net.exe
  NET FILE
  2⤵
  PID:2024
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 FILE
    3⤵
    PID:3016
- C:\Windows\system32\cmd.exe
  cmd /C "C:\Users\Admin\AppData\Local\Temp\1.bat"
  2⤵
  PID:548
- - C:\Windows\system32\net.exe
    NET FILE
    3⤵
    PID:4264
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 FILE
      4⤵
      PID:3704
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3524
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:4156
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:6120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -ExclusionPath "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:3812
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Users\Admin\Appdata\Local" -Force"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:2236
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:4824
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -inputformat none -outputformat none -NonInteractive -Command "Expand-Archive 'C:\Users\Admin\AppData\Local\Temp\comm.zip' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:432
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 1
    3⤵
    - Runs ping.exe
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\data.exe
    C:\Users\Admin\AppData\Local\Temp\data.exe -p"bfeuebfmd9AD" -d"C:\Users\Admin\AppData\Local\Temp\"
    3⤵
    PID:2420
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 2
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
    insta3d311.exe
    3⤵
    PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5604 -ip 5604
1⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
"C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
1⤵
PID:1548
- C:\Users\Admin\AppData\Local\Temp\insta3d311.exe
  "C:\Users\Admin\AppData\Local\Temp\insta3d311.exe"
  2⤵
  PID:3468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 444
    3⤵
    - Program crash
    PID:5056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 420
    3⤵
    - Program crash
    PID:1868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5664
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\cr.tmp
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4536

C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
1⤵
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3468 -ip 3468
1⤵
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3468 -ip 3468
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\insta3d311.exe.log

Filesize
1KB

MD5
6dd2b2e332f641268ade3fbee81828a0

SHA1
fbb9ba6b2d8644acc81d1813df8394eb16935058

SHA256
4005814778c17ce5bb518ba97a0e3a7547e9fd54c736b45b145d51ae38e34f46

SHA512
30d7ef784b86b5184fd5d851bd3725325ffef723815107008b159b43b3e40fbbfc00f5ce071113aaa11334d5878e86da0bd4bef5d3d403622da4028311d1884f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
df6e78acf63eb953eabc71a77110057e

SHA1
cdf335c19c38884bcae117b5d11da60019b3feee

SHA256
155982f833e6b76581a6750cc30c64bab66f1c4b86eafecb92a94e4a0804e9e4

SHA512
b1ba1e52975cec27224b50cde11ec7b059eef22d25e4eece100f4522559ebb4423c9a62b44f289e31161f5cc8fbb9503ba6848a9adb8a4d8b8497b5ac2765ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
9b80cd7a712469a4c45fec564313d9eb

SHA1
6125c01bc10d204ca36ad1110afe714678655f2d

SHA256
5a9e4969c6cdb5d522c81ce55799effb7255c1b0a9966a936d1dc3ff8fe2112d

SHA512
ac280d2623c470c9dec94726a7af0612938723f3c7d60d727eb3c21f17be2f2049f97bc8303558be8b01f94406781ece0ada9a3bc51e930aff20bebb6ca17584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
22310ad6749d8cc38284aa616efcd100

SHA1
440ef4a0a53bfa7c83fe84326a1dff4326dcb515

SHA256
55b1d8021c4eb4c3c0d75e3ed7a4eb30cd0123e3d69f32eeb596fe4ffec05abf

SHA512
2ef08e2ee15bb86695fe0c10533014ffed76ececc6e579d299d3365fafb7627f53e32e600bb6d872b9f58aca94f8cb7e1e94cdfd14777527f7f0aa019d9c6def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
dd1d0b083fedf44b482a028fb70b96e8

SHA1
dc9c027937c9f6d52268a1504cbae42a39c8d36a

SHA256
cab7944d29e0501dc0db904ac460ca7a87700e0ec7eb62298b7b97cbf40c424c

SHA512
96bec38bfda176292ae65dcf735103e7888baa212038737c1d1e215fcb76e4c0355e4a827a1934303e7aecae91012fa412f13e38f382b732758bae985cc67973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
ba169f4dcbbf147fe78ef0061a95e83b

SHA1
92a571a6eef49fff666e0f62a3545bcd1cdcda67

SHA256
5ef1421e19fde4bc03cd825dd7d6c0e7863f85fd8f0aa4a4d4f8d555dc7606d1

SHA512
8d2e5e552210dcda684682538bc964fdd8a8ff5b24cc2cc8af813729f0202191f98eb42d38d2355df17ae620fe401aad6ceaedaed3b112fdacd32485a3a0c07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
15dde0683cd1ca19785d7262f554ba93

SHA1
d039c577e438546d10ac64837b05da480d06bf69

SHA256
d6fa39eab7ee36f44dc3f9f2839d098433db95c1eba924e4bcf4e5c0d268d961

SHA512
57c0e1b87bc1c136f0d39f3ce64bb8f8274a0491e4ca6e45e5c7f9070aa9d9370c6f590ce37cd600b252df2638d870205249a514c43245ca7ed49017024a4672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
b4b6d4cc52b5a3a71149b1f33d94d5de

SHA1
97d3dbdd24919eab70e3b14c68797cefc07e90dd

SHA256
da8c02ce00d5b1e6d4c3667465c7bbc14d7cd5227eb634f3d9690afd488267fe

SHA512
fc894f03709b83df7d2fca2779e1e60549078b67bcdbff0b61c8e5a802982210ae971309c1f92577573299288963ab5c95c6b38cbaedf53dc6062812c57a97af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
54522d22658e4f8f87ecb947b71b8feb

SHA1
6a6144bdf9c445099f52211b6122a2ecf72b77e9

SHA256
af18fc4864bc2982879aed928c960b6266f372c928f8c9632c5a4eecd64e448a

SHA512
55f2c5a455be20dcb4cb93a29e5389e0422237bdd7ac40112fec6f16a36e5e19df50d25d39a6d5acb2d41a96514c7ecd8631ce8e67c4ff04997282f49d947aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
eed2bf6fdf8c7eb9fdb26bc70be5f21e

SHA1
7ee65726cc71f9fa755be9926794672d0c3ce265

SHA256
3ccb95bff2327e04c4b8183217fee14d21a9a7260107b2d13e4438f0a6fd30fe

SHA512
ca20bc64c7acf276d18f8423564830df7a61f10f055602ac61a31a413ca67c9682ea798399168718d672010640d7df7a2f9f540560ad4e82fc296cb8bf08c72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
b0b96bff50814bc3989f11d9cc99a70c

SHA1
c9890001cd5fc68bf2f8478241ed08d9d4127f5d

SHA256
e565e4542706c675bb87974e198aaeaafbdf76d53f1ff92d11266ece0527f0e1

SHA512
dd384e066a543420fc2d2c2f1dce51b3c90059c490003b92b1cd17e7d920710d0972533098cd29517048e8e96ce1079f002f87d7831dcee5359a2c1b4dd77c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
3a462ae3a75e54fbb2b7f09f1febcf65

SHA1
abb40ccf22b5b9e956fc1b715bb53d9990e86842

SHA256
e88c27ee04c227be90134cb2a846a04ac8d7ed0a62cb57dc8762562c5311cda0

SHA512
4316a7b4991f33a1f81bfa52463b99e19f836a904b70f54722efb4a66212bcd6cc629cf3e97f7614240d3e3b49b9a7d4179538bd5bcdf0091cebb8c76d093e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
f2b0e27ff46f06016ec919ee5a6ea130

SHA1
80e5c1922a46a6ef6598fb8215e8ed0ab106d7a5

SHA256
299a9663d4377dad106a1565fb8464679ca6290de98694c9a04f48ede674227c

SHA512
0cc786cc22009834310928921024e6bf06a8a9e5ef785ce81b2ba858bfedd71d07b8b5a016d296262effe151d050ca0a29cee7d6f8c8fd248d99850fd5fd845e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
0245b69b4ebef4dc2b6cf5b248d21869

SHA1
14248ac2445dda30ff299741532228a13918b6df

SHA256
6960ecaf21ca963677b486ae08789d465e53067a72c6accb8d7addff92289c6e

SHA512
18be304eabe8a48770f97dc059f2adbabc6a1ddd7afc28f706a57c45771848c834eebb7f576af2a9b787e78fb33079ff5ab439e5b4638c1e7b7a88297fdcd865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
5df96b95a1673526e8a4337ef31a818c

SHA1
513c0f7620c4e8d261034fa0d6f379077a5c2ef8

SHA256
072f5c82fe7b6cc0aefd1f96748baeb2f72303da2d77df5216d16f614fb014dd

SHA512
d163694049817b27b6ad150c737873625cac0236552294986e1ece9efd0dc2ac78811f68c390ff94cede209381f8f01374beb0a8ded38a22a467ee473e640fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
48a2c9eaf847c426b960a097f17a58ca

SHA1
40bcd38f66cd0dcc279aeab384d848fc027f4886

SHA256
a6ddd8703a9494356e6a01bc274b94b271535244660411ed310ca194a391e550

SHA512
954384e385cb716fbe06a09549db8ded4dded1c54138a8e0c6b82b44826924946eb262d4d661942eb6097bf7af797c94ba5162ad3fcab163ec90347b97077b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\1.bat

Filesize
4.0MB

MD5
e0912f115d98c12f2259c48265ee4970

SHA1
1ec4f51f9415733584c702e62f5dfee3c54a5345

SHA256
507adef360c94c1bfd220b9b6819d4c116e64e93021d5ab836c79b316e0653ce

SHA512
4ea52d14ae440196decb2300c162e39b6c1cd56723e804648b4fdbc6770a74c9efab6b79deeed5cbab47d40c03f14eca4b3bcbb053f29d3ebb29ec2ea888b728

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\quant_wavenet_r9y9.wav

Filesize
2.3MB

MD5
4a1d53e7fd0f268a7fd23fb9b3139ee3

SHA1
a80942c3cab97ea97b2406fab965bb4b3c16c2fe

SHA256
7832608e235911200d1c224c201d3aefefe3b154911a53c2507cd83e31447c1f

SHA512
cc00e720b65246bd0ad30dec09a35a5bc0f409645f47d8576649036408a258b7a372c0e4f5f16b222a9965a92cd2dd03fd6f782bec5f1a85438a339c310dfd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\real_birds.wav

Filesize
2.3MB

MD5
0390e78a8086536f56e11b0b40be2d62

SHA1
ba61e82cce9e0ef301db174f83e94b9244faa799

SHA256
9102b9e757cea1fddffd0f82888ff829af7f11f6c522a31939fd54daf0b3aa22

SHA512
6182190e88ccbbb060a6779b97e27794aa69252f4196b307165006d57234aeee62283c1cfb41d405847c5079d3828706cab648281d40dafaf9cb10984868b1e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\real_piano.wav

Filesize
2.3MB

MD5
5b88b489ce5a9207f1b60669d32f7a0e

SHA1
d2ba6f65e8091324b5042baefd58bde2177fa724

SHA256
216fdaac90960ee05ff540fe214cfdc314b4ae57892437c940eb7b0edb9bc87f

SHA512
df3bf926e4c85adc21599348442b4e8093885030d9dd0fda3ea0a50606cfd1cd805ee89cdd7f43c48863671e68309955fac14e50bb157590e6984a2233333b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\real_tatum.wav

Filesize
3.5MB

MD5
f764169bffe65099eda80ace5f90e046

SHA1
82bcaec9920ffabc3c6ea08a277511c2e871b230

SHA256
88341a5ee3600529b8026d421d2b6004299d9bc3d89bdb3e2a8643cca107f3ed

SHA512
3eedf74feb8a30e2ddb6767b25580625e7d200e34e8a20a7412bc4e60d8ca5194c7d2436a632cedc676d93841a560bd0de9470d48f6eee4a4ad3b7d5f4064d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\real_timit - Copy.wav

Filesize
2.3MB

MD5
9c82673085c3d170dfa63a6c7be31776

SHA1
3a753da6e8fef9a09e841dc2cd1f7d97832dfb65

SHA256
0fbf274c9a44e2e2842423bdfe570a5ba7cbd4e1c4ac5446e45c56d022fb1fb7

SHA512
d42e2caf6b76a715139d7da3e172d1b7abecbc424fe7a8fa4ce4ad371d2c199873eca4882b0f51df81c8c18749d846c887f49d92b4d83ef77708436d83e64638

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\specgan_birds - Copy.wav

Filesize
2.3MB

MD5
189ae0c626d6d7287e0ffed4389ccb05

SHA1
ec64c9f7b9fa6d6879793317e8431ac69338ddb8

SHA256
f43a43e58ecd71a43a1393a6c6a3056228e525963704ed75ae04bd5fbcd2305f

SHA512
973e344a2d266a1eb1bd848945c3cfcc16e5c4f0aa9e71f6fdfd96b9e7a18cbca630239257bf69b0922dae275e364068609be6d42f6a6209e853b2ff0600790c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\specgan_drums - Copy.wav

Filesize
2.3MB

MD5
6eb8849162425bf473a9a86f8765e014

SHA1
4d439d545b09d5711a3e85c68ff43c6c39934a85

SHA256
33c47e6d4a82a09134205811a63ed78a1de4af1f61fb04c921785ad91e3ecaef

SHA512
a630af5c1a517bd652f689c98e8d6c4438c1a34c2e847f52aa61dcb1c64f5296b286a6fee715a865061ee3b26a72b904617c913c34299f0c402f8149d2d7f943

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\specgan_piano.wav

Filesize
2.3MB

MD5
ee5fb4b49fe3d85f8a18d622d155c1b7

SHA1
3cb420a5b81952e8b02c71402f79fb2d14ae696a

SHA256
c4017d513a85a3dbde5ea42ee0c500e19a392147793c30e51f4b8e4af0afd751

SHA512
48df84936ab9940d809930a595e6ddbf77b9ca00f5a2426ca0b5e77c30a636a44fddbcad99c16bb40805928f6aa1be34308425549fc318440a3c87d52a7f5d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\audio\specgan_sc09 - Copy.wav

Filesize
2.3MB

MD5
9d8691fd2b28078cac74060d0fd33bf7

SHA1
21d9fa20835c46cec90641380ea9aa71c57ab85e

SHA256
1bbf3a28bc06757cb8a3b19bc7186c583594b18ac459df231cf9c9aabb1f3bb9

SHA512
626e71144737ba2e057a426a7f6c59f1b92dc52141752f6a8711af969574e441c1582c038b4254c917126ee656f17281bea7a8a093e1e05eff55b4d54dceea50

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\comm.zip

Filesize
3.0MB

MD5
47036df2ac77e96c5ba5a681a9183415

SHA1
7d3a7cd2446ccead1d5d96be39ab159ce3cf478e

SHA256
357bc8cbb92ec8e531cc4edfa2a19e2812cac8582e9fffc91f8708b9e5a8c078

SHA512
fd94c234ea8936915e5d69834f663a9792b2a300cd5ae4db9352f2fabb4f8f134d2a06d4b9a2844ea8b60ae274ab9f0cdb44e2fb317c985fa30f6e1ba570ba2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\installer.bat

Filesize
2.0MB

MD5
e14e2acdab535ddd830cd13fa6ea2c3b

SHA1
77cd13003a3bad487deb8c851f4df82e3a47c614

SHA256
cc0c709dd7a62bda01a8f23c601a2b74e88b9a2cdc2d91756b377bbeef4ae863

SHA512
28391bf0f6d5e1fb16e86d87763a0d8a7d1c69efce842b8d419478e653d8e7fd62d1e4908adde3677913fbab2ee312148fccc4554310282a1a8c11fc984ad90c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\mock-registry\.gitignore

Filesize
302B

MD5
8da13f306c8c0f4f4a32960e93725b42

SHA1
b9ee3f4a8b64284a8f698206993e4ec2cf83f66f

SHA256
ca7a3d5544beb40beb598f6ae22527e8cbcbc29b67f241ad9e572a50a89848b0

SHA512
59e6493139d8a3af2889fb337032f41124a53f5ca7ee06906c97d4f6cf0fa942f28b3b7ce2d449b10ea0a01a39282397984ea46df43571d2a5fe753fc20bb6cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@isaacs\cliui\node_modules\emoji-regex\es2015\text.js

Filesize
15KB

MD5
12148d2dff9ca3478e4467945663fa70

SHA1
50998482c521255af2760ed95bbdb1c4f7387212

SHA256
1fb82c82d847ebc4aa287f481ff67c8cc9bde03149987b2d43eb0dee2a5160b6

SHA512
f9f6a61af37d1924e3a9785aa04a33fa0107791d54cb07663c6ea8a68edfae3766682e914b6afaf198eb97c7f73ab53aa500b4661cdabdebd2576526664166f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@isaacs\cliui\node_modules\emoji-regex\text.js

Filesize
14KB

MD5
7b33dd38c0c08bf185f5480efdf9ab90

SHA1
b3d9d61ad3ab1f87712280265df367eff502ef8b

SHA256
d1e41c11aa11e125105d14c95d05e1e1acd3bede89429d3a1c12a71450318f88

SHA512
22da641c396f9972b136d4a18eb0747747252cf7d5d89f619a928c5475d79375fbbe42d4e91821102e271ea144f89267ff307cd46494fdf7d6002ce9768b7bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@isaacs\cliui\node_modules\strip-ansi\license

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@npmcli\query\LICENSE

Filesize
798B

MD5
c637d431ac5faadb34aff5fbd6985239

SHA1
0e28fd386ce58d4a8fcbf3561ddaacd630bc9181

SHA256
27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21

SHA512
a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@npmcli\run-script\LICENSE

Filesize
739B

MD5
89966567781ee3dc29aeca2d18a59501

SHA1
a6d614386e4974eef58b014810f00d4ed1881575

SHA256
898c2bcff663681498ad1ca8235d45b6e70b10cdf1f869a5b5e69f6e46efedd3

SHA512
602dd09be2544542a46083e71a6e43fefc99eb884bdd705f629f8b4bf49192c6f8c482cd6a490397afde100be9347524079abb4c6d18bda3f64cf2fb77d2fe4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@sigstore\sign\LICENSE

Filesize
11KB

MD5
f03382535cd50de5e9294254cd26acba

SHA1
d3d4d2a95ecb3ad46be7910b056f936a20fefacf

SHA256
364a130d2ca340bd56eb1e6d045fc6929bb0f9d0aa018f2c1949b29517e1cdd0

SHA512
bbbbee42189d3427921409284615e31346bdbd970a6939bc1fe7f8eaed1903d9ad0534ddf7283347d406fa439d8559fbf95c6755ece82e684e456fce2b227016

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\@sigstore\sign\dist\types\fetch.js

Filesize
77B

MD5
8963201168a2449f79025884824955f2

SHA1
b66edae489b6e4147ce7e1ec65a107e297219771

SHA256
d43aa81f5bc89faa359e0f97c814ba25155591ff078fbb9bfd40f8c7c9683230

SHA512
7f65c6403a23d93fb148e8259b012d6552ab3bff178f4a7d6a9d9cec0f60429fc1899e39b4bca8cc08afc75d9a7c7bfdb13fc372ca63c85eb22b0355eb4d6000

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\ansi-styles\license

Filesize
1KB

MD5
915042b5df33c31a6db2b37eadaa00e3

SHA1
5aaf48196ddd4d007a3067aa7f30303ca8e4b29c

SHA256
48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0

SHA512
9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\cross-spawn\node_modules\which\LICENSE

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\emoji-regex\LICENSE-MIT.txt

Filesize
1KB

MD5
ee9bd8b835cfcd512dd644540dd96987

SHA1
d7384cd3ed0c9614f87dde0f86568017f369814c

SHA256
483acb265f182907d1caf6cff9c16c96f31325ed23792832cc5d8b12d5f88c8a

SHA512
7d6b44bb658625281b48194e5a3d3a07452bea1f256506dd16f7a21941ef3f0d259e1bcd0cc6202642bf1fd129bc187e6a3921d382d568d312bd83f3023979a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\inflight\LICENSE

Filesize
748B

MD5
90a3ca01a5efed8b813a81c6c8fa2e63

SHA1
515ec4469197395143dd4bfe9b1bc4e0d9b6b12a

SHA256
05dc4d785ac3a488676d3ed10e901b75ad89dafcc63f8e66610fd4a39cc5c7e8

SHA512
c9d6162bef9880a5ab6a5afe96f3ec1bd9dead758ca427f9ba2e8e9d9adaaf5649aad942f698f39b7a9a437984f8dc09141f3834cd78b03104f81ad908d15b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minimatch\dist\cjs\package.json

Filesize
25B

MD5
df9ffc6aa3f78a5491736d441c4258a8

SHA1
9d0d83ae5d399d96b36d228e614a575fc209d488

SHA256
8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a

SHA512
6c58939da58f9b716293a8328f7a3649b6e242bf235fae00055a0cc79fb2788e4a99dfaa422e0cfadbe84e0d5e33b836f68627e6a409654877edc443b94d04c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minimatch\dist\mjs\package.json

Filesize
23B

MD5
d0707362e90f00edd12435e9d3b9d71c

SHA1
50faeb965b15dfc6854cb1235b06dbb5e79148d2

SHA256
3ca9d4afd21425087cf31893b8f9f63c81b0b8408db5e343ca76e5f8aa26ab9a

SHA512
9d323420cc63c6bee79dcc5db5f0f18f6b8e073daaf8ffa5459e11f2de59a9f5e8c178d77fa92afc9ddd352623dec362c62fff859c71a2fab93f1e2172c4987f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minipass-json-stream\node_modules\minipass\LICENSE

Filesize
787B

MD5
78e0c554693f15c5d2e74a90dfef3816

SHA1
58823ce936d14f068797501b1174d8ea9e51e9fe

SHA256
a5a110eb524bf3217958e405b5e3411277e915a2f5902c330348877000337e53

SHA512
b38ebcf2af28488dbf1d3aa6a40f41a8af4893ad6cb8629125e41b2d52c6d501283d882f750fc8323517c4eb3953d89fa0f3c8ceba2ae66a8bf95ae676474f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minipass-json-stream\node_modules\minipass\index.js

Filesize
16KB

MD5
a8c344ac3d111b646df0dcae1f2bc3a3

SHA1
d8a136b49214e498da9c5a6e8cb9681b4fda3149

SHA256
dbc5220c4bc8b470da9c8e561b6a5382cf3fa9dcd97cace955ac6fd34a27970c

SHA512
523749e4d38585249f1e3d7cfb2cb23e7f76764b36d0a628f48ff6b50f0a08c8e8526a1236977da1bd4ac0ff0bd8d0ba9b834324f2bdef9bea9394dd6878c51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minipass-json-stream\node_modules\minipass\package.json

Filesize
1KB

MD5
1943a368b7d61cc3792a307ec725c808

SHA1
fc79b496665e2cdfc4bdaac9c7d7c4b2f4645f2c

SHA256
e99f6b67ba6e5cda438efb7a23dd399ee5c2070af69ce77720d95de5fb42921e

SHA512
7c05f03f5d3db01798c56c50d21628fc677097630aacf92e9ea47e70ff872d0e4e40217c1c2d5e81fc833ccf5afe9697f8f20a4772459b396aa5c85263289223

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minipass\dist\commonjs\package.json

Filesize
19B

MD5
95b08bc3062cdc4b0334fa9be037e557

SHA1
a6e024bc66f013d9565542250aef50091391801d

SHA256
fa6944a20ca5e6fbaf98fd202eb8c7004d5b4ab786e36b9ed02ee31dbe196c9f

SHA512
65c66458abe2101032cdd1b50ca6e643e0c368d09dfa6cc7006b33ed815e106bb20f9aff118181807e7df9f5d4d8d9796709b1ec9a7e04544231636fdf8fdf42

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\minipass\dist\esm\package.json

Filesize
17B

MD5
6138da8f9bd4f861c6157689d96b6d64

SHA1
ee2833a41c28830d75b2f3327075286c915ed0dd

SHA256
6dc1b06d6b093e9cccb20bee06a93836eee0420ae26803ca2ce4065d82f070d1

SHA512
0a3f1cb1522c6e7595186a9a54ed073ffa590b26c7d31b0877f19c925f847037e9f972066bfed62609b190eb2bc21ff7b31514e08c3de64780fef5982cbb21f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\node-gyp\node_modules\are-we-there-yet\LICENSE.md

Filesize
717B

MD5
1750b360daee1aa920366e344c1b0c57

SHA1
fe739dc1a14a033680b3a404df26e98cca0b3ccf

SHA256
7f75bb21103e77b7acfcf88a6ad0286741a18b5d13c4326160346e8cf7e356ad

SHA512
ff2486d589d32fb35aad9c02cd917ba1e738ca16b7ccc7954cdc4712a968fc5fc25612b489f962cbe8ddb2be40057cd1b59402aa9cade9b6479a1d0e1d7743a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\node-gyp\node_modules\cacache\node_modules\brace-expansion\LICENSE

Filesize
1KB

MD5
a5df515ef062cc3affd8c0ae59c059ec

SHA1
433c2b9c71bad0957f4831068c2f5d973cef98a9

SHA256
68f12f6e2c33688699249c01d8f9623c534da20aa71989c57b061b7bc1676d14

SHA512
0b0068b8beb6864dbb6971d9fe165d2d5fd420bcd6d7bbbd8f42589eb981bf95d854df2d16c21d378ea6d48f562345d2f66de0fd17134dffa8495eb496e6dff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\node-gyp\node_modules\minipass\LICENSE

Filesize
787B

MD5
5f114ac709a085d123e16c1e6363793f

SHA1
185c2ab72f55bf0a69f28b19ac3849c0ca0d9705

SHA256
833faa18ac4b83a6372c05b3643d0d44ecd27d6627b8cd19b0f48fe74260cf39

SHA512
cab00a78e63dec76fa124fc49d1c28962d674fa18dda5fdf2819078bd932f1bf0cc9abd741b78f62869b4809473099f85ba8a622bc96f4ee92cf11b564346597

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\npm-audit-report\LICENSE

Filesize
755B

MD5
5324d196a847002a5d476185a59cf238

SHA1
dfe418dc288edb0a4bb66af2ad88bd838c55e136

SHA256
720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d

SHA512
1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\read-package-json-fast\LICENSE

Filesize
756B

MD5
ff53df3ad94e5c618e230ab49ce310fa

SHA1
a0296af210b0f3dc0016cb0ceee446ea4b2de70b

SHA256
ec361617c0473d39347b020eaa6dceedaebab43879fa1cd8b8f0f97a8e80a475

SHA512
876b0bd6a10f852661818d5048543bb37389887bf721016b6b7d1fa6d59d230d06f8ff68a59a59f03c25fbc80a2cbb210e7ca8179f111ecd10929b25b3d5cdfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\text-table\LICENSE

Filesize
1KB

MD5
aea1cde69645f4b99be4ff7ca9abcce1

SHA1
b2e68ce937c1f851926f7e10280cc93221d4f53c

SHA256
435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b

SHA512
518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\tuf-js\LICENSE

Filesize
1KB

MD5
391090fcdb3d37fb9f9d1c1d0dc55912

SHA1
138f23e4cc3bb584d7633218bcc2a773a6bbea59

SHA256
564bcb001d6e131452a8e9fba0f0ccc59e8b881f84ce3e46e319a5a33e191e10

SHA512
070121c80cd92001196fb15efb152188c47fdc589b8f33b9da5881aa9470546b82cb8a8ea96fe1073723f47149e184f1a96c2777a9fc9b45af618c08464d6c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\node_modules\wide-align\LICENSE

Filesize
752B

MD5
9d215c9223fbef14a4642cc450e7ed4b

SHA1
279f47bedbc7bb9520c5f26216b2323e8f0e728e

SHA256
0cef05dfff8b6aa7f35596984f5709f0d17c2582924a751efa471a76de7cdc11

SHA512
5e4ba806f279089d705e909e3c000674c4186d618d6ab381619099f8895af02979f3fc9abb43f78b9ffed33b90a7861f6c4b9d6c1bb47ed14a79e7f90eca833c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCA52B287\run.bat

Filesize
158B

MD5
3ac76abe63895f6d34e79c161253bb6a

SHA1
b56f87e1a24ccbb9108090b7e8be0c16ca340aef

SHA256
3fbaca8d5efebb708f5e0bcaa47927ebbd80223f803a1aa24f657c54e229fa52

SHA512
ea5ebdce1b24cccf2727dad32283743375296a3cc612ae5a6b0878f941a1089a8a5370abdc7408a117d497426d3bc9c882130469268c22124b8741bee1f1f677

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5kgtgej5.2sd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cr.tmp

Filesize
8KB

MD5
3fd78ac884f3b867fd1faf2eaa0ccf71

SHA1
7acc08e8f717ac7c18eba4b664f93d1cad7dc335

SHA256
97566c4de0556852dda6eca5098ea584d466d382fcee57e14b4f981203bae5fd

SHA512
bcbc71ffba452769dc67981cbb93c6795d2bfaf874c2323aa773ef3f01cb34f080b7adefaef123196669d4be5639cb4c2f05c8484ec1b613a36082d4ed841f70

Download Submit
memory/864-6437-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/1588-6416-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/1612-6365-0x0000000004E20000-0x0000000005448000-memory.dmp

Filesize
6.2MB

Download
memory/1612-6402-0x00000000072E0000-0x00000000072E8000-memory.dmp

Filesize
32KB

Download
memory/1612-6401-0x0000000007300000-0x000000000731A000-memory.dmp

Filesize
104KB

Download
memory/1612-6400-0x0000000007200000-0x0000000007214000-memory.dmp

Filesize
80KB

Download
memory/1612-6399-0x00000000071F0000-0x00000000071FE000-memory.dmp

Filesize
56KB

Download
memory/1612-6398-0x00000000071C0000-0x00000000071D1000-memory.dmp

Filesize
68KB

Download
memory/1612-6397-0x0000000007240000-0x00000000072D6000-memory.dmp

Filesize
600KB

Download
memory/1612-6396-0x0000000007030000-0x000000000703A000-memory.dmp

Filesize
40KB

Download
memory/1612-6395-0x0000000006FC0000-0x0000000006FDA000-memory.dmp

Filesize
104KB

Download
memory/1612-6394-0x0000000007600000-0x0000000007C7A000-memory.dmp

Filesize
6.5MB

Download
memory/1612-6393-0x0000000006E90000-0x0000000006F33000-memory.dmp

Filesize
652KB

Download
memory/1612-6392-0x0000000006E70000-0x0000000006E8E000-memory.dmp

Filesize
120KB

Download
memory/1612-6382-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/1612-6381-0x0000000006260000-0x0000000006292000-memory.dmp

Filesize
200KB

Download
memory/1612-6380-0x0000000005CD0000-0x0000000005D1C000-memory.dmp

Filesize
304KB

Download
memory/1612-6379-0x0000000005C90000-0x0000000005CAE000-memory.dmp

Filesize
120KB

Download
memory/1612-6378-0x00000000056A0000-0x00000000059F4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-6373-0x0000000005630000-0x0000000005696000-memory.dmp

Filesize
408KB

Download
memory/1612-6367-0x00000000055C0000-0x0000000005626000-memory.dmp

Filesize
408KB

Download
memory/1612-6366-0x0000000004CF0000-0x0000000004D12000-memory.dmp

Filesize
136KB

Download
memory/1612-6364-0x00000000026E0000-0x0000000002716000-memory.dmp

Filesize
216KB

Download
memory/1748-6813-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6802-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6780-0x0000000005B50000-0x0000000005BE2000-memory.dmp

Filesize
584KB

Download
memory/1748-6781-0x0000000005C00000-0x0000000005C0A000-memory.dmp

Filesize
40KB

Download
memory/1748-6782-0x0000000005F10000-0x000000000616C000-memory.dmp

Filesize
2.4MB

Download
memory/1748-6786-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6794-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6822-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6828-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6838-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6844-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6846-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6842-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6840-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6837-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6832-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6830-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6834-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6826-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6824-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6820-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6818-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6816-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6814-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6810-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6808-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6806-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6779-0x0000000000EE0000-0x0000000001164000-memory.dmp

Filesize
2.5MB

Download
memory/1748-6800-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6798-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6792-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6790-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6788-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6784-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6804-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6796-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-6783-0x0000000005F10000-0x0000000006167000-memory.dmp

Filesize
2.3MB

Download
memory/1748-11645-0x00000000069E0000-0x0000000006A7A000-memory.dmp

Filesize
616KB

Download
memory/1748-11646-0x0000000005490000-0x00000000054DC000-memory.dmp

Filesize
304KB

Download
memory/1748-11647-0x0000000009010000-0x0000000009064000-memory.dmp

Filesize
336KB

Download
memory/1852-6479-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/3992-6458-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/5492-6511-0x0000000007370000-0x0000000007381000-memory.dmp

Filesize
68KB

Download
memory/5492-6512-0x00000000073C0000-0x00000000073D4000-memory.dmp

Filesize
80KB

Download
memory/5492-6499-0x00000000057D0000-0x0000000005B24000-memory.dmp

Filesize
3.3MB

Download
memory/5492-6501-0x0000000070470000-0x00000000704BC000-memory.dmp

Filesize
304KB

Download
memory/5588-16527-0x000001C4E9EE0000-0x000001C4E9F02000-memory.dmp

Filesize
136KB

Download
memory/5808-6539-0x00000000065E0000-0x00000000065F2000-memory.dmp

Filesize
72KB

Download
memory/5808-6525-0x0000000073700000-0x000000007374C000-memory.dmp

Filesize
304KB

Download
memory/5808-6535-0x0000000007A30000-0x0000000007AD3000-memory.dmp

Filesize
652KB

Download
memory/5808-6536-0x0000000007D00000-0x0000000007D11000-memory.dmp

Filesize
68KB

Download
memory/5808-6537-0x0000000007E20000-0x0000000007E42000-memory.dmp

Filesize
136KB

Download
memory/5808-6538-0x0000000008D90000-0x0000000009334000-memory.dmp

Filesize
5.6MB

Download
memory/5808-6540-0x0000000006600000-0x000000000660A000-memory.dmp

Filesize
40KB

Download
memory/5808-6524-0x0000000006810000-0x000000000685C000-memory.dmp

Filesize
304KB

Download