e6be54977591490a8f26f029a10b47d4d9ac915ded169819a64be41320c8f485

Analysis

max time kernel
127s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fusion Client Downloader.exe
Size

13.8MB
MD5

4d4676072684cf6b5e92bf019b105e8f
SHA1

e2283313c4652d42318ad6d1ebef0f40b70d73ec
SHA256

e6be54977591490a8f26f029a10b47d4d9ac915ded169819a64be41320c8f485
SHA512

a2a2812ad9b84ad54b67eb35057c8e6f31a5cc8fe3c66fbd64b8283e2ba4dd9b0893c9cec36f2df9eeb54526c70ad541d3521ae1ecc24f8b018caedbafc8a1de
SSDEEP

393216:MOaBMYHbHxsXljoPf9Zk6GmTqgTbY5JOuSiS:GBnzaVjw9Zk69Og/liS

Score

4^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

streamer.exe

pid process

2700 streamer.exe
1440

Loads dropped DLL 51 IoCs

Processes:

Fusion Client Downloader.exestreamer.exetaskmgr.exe

pid	process
2320	Fusion Client Downloader.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2700	streamer.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Fusion Client Downloader.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Fusion Client Downloader.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fusion Client Downloader.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

streamer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	streamer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	streamer.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	streamer.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

Processes:

taskmgr.exe

pid	process
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

2664 taskmgr.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskmgr.exe

description pid process

Token: SeDebugPrivilege 2664 taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2664	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

streamer.exetaskmgr.exeMagnify.exe

pid	process
2700	streamer.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2208	Magnify.exe
2208	Magnify.exe
2208	Magnify.exe
2208	Magnify.exe
2664	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exeMagnify.exe

pid	process
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2664	taskmgr.exe
2208	Magnify.exe
2208	Magnify.exe
2208	Magnify.exe
2208	Magnify.exe
2664	taskmgr.exe
2208	Magnify.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

streamer.exeMagnify.exe

pid process

2700 streamer.exe
2700 streamer.exe
2208 Magnify.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

Fusion Client Downloader.exestreamer.exeutilman.exeMagnify.exe

description	pid	process	target process
PID 2320 wrote to memory of 2700	2320	Fusion Client Downloader.exe	streamer.exe
PID 2320 wrote to memory of 2700	2320	Fusion Client Downloader.exe	streamer.exe
PID 2320 wrote to memory of 2700	2320	Fusion Client Downloader.exe	streamer.exe
PID 2320 wrote to memory of 2700	2320	Fusion Client Downloader.exe	streamer.exe
PID 2700 wrote to memory of 2064	2700	streamer.exe	cmd.exe
PID 2700 wrote to memory of 2064	2700	streamer.exe	cmd.exe
PID 2700 wrote to memory of 2064	2700	streamer.exe	cmd.exe
PID 2356 wrote to memory of 2208	2356	utilman.exe	Magnify.exe
PID 2356 wrote to memory of 2208	2356	utilman.exe	Magnify.exe
PID 2356 wrote to memory of 2208	2356	utilman.exe	Magnify.exe
PID 2208 wrote to memory of 2664	2208	Magnify.exe	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Fusion Client Downloader.exe
"C:\Users\Admin\AppData\Local\Temp\Fusion Client Downloader.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2320

C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\streamer.exe
.\streamer.exe -a 73e72ada57b7480280f7a6f4a289729f -s production -c https://dl.appstreaming.autodesk.com/production/
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:2064

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2664

C:\Windows\system32\magnify.exe
"C:\Windows\system32\magnify.exe"
1⤵
PID:2368

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
- Suspicious use of WriteProcessMemory
PID:2356

C:\Windows\System32\Magnify.exe
"C:\Windows\System32\Magnify.exe"
2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\VCRUNTIME140.dll

Filesize
96KB

MD5
1ed796eece27e1a665937e4e282376b0

SHA1
bacb75d4f95b6e626137832f1af86ed16c98c496

SHA256
fd823c90cc78aa625d00abf55ff3b59ed4a35794b24a23eba83293fe786500be

SHA512
e8d8388ce746cd15c46bf3047927bc3fe117ffc45f97220bef53a444743082f3e83485edea07eead55a0bc1304c8bea9429f821939c0963a2efb70e5e2f85553

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
e58297d742d5fed29129dcdf506aa9b5

SHA1
fc12e0e2c7eec11cc653ff60fb78ab1b1c6dc200

SHA256
f18a72c4df9a8bc68f0a8bb699e0e7139c9f8eeb85db49b720727a2d48b3c7ed

SHA512
8b4a8defafc49dd6d1518026310f03d9152c20888b581a659b8766c7638e27ef16ba921a46d6ba7c3b0ab2a0d4681f608fb17f3ee1d80391ab7d00f9da1071f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
00a6b0d2f85a726412eeb481bf3c7577

SHA1
e06dba491f3115b9a6957ff7039a5e314cfb3685

SHA256
63e61bc0dd3d284993c84b0206d025ece67ee342212fcb9269e5ce640415295f

SHA512
a3735f2fc01e15627c82d0251bfba29c144deee386b5f8c261eea007f2cf99706699db6b20b85c238591a4a296cf25ac6c2a22f2171910116ac7e645f09c507e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
3750988b3cd11fef8ec641aa34dc1219

SHA1
9365203db226eb70717f2b21f894be6c204715ea

SHA256
478800dffec30dd467948d77bffe1a2fe9f330181017effa056c9d442acb0145

SHA512
86ed581e0edc8fd1e2f9ff9687e461c92a7b7c8e48968916e9ef274f3ced2b065ec65b69766f1f7b19963a88a918b2332a41fecf8c4ab89bb3a41ad902a2539f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-path-l1-1-0.dll

Filesize
112KB

MD5
b446d8fd7ea3e25a1642f3c11d75aa47

SHA1
254b45727dba46e45806c918defa8dba10201278

SHA256
833c05dc58c72b8b5e8d358c2f0503f55c3cb47ddcb0fbd9970e67648834f422

SHA512
dc9ca8a5ed56e13176007f4d5a820d91328085992b6a51128710cca07afcc9d9ad973eeaeb271d52bb9d122bbf59e2220f237a164359710aa7368c76d4391105

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
a20413efec884765285d932fd17b9dcd

SHA1
e6ea541310853ff447077180bd5106777748441b

SHA256
4306c3ea2677d5a7a4e447efd0b98d13a579eb85424691f82a8f8e9a21cadcb7

SHA512
34004ea0dda1c13644bb09e48125710e6cac9eea762972c1e197bdafe781112861812dc5dc78d10be193259c547e919e4140919871edc5da25ef26aa1b0e1036

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
e74236d8c6dcba5b6f777979750e60e4

SHA1
ba77ea72c12379e1e1c3d5189f9e5e47a2a95b04

SHA256
08f27924ff0d63578b0eada8cbd975e128aaf412b7a090a7c8a43ec3491fe95e

SHA512
fc6a4dcb63d25689b680a68fffca62605fe9517bfb45161ad1e36078e42a62c53d87773a53888d2927b6b3519dc7044dcc82a3ff3347a8e4ac1ec474a9b46833

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-convert-l1-1-0.dll

Filesize
17KB

MD5
de5505e11b49d690e032418dca921b73

SHA1
5bd86a8a45f44b62e8c47dc798fb7b885229cdc1

SHA256
29043d40506827440d55fb659889cd1ad5e1e5f21265a16ea29312807ac48b14

SHA512
75bc2a95b36070d1a06f3f66173b455280e8ebed649db75cd73302d91fce0e736318f7b7e713b97fe78caa3f26411bb198ad554012877d6bd36422b110389f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-environment-l1-1-0.dll

Filesize
13KB

MD5
9cbebd3569a397c37e55d247186ca959

SHA1
b093ab41f1e5be4e144c59369fa46bd78e8691d3

SHA256
a243c3118e76474bbac436d50a9b839569b43273be29a714c455f36817de4920

SHA512
02990070ab3bceaa7e8c0e2bba1f44c7937ba44ebce5c64d829a036894cd8ce5c3740486789bd2bd73df6cb7fe91ab6e0b6cacdd9ee95850ade3210b6db7bf88

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
15KB

MD5
7098fd8368dbbf40c215a14691e73dc9

SHA1
440aae61cc0aa1254458b5bf730eeab58a2a6938

SHA256
47ca13ed1d2bb5d2dbc1eef76f6d39cdbffc533d09e05143d6ab300dda03d596

SHA512
610301eb9a83c31e874d2d19edd0e9b3538104ef9dfd69e9007e52f246a4053b51001c9e49e3e253da4856f4ca3937deb720c0ef47386f9ddc1c8b5d80ad07b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-heap-l1-1-0.dll

Filesize
14KB

MD5
9c67e82a2a69853e9c9467c720d676ae

SHA1
a0e9eb513f284bf18b165dd1c843068764fb4b0f

SHA256
593c491fffae5ba9a8873c2c5588a2f6ba9832d2307968216c2330c6b9cb71df

SHA512
6cf140b25fa03c1d4c6b7777fee85b51d720f40423d05bc47cbc1696b9ce18d4c188d0d9c34c8eeba65f432ca6d2b531c3fda341c898cca72f72336b8a580d76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-locale-l1-1-0.dll

Filesize
13KB

MD5
14d20c4733c5eed8c246f1aa441c45ba

SHA1
9b96565461c69746780fa92eeef23f3d2b714ae5

SHA256
e574497145bb4c37be1d4d54787e8648ce8e9b5976a749a125727aa4f38da453

SHA512
c195f97f5c6d91012aa1ec01b7b81bb90e7679c3a6b2f8b10e5b0b17e88cfabd4dabc26144f1418253786290c6db604dc5a2d9fc11e07793abaa8002f761a6f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-math-l1-1-0.dll

Filesize
22KB

MD5
ced724b8bb9f6044751372a274cdd9a8

SHA1
f378f8408af8ae9c109ff00b4a335c9fa39c756f

SHA256
21c8d39c0dcda6576a26df389b23e6dfc5286ff0d959a4d104f6e68c7785e501

SHA512
2306b6a85548ce2546cca9f3074ae8f7e1bba6299249e312a33dedf1f690b6771e9eba852379583385f73c99444aba028c18a497957807502d674df239cfd559

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-process-l1-1-0.dll

Filesize
14KB

MD5
d9b78dd1c995cb83aa2e50922fea7f6e

SHA1
eba88c8b9e87499b5c8e0661749b8ce9feca5c43

SHA256
4ac46a90223925b317de5a1c5b750afaa3f0349e375ca30ac018e09865fee33e

SHA512
714125e800fd32a01afeb366a9f0d4b05065cb3b0a56fb3eb91bc0cb3404acd417283588bf92510b74bbb3a1d3c5a2eb44c20bc07ccb27fcbb372dc8d36bd9fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
19KB

MD5
1df3c6a805a6aabc9b2e724ccea72e3c

SHA1
d568f04c76191197eff455621aa960dbff2d9503

SHA256
a98c84b88854701c2b97b8e0ef00c032f57d3eb5c09ce20cb6def3e3b6d1a33b

SHA512
2efdc14b1d73d29eaa6f0e7c040b11e80e8510e1246816c1800202559c77f1c4f0df5cee159800909e3b203f7cc90934666f23b4db27c18f6a9c63e8bb5bc7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-string-l1-1-0.dll

Filesize
19KB

MD5
4134ef5bbe935997558e1d6754f0fb8e

SHA1
3f06b187b825246d234a9364525b7ba4009fe41a

SHA256
016d9332f391d90605a8977aa7da48d20e6de83f79216e691c46994c19a71a5f

SHA512
aae39af30d6403689e056b9109a4cbfaefd573318488af06c80047d95466758922282c787422123980da597f9cdb1081b8a8da99cc71a6ab70172ba1599d2fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-time-l1-1-0.dll

Filesize
15KB

MD5
2f76b52458e1d6b3848b8aec12fae8bc

SHA1
8aca3c8f91d3d388de417a9736df775cd0dd8482

SHA256
52a59f2c34160e4ccb83bebf65320f89f36f0c35e0bed600fcea75eb894c227f

SHA512
71b3f8ae96704bd495b1fd712a0f43db348375e7606629c2d7bdc7bce7fd68f66e7b038815b8198601e7ee2af569af6e5254a03432d092bb197def8e50ab6223

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\adsk\__init__.pyc

Filesize
132B

MD5
e934fb4e3609276bbd73959217572ac3

SHA1
fd43d68e62b8c4150969e0c42b8a234a18585f27

SHA256
e9468b19ae1ae1106eb85e8455ef73c384328ae8d6ef5e20d7755c83a9bc92a9

SHA512
fe353e7f53811c889fe9530c54ce11386570b2b57c8f51a570ef0507da323d659af399190518db345598ab9c9b01faa9644eb789b2de4fe2244e26fa03031869

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\collections\__init__.pyc

Filesize
76KB

MD5
a8b89a0b1a76f3cab29a0d1ebe9b5f9e

SHA1
a15af4a23a5cdcc149689d750c27add7cc2f124b

SHA256
339defe95b236c123daa314e298f3a11810357b4aaa15a3d14e5f4e6230fc94c

SHA512
5cbac6f1e09bc1b38348fe889784420efaa71e2b72d525b186880a2c473230ff3ee2da2903a2a949fe6cf7b7493b701af874673bcbde42d18bc2be9a8bd0d31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\collections\abc.pyc

Filesize
314B

MD5
88712887bdc4a3656c1555c367c3f197

SHA1
6f1226d58b10dcfa64ccbfbe2ec9a1bb00ff671e

SHA256
0be20cc7c4e3bdcc0ae451130997c68a488d7607d5fb39d205d04eb7dd7115a4

SHA512
c310767e5778bc047642d7faa50950a400220c36857cc0baf9419fe2ac150ebad00ca7c8504bbd7b14f829e61c822a85189f0a141f83a5df9a2012f6e0afa245

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\encodings\__init__.pyc

Filesize
6KB

MD5
faeb00348c9239566df49955a23605fc

SHA1
59db5f7e7a6bdadf405f8cff03b0b6c89591b7e6

SHA256
9677b3350258e9f0f7dcb75aab22e55d9246534ade26cd6db005e1ae7d272d7c

SHA512
0e1dbb181fb8f54032b06685eba45645cce948633e8cc5a139feb0c5c14e13387934ecc5971dc1f9b167464c02860c14dca53af51c6e38bdacdd22515fea793e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\encodings\aliases.pyc

Filesize
12KB

MD5
47fae9cd3b585a244bb695c7e2c9fffb

SHA1
b83828e5a53020104459dc3dc1f97d0d4e2c85fb

SHA256
21c79681e9c35feef3c5ddde57ae212572226970cc217afb6f78eb09435f7d45

SHA512
eb7fd6da7cbc44865806099d3aeebc577e685842bde13f6e5b84dc09f7e853dcf46dc169a551b4c9d1b3b7f1f24fc7da1b543216905c5f54acf016b8bacf5f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\encodings\cp1252.pyc

Filesize
3KB

MD5
2971a2bc89105e907b000663cdb91a2f

SHA1
d22701b80e210053565cf936cab1a69284d107fc

SHA256
73c142457fa58461d97cc4499cdfb48873fd42d4af731537590d95025dfc4d4b

SHA512
fa99343a3907b4d88015d333fedba57e4842a10fe25d635618776f01c75b0d1386a605a9781682422c56238f018aac55757c61afc1cad80e689e8dfe4f9e6306

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\encodings\utf_8.pyc

Filesize
2KB

MD5
bf5171b9b48ec68bc76911979a318725

SHA1
cd087800563e4902030fcb85084292dbf1f4fb21

SHA256
7411e9385607b8a625aa1b5e22657fc2671c93205390f98b55719194dfcabb77

SHA512
ffa19279a9bc3390021b2c7ceed53f23b76dc1a2eeb34f0822fa53ff8e6ba378bbb5f46d102801a499fabb5744bc46ccb2af2b9df3ddfd3c8522035aa33ff5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\importlib\__init__.pyc

Filesize
6KB

MD5
0ceb2ccabd82f3b03acdc15b0ea90d3c

SHA1
8d8b00aeae7f535cecec92597d9f71eccabd70f2

SHA256
8f68a5cfa02b00a54164fa25a853b1f60277b9787af3679007bd4ff46a85c203

SHA512
4f33c2ea85bef37ca1a82cb0f6346973a4f6b5de65c20e4989b687dc48e2478f2dcd8c1782651ad726ed94008167c446b05c2bab76968c677c4c88d315dff095

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\library.zip

Filesize
1.7MB

MD5
3345ade840a867cfccebe9d8b6f0a64c

SHA1
224c4cc28819fef2e4fde9e19b490444ebda0a3b

SHA256
f0ced87f5f76919bf7ff4dbc88c283427500ce4e6b231a1eb85a8631c3abb99d

SHA512
4ff00f9f36afeb1b7822e46a56962622329a4ab6af6f34f289b2feb889443075e1b3807a2b01b7eb9419d9ddda78cd514b94298b6e811c6f1d9aa821510e79cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\logging\__init__.pyc

Filesize
96KB

MD5
bd5a20c8a9c34dc4ede0de61c39b8f62

SHA1
2009dcbbf38ff2a1979bbf5290cd13d18cfe7940

SHA256
8d820ae4ebbcd679ca2c82e348638ac15ada518358907e060dbfb43735c266af

SHA512
a1b46cdaeef21aa530ac7188a4554b1ec814e47b24c0ba746cb665dbf25754e3c30719fa1cbc5c56c3cf8766ae7776c4fec66b498010d381ab5fecfb3fab39e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\re\__init__.pyc

Filesize
18KB

MD5
df54d5afcc48699e41d763fc9db9abb1

SHA1
9e4b7298750d23c1277f97e62cfbdbc1de17b826

SHA256
897eb21587461791386c03bbc0635f53f9693df7bfb2d868401827a605021cc0

SHA512
8e102f2522a535f2c5407ed96af24a308f685711496420594a5d6a58c3dc856d580aa87cce06563720116b8e0f9312d3dc62292c6b7e943478436032aea51aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\re\_casefix.pyc

Filesize
1KB

MD5
507c3dd71adf9d0ac71b87db4751cc79

SHA1
e37844d7474add5867c0d9e9a6e3f9254643baa0

SHA256
b7842cd1fafc6f9baa6bb4e2141579c610e4893bc7f59eea190fa982373206b5

SHA512
89d0fcbcbb7ef042378b548805cf8a3f0490a1e306d01694f0e8eeb353cd76f19b82352563b1aead92e305158ace429cf6da1b9ec18ba6feebde9a7cfb52dcd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\re\_compiler.pyc

Filesize
31KB

MD5
f2c2e66331247586327719be8e3037f0

SHA1
34b7b077181c3b6ffbbcbb73f7a42bebe21a468f

SHA256
22b572eb4bc18fd0467242e75940212bcbbc94b48fa6b170cef01a0b55a8981c

SHA512
c0c603113bba7a436566c69d7daf6d4f0fe451f4c3c9c16ba3f187f6a72a3cea7823abca570f63dc1ac8314d6f1d6c970bb0f8405cebd60e42caedd026d5010e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\re\_constants.pyc

Filesize
5KB

MD5
7c68156a52834d7a603fe31be2aaf1f6

SHA1
74821fbdb3967d0f52a4b519d7933ad92c156341

SHA256
f90c53f2ca646c131241e3d6959229737ca8ba52e2636d069bde46baf92708f0

SHA512
4f2321e3170ab0e889cdf5729d2b3a4e338c3abcbfbdf6200742517235b8843ec1d55ee6aa8dbc3b1bafc049b9d80e72bc670c115509e991d5d32976d45ce3e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\lib\re\_parser.pyc

Filesize
48KB

MD5
6296ac06325c2f1601ae8325c41430be

SHA1
f751487b3fc19f5453dc7c57147ac3a0a9940bcc

SHA256
fb0c39716d3f9726f537b84f591804c7e0d32861ed555135595844c8daf59288

SHA512
e957e239d42512288ba51fffb7999cd03585a1757474aedc50f7b143bae8d5e1a977e9de10dd75045b3ce7bda8e4f91995fd2e1d86db47102ba6237ee396fcc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\python311.dll

Filesize
5.5MB

MD5
a0e5215c5a0f417cd5a8fe7297269204

SHA1
90f559d99dd796edf93c2e72c415c10274be6957

SHA256
97cd7f7280fe045547873ba70f6db2e5fdd14a68b5c11790919fb2c296f161c0

SHA512
5032dc76353ac6e55754522bbd3209336700a9c3db38a0f0a52468e4623aa538e9a27c5d1d7ec78c1a0638ca37e6482b0104e221bef3e5cf12595f3f00b71f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\ucrtbase.DLL

Filesize
932KB

MD5
a3ff58d3267e40003030017aba13fe74

SHA1
53b4679e3eec42ae2fe0c0b5c2a08ec75a345d39

SHA256
5295aa5b40783aca280b6c449cb384ed856aba0be0024ef6e00d1a622ee1bb7b

SHA512
98ecf2cccc5fce61f3f0d1d4c8fd2248e0ee2d0ece80fe3b35f19e63cba7380a7e390a69f80c45edbba7754d137df92ad33c50148e46781f93bb9e8cd160046d

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-core-synch-l1-2-0.dll

Filesize
13KB

MD5
798a8f963eeca18a294a4dae18815234

SHA1
c905bfd2977ec84beaf1d965a3f07d0c0351cf50

SHA256
684042033c9f76318939a634c60e9b8d859035c637e71388778cda8c1407d514

SHA512
5d0aac7da03ea7a5fdfa6c54050c84b1544dc7bf90100547645ad47aadb84fd22357b10ff1a74841377801ad396e96b409546f0d544050ef6b2e5320e9a931de

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-conio-l1-1-0.dll

Filesize
14KB

MD5
76b001afc823779097edb255cb818ed9

SHA1
b1a6387bb6eff5649cc3b3a56149c68c00dc03eb

SHA256
721079066dac1b7f8638b6909b7b8623e88a632d98613de64a19a55e21ae8287

SHA512
bc7d5f169671064a8ae22de719d06e553cd3c2fa742d39b915c7f35fb713bf83a1fd63809de77aa48320a68175c06cc2ddad9615df0ee44f19a16434598ca96a

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
17KB

MD5
8ced0c8a10b7adf792f29d77021bf1d4

SHA1
5c33f8e39280b0c44eba93146bcc16b8b7c9c3f6

SHA256
e300b93b043aa480364faca2cf909679fa2f86666628000b9c8f9644455f82f1

SHA512
f85b46fa2d47ea8940119e4c7dc1d7cd7548174218aa20d181f4c35a19063cb2121b9cfbdf7529de9ed4c86b80e0594093a53cfa0676c08fcdfc5622ee07a68c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\python3.dll

Filesize
64KB

MD5
54cbb008a686da24ae57d52002ad8e56

SHA1
9c5cea5b321615e7c3e8adc4e6f6c682d8a34473

SHA256
88411631570d2d775468698608fa334f856160f68d81b67eac6d830498e08010

SHA512
53e73fc9b94d33b4212bc406a0b7bbf3cad6b3ec2e58d81dd24d9e123d410e9a5087d3b035bbe057486989639171016fe9a35402c13981f7db6468dbabebfcac

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC36E.tmp\streamer.exe

Filesize
26KB

MD5
f20a4ec0a358629ead4e707b739a9d94

SHA1
60391d4f173322af266850ff2a822a912b0db139

SHA256
588dae48a92ee01ab7293e2cb44e1f0b347bf4544b9d47c48388e8e2642adcf0

SHA512
0cec07dc6a6207afcf61c7dbd46a380a49d732700d04720e91d7f64f3f159f82394ba835fe8888205b7bc75bcb15c5e5efb0c34fb2012f7c76e68b328f26a5e9

Download Submit
memory/2208-1269-0x00000000025B0000-0x00000000025C0000-memory.dmp

Filesize
64KB

Download
memory/2664-1266-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2664-1267-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2664-1268-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2664-1270-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/2700-1249-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/2700-1251-0x00000000066B0000-0x00000000066D0000-memory.dmp

Filesize
128KB

Download
memory/2700-1265-0x00000000066B0000-0x00000000066D0000-memory.dmp

Filesize
128KB

Download