hxxps://www[.]dropbox[.]com/scl/fi/2swfq4300e0upqywylev2/Siena[.]zip?rlkey=mnntklr6tuy7vmf408plqep3x&st=rilxxlhb&dl=0

Analysis

max time kernel
79s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/2swfq4300e0upqywylev2/Siena.zip?rlkey=mnntklr6tuy7vmf408plqep3x&st=rilxxlhb&dl=0

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 53 IoCs

pid	Process
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe
2572	main.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678269720119035"	chrome.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.json	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\⑍夀言Line_Arrow\ = "json_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\⑏堀蠀AppItemList	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\⑏堀蠀AppItemList\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\.json\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\⑍夀言Line_Arrow	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\json_auto_file	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5516	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5392	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe
5392	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 2424	4768	chrome.exe	84
PID 4768 wrote to memory of 2424	4768	chrome.exe	84
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 2252	4768	chrome.exe	85
PID 4768 wrote to memory of 1644	4768	chrome.exe	86
PID 4768 wrote to memory of 1644	4768	chrome.exe	86
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87
PID 4768 wrote to memory of 4244	4768	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/2swfq4300e0upqywylev2/Siena.zip?rlkey=mnntklr6tuy7vmf408plqep3x&st=rilxxlhb&dl=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3b09cc40,0x7fff3b09cc4c,0x7fff3b09cc58
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1932,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4624,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3752,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4368,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4028,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5212,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5232,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,11626970006812904062,9834292849365053470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:8
  2⤵
  PID:1128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3548

C:\Users\Admin\Downloads\Siena\Siena\main.exe
"C:\Users\Admin\Downloads\Siena\Siena\main.exe"
1⤵
PID:2264
- C:\Users\Admin\Downloads\Siena\Siena\main.exe
  "C:\Users\Admin\Downloads\Siena\Siena\main.exe"
  2⤵
  - Loads dropped DLL
  PID:2572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5392
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Siena\Siena\config.json
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2065dc95b9a48d8a96a2b696164143dc

SHA1
06767ac247f2f679f10e3f7c1fa4d87e6de4e8d2

SHA256
7674ddd3703c8b12d52b9124d2f2bec8269e0c11d31b29b71a5a02202164d798

SHA512
80d482821529f60f0fc710d99c7578d6e83136c3855316d35ebf620627c04512ff3437019e547b28e7142e653f8f832a31f805a7f9ed529a48e5e074200404e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
45KB

MD5
dfc5e24cbc1b134e0c00c61e84ec999a

SHA1
d3b1a8ef1d0f6f9162986479252570525719f203

SHA256
b5db3e633ec765fc01a19c06b0955d56c2503285e59d8d348d08ec34abbfeaf3

SHA512
48726cb83bdd0eb6822a73734ae272286483e8aeb6e18f57e635ed9269ca3c6c62e2d900224138dafe32a79a94c3c7694307ff413505d695a77fe602681df27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
28KB

MD5
8b6a23605542aa5ed08ecf170cc061f2

SHA1
be7a5b58e9aee7eb2d36927b4dc2f0610c3c2cd0

SHA256
138d0a55989a81aede9a115cbbf485a3d91140cb1cb98480358d17c644d2c8d6

SHA512
27d0a5687b2e3c49337d6bf7a46aa46e48d72a4c3e6f5ef810771217bda4a2feb60b002344e26cad2f1700eaddd92f41439a04858822617ecf77b176fc27fd13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
499ee0a120616a47fc23d7f721fb0d80

SHA1
ee38fea5a07feea124e2615d8e3aa7df1183edb3

SHA256
bc8849abf8c15383d3fb100a8d01f747df46819c9f5faf63acec13cf6b5ca86f

SHA512
8e5423b5797a8316ad16e84efa7f0a83e38b6784b87625d001ff328a242d269a2d55a8e6b837d4a96d4b5ee7f4db8a790187ed11aa794f6995a0186234c69333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
961d17db40ee3009db80a5e97120e01f

SHA1
9e4a2fd61fe662c20513f8955ad9be4fb3533a79

SHA256
d1bd58f8bc1870ca8ada8e73715220908c75789aca2bb23cb8c854cc6be98bfa

SHA512
38b18c493f178d5035e90bc627b63c21751cea95e778ff9c4803bade5f7cc9d608cc31cab5918f731678dd256d651919d20e1e4fd114296aeff9580868f25e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
f228791470ac207dbec7d839a75876ad

SHA1
826ccb1a8638de45adc902fae7c769767dbea1a8

SHA256
604d6cd20bed69ce77aa4ca56fb5048be13729f5d13e588e9fd91b26109ce997

SHA512
7672171e4a346b57f8b6f47de79bc0220a260b1107f73a93301834752340bcfbd990d978c7295223b2f974da002ddf798c209a4784bf72c88a30b42cba0da3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
dfa3056bf536bdd1321cd7da149e2ff3

SHA1
ca1ad4528d9a5a1b22117031ca0dd1ea444518c4

SHA256
68fca02076f76670d462e25998b9811f806c7b37833cfc1bc26a184bcef41f44

SHA512
3ed4e99375b653547f19cc0618d35891b6abb18c090cf3a4a540fba85c06e095bc76f5ea92f803f09134e1a2a4039cb358fc031ffea7764ebcf36042ddb85759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e934afe088a4c7630e73102df5796c01

SHA1
e78234bf635b1cde17efe49bbb13ffe7b145bb0b

SHA256
2df245953837f9003cd5e11a0980859ddb293334a569c190b96763f195232c09

SHA512
8ca41e61e6ed43589d97753b79f7b89a435af68eee7bc9fc85aeefba96c2a5437afe3b9fbdb4659af1f4c3602290d81c0c729548e964869ecf1795f91e8f4128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb04deaeb816b8293370f795a8db0a31

SHA1
5f92797bc5947045e321433fd381a1ce241c8208

SHA256
e4c7539a9c31e7d151cf7674e3bb77249f7ab6007729adb90d8c0b5a5a218ee8

SHA512
be5fb940899a5ad9ba4bb19d3769c8aacf190763997855793b968d80e97c10e731e98b00f79e4994ed6024fb337002a7873a75627cd724e8ffd90a0d7ddbe193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
340cf817aecf65e6cf785f5499929902

SHA1
d27dbe089fd61677cf482fddeaf32082e3a1c2d0

SHA256
5521320afc6752bc9ec58ac95eefc624ef18e39f81a492d8f5152799f0f6feb0

SHA512
b3bfa9afb9fc9d32bbe10d3a834bb04a953e92323ba70544b29e1acb54f6a2a7f167c650c94c8016f79a8907f824f2b8541340d46e3826c3b657067d4b5af1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84c6c4d28d165592e7cacd642a2492b2

SHA1
1b6cd15db29ac250d3f15440b0f1bfe8fd1873a2

SHA256
4d520f5a3fbe0edd6a16221b29336ce1bec012bac94a47ecaf0865fb76ca4780

SHA512
ba7115881b4bdea2b36230362f903efc279d4d66145ab11a4b16d55f597f382dcb802f0f52746312130a60f1d2561510305e9eeeb09910a668e09a7098712e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38eb0f31520b459fdef320d3f33e384f

SHA1
f640e0e008e38f52bf26f92ff32030dfe803a3eb

SHA256
49f195923d9fdc2760690ec468298bf7c98e146f045b3e2bc0d558d1d537b0bc

SHA512
18606ed7e5926fe980587effa391f061968d86cb278de9b9d5cec0a4eae38748b6e5c214fa26500364b8966de0b6075aa450ad489b12320e11f40e63db4907d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd18c19e9dca23da30ab9c25751a09e4

SHA1
72b3f54c45ab166f2203a4b6a157444fb62af335

SHA256
595d773ebc3060e6b97224bc815241f3e488d524469e2114ac7159d89fb949cd

SHA512
838904cf6545a299d9ea63991bb6def9d0b3428f20097472e76eaad61789e588efc56e704e0882bef2f1334a11a1a58875aa323433937a293930b4afb6d2572c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcf0f5e1275d4c560b212ad099207bd6

SHA1
a0626fb8c9335b28f44f9904e9d41f9c3b72ebac

SHA256
b1ccd17adcb243865307a82281b73893b71e8f5d9e7c8d26f0b23059683b8422

SHA512
b5431c5230735366326763b2346f33925e0945f079dae9e9bfe52724bc435accbecc3d7ed8c8c9cf2758416c2282528914362a2fa55077e84540acca9780f4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1510fc020a218521d728137705336ebc

SHA1
5d0ee6e351ef28ad26143e0e2b88638aa79570ad

SHA256
190560c82f52eab1c646868c91972c6120c1e1c50ee34270f7db6bb727480825

SHA512
b1331e69cc9a5e880fe87da89c49e5986293ffd94478854a02a8c2c814d991c9f368bc4938de4bf435fb358627af5f92bc5fe783cac5bbf75a21ebe91a07f55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce9b7be49beaf53639a075b106fbbb17

SHA1
cb64811e8409231cd2318eef80f44b8dcf20412c

SHA256
4063a3ea3ae86afedfb579a569ec01cdeda706d4f7de0872ae061e944401a3fa

SHA512
00c7ee329cd7a792fa29a80966de0c736c9e91c8b708508ff52f002dbbf884def73d48082a39df62ec25018b12d36bc2fdf81022028a86bc6b6d581086ae7950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
53b0c70e176e28692241256e9e0cdb31

SHA1
82a0404ebbf37ee44f0024a326886b5ed3870943

SHA256
747d69d7af125585ccd4672eaeb029a87808702183471fdff5b90ea121931c39

SHA512
a46217d46e276dab5cbda7738008cd04aec554dd8a132b7feef0f7ef7edb1380966cc391165097735dbf8d5bb609b03d9c9c409ad2adfe2393b62e5f499c5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b7f4a195fc07fc0ca5c0dc851a6710f4

SHA1
a89dbbd25865346d18514d5c16b1e12495b8062d

SHA256
7497aa38dec2d8e93a79c1fa198ed5f1a80d585ae410100ea0b969a58a7f8da9

SHA512
322ace02d12eb97ba83e8c964d22c109e38188bffc58f09218245ac73ed94a69a03c6c04ab7c32704a55e7c44b482507a94f2fee3fffe4891483a02fb0a361f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\Qt6\bin\MSVCP140.dll

Filesize
576KB

MD5
01b946a2edc5cc166de018dbb754b69c

SHA1
dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46

SHA256
88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5

SHA512
65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\Qt6\bin\MSVCP140_1.dll

Filesize
30KB

MD5
0fe6d52eb94c848fe258dc0ec9ff4c11

SHA1
95cc74c64ab80785f3893d61a73b8a958d24da29

SHA256
446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f

SHA512
c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\Qt6\bin\Qt6Core.dll

Filesize
6.1MB

MD5
95f9304e28f9dc888dc4f834d3197054

SHA1
310f6a10b5ec4e33251ba0f73cf0f94e356c150c

SHA256
553bd299ad4a7e210b9547b91b0c09f8a9039cde3a606ca825e2a886559d1bfd

SHA512
511d76667cc42687e6e8ddc40cee175bb4c797229b1f1c610b8cd6e5696eb059a1721905b169542f5279a57407c96a3d7ee323fdf4ed0031da71acd360d9221b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\Qt6\bin\VCRUNTIME140_1.dll

Filesize
43KB

MD5
6bc084255a5e9eb8df2bcd75b4cd0777

SHA1
cf071ad4e512cd934028f005cabe06384a3954b6

SHA256
1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460

SHA512
b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\QtCore.pyd

Filesize
2.4MB

MD5
a98986acd775b508b54f642319eaf3ee

SHA1
eb45c095122b0a9d54686ce1fcdec2b65aba02dc

SHA256
8c90250e9dc8d20f5723b9940cb842c50a8b1c416289ce39fbea283260089d36

SHA512
9a92f89eff9ebc059524b29a54a521fdbe76248ad782dfb1cef4c702c5c0d7dfff5f0a501257e7ee7de404745e623b2979ef5bfa19d618204796ff16396a9733

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\PyQt6\sip.cp312-win_amd64.pyd

Filesize
108KB

MD5
b35d8f8cb5e5a658812888810bbb9e87

SHA1
a7a9061410ff7eb2c2ef9dc2a1c1af8f7879aae9

SHA256
b6b6cfbe5ff696812d74314605dbeda10f927c6983ce470adebe9c5a6b707c63

SHA512
1b6305617840aaf24e717796bc822a3d3bd708b12dd5981af95b7421288ac6d21193d464ccb0cffbae8e799d671fc1ae687ce539fc5ede76dd0711d1fc3b5026

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_asyncio.pyd

Filesize
69KB

MD5
28d2a0405be6de3d168f28109030130c

SHA1
7151eccbd204b7503f34088a279d654cfe2260c9

SHA256
2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d

SHA512
b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_brotli.cp312-win_amd64.pyd

Filesize
802KB

MD5
9ad5bb6f92ee2cfd29dde8dd4da99eb7

SHA1
30a8309938c501b336fd3947de46c03f1bb19dc8

SHA256
788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8

SHA512
a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_bz2.pyd

Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_ctypes.pyd

Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_decimal.pyd

Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_hashlib.pyd

Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_lzma.pyd

Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_multiprocessing.pyd

Filesize
34KB

MD5
a4281e383ef82c482c8bda50504be04a

SHA1
4945a2998f9c9f8ce1c078395ffbedb29c715d5d

SHA256
467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c

SHA512
661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_overlapped.pyd

Filesize
54KB

MD5
ba368245d104b1e016d45e96a54dd9ce

SHA1
b79ef0eb9557a0c7fa78b11997de0bb057ab0c52

SHA256
67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615

SHA512
429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_queue.pyd

Filesize
31KB

MD5
6e0cb85dc94e351474d7625f63e49b22

SHA1
66737402f76862eb2278e822b94e0d12dcb063c5

SHA256
3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b

SHA512
1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_socket.pyd

Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_ssl.pyd

Filesize
174KB

MD5
5b9b3f978d07e5a9d701f832463fc29d

SHA1
0fcd7342772ad0797c9cb891bf17e6a10c2b155b

SHA256
d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa

SHA512
e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_uuid.pyd

Filesize
24KB

MD5
353e11301ea38261e6b1cb261a81e0fe

SHA1
607c5ebe67e29eabc61978fb52e4ec23b9a3348e

SHA256
d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899

SHA512
fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\_wmi.pyd

Filesize
35KB

MD5
7ec3fc12c75268972078b1c50c133e9b

SHA1
73f9cf237fe773178a997ad8ec6cd3ac0757c71e

SHA256
1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f

SHA512
441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\base_library.zip

Filesize
1.3MB

MD5
08332a62eb782d03b959ba64013ac5bc

SHA1
b70b6ae91f1bded398ca3f62e883ae75e9966041

SHA256
8584f0eb44456a275e3bc69626e3acad595546fd78de21a946b2eb7d6ba02288

SHA512
a58e4a096d3ce738f6f93477c9a73ddbfcb4b82d212c0a19c0cf9e07f1e62b2f477a5dd468cd31cc5a13a73b93fa17f64d6b516afef2c56d38ede1ace35cf087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\pyexpat.pyd

Filesize
196KB

MD5
5e911ca0010d5c9dce50c58b703e0d80

SHA1
89be290bebab337417c41bab06f43effb4799671

SHA256
4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b

SHA512
e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\python3.DLL

Filesize
66KB

MD5
79b02450d6ca4852165036c8d4eaed1f

SHA1
ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4

SHA256
d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123

SHA512
47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\select.pyd

Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22642\unicodedata.pyd

Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
memory/2572-607-0x00007FFF203C0000-0x00007FFF22476000-memory.dmp

Filesize
32.7MB

Download
memory/2572-595-0x00007FFF266F0000-0x00007FFF2695B000-memory.dmp

Filesize
2.4MB

Download