c6bf772cfa85f5f83e051aab11bafe17e3bbd16372e9f8b77c71298652cccd1f

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

103.0MB
MD5

ce4a29ffe42cfa030dd86f2790717ed8
SHA1

1974f3d45130e0d8055a6b2f85778feebb401804
SHA256

c6bf772cfa85f5f83e051aab11bafe17e3bbd16372e9f8b77c71298652cccd1f
SHA512

fbf4cbf79d9a441454c012dd8592ae57e15a5a13c4f9d8c18f8908d36fd7ca8b8a5068d91bf91f477cd584d868ca2a8e8a8a8115df46eaf905465a8c8910158d
SSDEEP

3145728:WbCOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB9aLr5Wo:WBgSWNa6sHCip1XcB9aL

Score

9^/10

discovery evasion execution persistence

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	SystemRegional.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	SystemRegional.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
688	powershell.exe
1200	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
1672	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
1664	SystemRegional.exe
5656	SystemRegional.exe

Loads dropped DLL 64 IoCs

pid	Process
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemRegional = "C:\\Users\\Admin\\SystemRegional\\SystemRegional.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
35	discord.com
36	discord.com
37	discord.com
40	discord.com
41	discord.com
42	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
7588	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684669015137800"	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
4240	source_prepared.exe
688	powershell.exe
688	powershell.exe
688	powershell.exe
5656	SystemRegional.exe
5656	SystemRegional.exe
5656	SystemRegional.exe
5656	SystemRegional.exe
5656	SystemRegional.exe
5656	SystemRegional.exe
1200	powershell.exe
1200	powershell.exe
1200	powershell.exe
5852	chrome.exe
5852	chrome.exe
5240	chrome.exe
5240	chrome.exe
5240	chrome.exe
5240	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5656	SystemRegional.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4240	source_prepared.exe
Token: SeDebugPrivilege	688	powershell.exe
Token: SeDebugPrivilege	7588	taskkill.exe
Token: SeDebugPrivilege	5656	SystemRegional.exe
Token: SeDebugPrivilege	1200	powershell.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5656	SystemRegional.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5416 wrote to memory of 4240	5416	source_prepared.exe	92
PID 5416 wrote to memory of 4240	5416	source_prepared.exe	92
PID 4240 wrote to memory of 688	4240	source_prepared.exe	95
PID 4240 wrote to memory of 688	4240	source_prepared.exe	95
PID 4240 wrote to memory of 412	4240	source_prepared.exe	97
PID 4240 wrote to memory of 412	4240	source_prepared.exe	97
PID 412 wrote to memory of 1672	412	cmd.exe	100
PID 412 wrote to memory of 1672	412	cmd.exe	100
PID 412 wrote to memory of 1664	412	cmd.exe	102
PID 412 wrote to memory of 1664	412	cmd.exe	102
PID 412 wrote to memory of 7588	412	cmd.exe	103
PID 412 wrote to memory of 7588	412	cmd.exe	103
PID 1664 wrote to memory of 5656	1664	SystemRegional.exe	106
PID 1664 wrote to memory of 5656	1664	SystemRegional.exe	106
PID 5656 wrote to memory of 1200	5656	SystemRegional.exe	107
PID 5656 wrote to memory of 1200	5656	SystemRegional.exe	107
PID 5852 wrote to memory of 1760	5852	chrome.exe	111
PID 5852 wrote to memory of 1760	5852	chrome.exe	111
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 1028	5852	chrome.exe	112
PID 5852 wrote to memory of 4936	5852	chrome.exe	113
PID 5852 wrote to memory of 4936	5852	chrome.exe	113
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114
PID 5852 wrote to memory of 2664	5852	chrome.exe	114

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1672	attrib.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5416
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4240
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SystemRegional\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\SystemRegional\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:412
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:1672
  - - C:\Users\Admin\SystemRegional\SystemRegional.exe
      "SystemRegional.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1664
    - - C:\Users\Admin\SystemRegional\SystemRegional.exe
        
        "SystemRegional.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5656
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SystemRegional\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1200
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:7588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x514
1⤵
PID:1900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff890dacc40,0x7ff890dacc4c,0x7ff890dacc58
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1892,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:6592
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:6964
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff769f64698,0x7ff769f646a4,0x7ff769f646b0
    3⤵
    - Drops file in Program Files directory
    PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5164,i,17749245436804142824,2385552118234690611,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5240

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca0166831a4dc6a75b022961052cfc5d

SHA1
f571e9f0ca1d045d3f2fcecd92ad350bb8d711f4

SHA256
1fd928127668c7b39e8fe682786b6d86fc064c5a2b97294f4336381f8450367e

SHA512
6c51becde7e2b7ab6c230e8c6f0987a50b6e75d996781a782396743076eb3dd1e4b8b9035f63998c4800701418345b35ac7dcaec16abc1712f187fa9717c10cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
737e3bf0f2ca8a9c5d4a13de051173ef

SHA1
18ef6e5331eac80de6fa3d72cd252801691c3afc

SHA256
5ebd6dcd2930089c5369c5fdd643dcd38882a3791ace6f7ba1b98de5e799794f

SHA512
f4af4795300a77b7de38ae1ab436f416161d1659c569c50ebd0910ac81178e7f21c137676775c90c946738b991f241697ffb91e0adc0413373db78bf3037deb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1cfcfcbf9d4a6f9ab81d2210d5a02c89

SHA1
282abf2f6cdd6f7e2057d0307410baf80b7de797

SHA256
dd70f3ef9a9ebd4b01b6ee4774541346c55563a1d22d91618f867c79df4a6cdc

SHA512
6260bdfb182524c1660bcccdfa9182cfeb826170be8da5949693d63dd3df69464cf87efb35e78bbe9c1c399612d65671885c3be404044834bc98c77f54a6475a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
39fd93379e484ba89bc88599479e125c

SHA1
935a6a7b208fdf6f04b7bd6c07c7839d7cfedcf0

SHA256
896fe26f9942077bca4ffbad4db2f045d9db46900391454d94b3618a941cd37f

SHA512
2eef2ab0fd75ccec96e7372f1689755f91daf157f4359cbff1b9e9d25fb4b42086dbd3bd940074db45c6534e5625ec7fbac442a495ae369c5ab377942f4717ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f44244aacb94392f0dffe7489342ba35

SHA1
a42031c5430666a89e8edc30d142bbeed55a1419

SHA256
1a663805fa10439a57e1fe1bf22a5664ea90f324a4ce9d6bbf737aeeed4cfff7

SHA512
ff036e722680076ec807574332902a43860dc49840bd31b76ea706288cb58ae3d953ec07dc0c4f388713dcf2ba2fcda344bd8016d56ce7d5fad523bcf2470af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b5a533f7b644ad34f9f0963e707642b0

SHA1
2c9afcbb69e7514b738c8cc7512cee48b0ac38b2

SHA256
e9ecb7bc05bcb6bd4d8d244c7859b1c42754fd9f3989f4503bda947491692584

SHA512
d297f474dc2ae11ad35227167a0801019b89ab6690c071d19627d562c18d3eedbbf89d7ba439d9196180d9f600ab4f13a9ff05d0d67222e2a168c5d30a07e381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a69a8532af09b1c358f65947485fe0f8

SHA1
3a6ca5ed841d2dacc7cd1cdd9be38339d9a6da60

SHA256
3d1ad607e0b93aef6c657ed5f7a76703ad19ad214eeaad382048fa3d52055fc3

SHA512
1d97eadc19b600f827e53d445d3a0361ddd4fbb7c6fffdbbff30d3ce02bbc4b032804c0727a597e5938126eae00bf103271e22a98cae40a2e1bb49dc97fb11e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
940ceda92e624a77e083d8dcebd91997

SHA1
9d73c29f83322f975f18a029ab5d3c337b404107

SHA256
8bfd39b0ee591f4d5e8ff660197c66fba811277c24a5f459d4c2652bfb53785d

SHA512
220d5575a5a6d5e6d646fa587fb888ce4c48071eb57ee5f2130995f9cf80c7c66e864b24ceed5a39de32f16c5f40b7aaa32213d742a5b812b403938fc56b1b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e65cdf02948dadaaabf2c281ab1bfc48

SHA1
276c1266d94985cd3640b0ee5af822b9c96d41b7

SHA256
327b334e2d76b9abe76866abc6ee68eb0468ab41fa53013dfdcfc5f3d7dedb1a

SHA512
42d585b4e58c163951424cd86b149febfe18d99b54dbd80e49124e0902028f853c5b8f076b0025b2386e76af1ca841903d3453a399db4b6528be7e714b35448d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
d9e76e1d32da5c86daee547cd3e9ce77

SHA1
1afbdb0c10992f1de9dcc36c597defb4a7e5f2c7

SHA256
c6ae541a7f464789b02055d5c658b44148b01e386de498fe1e291c9a00475153

SHA512
11026d42ac86cca8635ae8ef1cd749042e41b6ab678b5182af992eb3d4c4c96b3dcdbdeb325f40d7f8d974baa56a7dd81d03d7c6230e5776306887427a79b7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
c88d276933d20042030bcefdceaa7029

SHA1
907bbbe3868c1bc10fced08af94488515abb2209

SHA256
d81e6ba9fce0fe5c161a739985e593aa81a28f5c37689c040fbfde0091e7e9e8

SHA512
f857d6dc518548db3b8c160ebe6e63128d3a8c4bf38fbd9ff09306c61f5155b62b529f26000f7b3332cda4978c32477e9403ce9b90bc644ae224f739c14495a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
5c953fc63b21468d813c0c58bd87ba07

SHA1
aec4e509c6fe56d53b6e18834ce66c45967f6a6b

SHA256
76faea53b757827e5f251476ef401ec3a719b885e2906f19711292b78b69e2ac

SHA512
afc6f13e05167eea9d7a4b7c32b958138e0411d7ba8f3d4e5a8b922ed76ac476dfe77e675702ad6090cecd2d148fe2ab9f54e0eae3ce4ce29a394ac6ec2bbce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16642\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\SDL2.dll

Filesize
2.4MB

MD5
83c5ff24eae3b9038d74ad91dc884e32

SHA1
81bf9f8109d73604768bf5310f1f70af62b72e43

SHA256
520d0459b91efa32fbccf9027a9ca1fc5aae657e679ce8e90f179f9cf5afd279

SHA512
38ff01891ad5093d0e4f222c5ab703a540514271bf3b94fb65f910193262af722adb9d4f4d2bd6a54c090a7d631d8c98497b7d78bd21359fdea756ff3ac63689

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\SDL2_mixer.dll

Filesize
285KB

MD5
201aa86dc9349396b83eed4c15abe764

SHA1
1a239c479e275aa7be93c5372b2d35e98d8d8cec

SHA256
2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8

SHA512
bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\SDL2_ttf.dll

Filesize
1.5MB

MD5
f187dfdccc102436e27704dc572a2c16

SHA1
be4d499e66b8c4eb92480e4f520ccd8eaaa39b04

SHA256
fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63

SHA512
75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_asyncio.pyd

Filesize
69KB

MD5
cc0f232f2a8a359dee29a573667e6d77

SHA1
d3ffbf5606d9c77a0de0b7456f7a5314f420b1f7

SHA256
7a5c88ce496bafdf31a94ae6d70b017070703bc0a7da1dfae7c12b21bb61030d

SHA512
48484177bf55179607d66f5a5837a35cd586e8a9fb185de8b10865aab650b056a61d1dc96370c5efc6955ccb4e34b31810f8e1c8f5f02d268f565a73b4ff5657

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_elementtree.pyd

Filesize
130KB

MD5
cc5f891ee902fe380878e4bd3d82c011

SHA1
3ea48a0cf383b176f4e0ed71ed5e2b9d09dbbd1d

SHA256
d134e731716bb4538596fa42b5b48602ea18e3ebaab1ed0dc04a9e66fed3f5e2

SHA512
0a5e1cb4359ba4d4bc5153de002108b6d760fd9b2a8be11d0091006578dc38f93aa45951648603c738c0580373fbaea3b2534b21ee44107a0e66b3252df92dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_multiprocessing.pyd

Filesize
34KB

MD5
eb859fc7f54cba118a321440ad088096

SHA1
9d3c410240f4c5269e07ffbde43d6f5e7cc30b44

SHA256
14bdd15d60b9d6141009aeedc606007c42b46c779a523d21758e57cf126dc2a4

SHA512
694a9c1cc3dc78b47faedf66248ff078e5090cfab22e95c123fb99b10192a5748748a5f0937ffd9fd8e1873ad48f290be723fe194b7eb2a731add7f5fb776c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_overlapped.pyd

Filesize
54KB

MD5
df92ea698a3d0729b70a4306bbe3029f

SHA1
b82f3a43568148c64a46e2774aec39bf1f2d3c1e

SHA256
46dec978ec8cb2146854739bfeddea93335dcc92a25d719352b94f9517855032

SHA512
bdebafe1b40244a0cb6c97e75424f79cfe395774a9d03cdb02f82083110c1f4bdcac2819ba1845ad1c56e2d2e6506dcc1833e4eb269bb0f620f0eb73b4d47817

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_sqlite3.pyd

Filesize
122KB

MD5
f8869058c1f6f6352309d774c0fefde9

SHA1
4a9fd6c93785c6b6c53f33946e9b1ca5db52a4e9

SHA256
fb00951d39084e88871c813d6c4043ce8afb60ab6d012e699ddd607baa10f6e1

SHA512
37205b755985cdbb16f806cda8e7637164d1d62f410ea07501739215b9e410e91997110600ead999d726cb15ec4aef3abf673e7ad47d3ca076457c89ea2b401c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_ssl.pyd

Filesize
174KB

MD5
6a2b0f8f50b47d05f96deff7883c1270

SHA1
2b1aeb6fe9a12e0d527b042512fc8890eedb10d8

SHA256
68dad60ff6fb36c88ef1c47d1855517bfe8de0f5ddea0f630b65b622a645d53a

SHA512
a080190d4e7e1abb186776ae6e83dab4b21a77093a88fca59ce1f63c683f549a28d094818a0ee44186ddea2095111f1879008c0d631fc4a8d69dd596ef76ca37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_tkinter.pyd

Filesize
64KB

MD5
e38a6b96f5cc200f21da22d49e321da3

SHA1
4ea69d2b021277ab0b473cfd44e4bfd17e3bac3b

SHA256
f0ebdf2ca7b33c26b8938efa59678068d3840957ee79d2b3c576437f8f913f20

SHA512
3df55cdd44ea4789fb2de9672f421b7ff9ad798917417dcb5b1d8575804306fb7636d436965598085d2e87256ecb476ed69df7af05986f05b9f4a18eed9629e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_uuid.pyd

Filesize
25KB

MD5
8f5402bb6aac9c4ff9b4ce5ac3f0f147

SHA1
87207e916d0b01047b311d78649763d6e001c773

SHA256
793e44c75e7d746af2bb5176e46c454225f07cb27b1747f1b83d1748d81ad9ac

SHA512
65fdef32aeba850aa818a8c8bf794100725a9831b5242350e6c04d0bca075762e1b650f19c437a17b150e9fca6ad344ec4141a041fa12b5a91652361053c7e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\_wmi.pyd

Filesize
36KB

MD5
bed7b0ced98fa065a9b8fe62e328713f

SHA1
e329ebca2df8889b78ce666e3fb909b4690d2daa

SHA256
5818679010bb536a3d463eeee8ce203e880a8cd1c06bf1cb6c416ab0dc024d94

SHA512
c95f7bb6ca9afba50bf0727e971dff7326ce0e23a4bfa44d62f2ed67ed5fede1b018519dbfa0ed3091d485ed0ace68b52dd0bb2921c9c1e3bc1fa875cd3d2366

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libopusfile-0.dll

Filesize
45KB

MD5
245498839af5a75cd034190fe805d478

SHA1
d164c38fd9690b8649afaef7c048f4aabb51dba8

SHA256
ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4

SHA512
4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libtiff-5.dll

Filesize
422KB

MD5
7d40a697ca6f21a8f09468b9fce565ad

SHA1
dc3b7f7fc0d9056af370e06f1451a65e77ff07f7

SHA256
ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95

SHA512
5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\libwebp-7.dll

Filesize
437KB

MD5
2c5aca898ff88eb2c9028bbeefebbd1e

SHA1
7a0048674ef614bebe6cc83b1228d670372076c9

SHA256
9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50

SHA512
46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\portmidi.dll

Filesize
41KB

MD5
df538704b8cd0b40096f009fd5d1b767

SHA1
d2399fbb69d237d43624e987445694ec7e0b8615

SHA256
c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013

SHA512
408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\pyexpat.pyd

Filesize
197KB

MD5
815f1bdabb79c6a12b38d84aa343196d

SHA1
916483149875a5e20c6046ceffef62dd6089ddd5

SHA256
31712ae276e2ced05ecda3e1c08fbbcc2cff8474a972626aba55f7797f0ed8c9

SHA512
1078e7e48b6f6ed160ae2bccf80a43a5f1cca769b8a690326e112bf20d7f3d018f855f6aa3b56d315dc0853472e0affcfe8e910b5ce69ce952983cfaa496c21d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\python3.DLL

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\sqlite3.dll

Filesize
1.5MB

MD5
956ef70f60fb099d31a79fa7334359ad

SHA1
336a78492c0e10fab4baa0add7552e52f61dd110

SHA256
809c7b48b73c95b361d13c753e7a6e3c83124a27e18aac81df7c876f32e98e00

SHA512
7fd74b92e32a385b193264d0f08a390eec672e508ef85bf0439bdb713a9c8909688f845bcacd4adb3dd91b08a3eb40ae32532a08fc9378ed4530646fb871fd50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\tcl86t.dll

Filesize
1.7MB

MD5
3ae729942d15f4f48b1ea8c91880f1f4

SHA1
d27596d14af5adeb02edab74859b763bf6ac2853

SHA256
fe62ca2b01b0ec8a609b48f165ca9c6a91653d3966239243ad352dd4c8961760

SHA512
355800e9152daad675428421b867b6d48e2c8f8be9ca0284f221f27fae198c8f07d90980e04d807b50a88f92ffb946dc53b7564e080e2e0684f7f6ccc84ff245

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\tk86t.dll

Filesize
1.5MB

MD5
966580716c0d6b7eec217071a6df6796

SHA1
e3d2d4a7ec61d920130d7a745586ceb7aad4184d

SHA256
afc13fce0690c0a4b449ec7ed4fb0233a8359911c1c0ba26a285f32895dbb3d2

SHA512
cf0675ea888a6d1547842bcfb27d45815b164337b4a285253716917eb157c6df3cc97cba8ad2ab7096e8f5131889957e0555bae9b5a8b64745ac3d2f174e3224

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\unicodedata.pyd

Filesize
1.1MB

MD5
b848e259fabaf32b4b3c980a0a12488d

SHA1
da2e864e18521c86c7d8968db74bb2b28e4c23e2

SHA256
c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c

SHA512
4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI54162\zlib1.dll

Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q4x00qw4.0j4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/688-1437-0x0000022FDD440000-0x0000022FDD462000-memory.dmp

Filesize
136KB

Download
memory/688-1427-0x00007FF88F7A3000-0x00007FF88F7A5000-memory.dmp

Filesize
8KB

Download
memory/688-1442-0x00007FF88F7A0000-0x00007FF890261000-memory.dmp

Filesize
10.8MB

Download
memory/688-1439-0x00007FF88F7A0000-0x00007FF890261000-memory.dmp

Filesize
10.8MB

Download
memory/688-1438-0x00007FF88F7A0000-0x00007FF890261000-memory.dmp

Filesize
10.8MB

Download