9edec2d7604cd19e991c680524d372e23b6a56452b2c93b7a9ef45bbedaf47c6

Resubmissions

19-08-2024 08:20

240819-j8h5hstblh 10

19-08-2024 08:18

240819-j7arrawgqm 10

19-08-2024 08:16

240819-j594tstamb 10

Analysis

max time kernel
30s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara.exe
Size

81.2MB
MD5

10d3cf93e2763c12e2cb1861157bd11c
SHA1

3a2995e034de83a7a2007809d62898ff361135f8
SHA256

9edec2d7604cd19e991c680524d372e23b6a56452b2c93b7a9ef45bbedaf47c6
SHA512

c2ef4c4f63f5f47201daa7f9db8923e125297a86bbf93e8f355587a8c8febca60e689bb483de496441cc1d0ac6e65067c9eae696d6e575b4b32e21915e6ca5d4
SSDEEP

1572864:YvxZQglPWjg7vaSk8IpG7V+VPhqHDE7jblgA7iYgj+h58sMw2IrD2:YvxZx9heSkB05awHaeA151

Score

9^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	Solara.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4660	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4804	attrib.exe

Executes dropped EXE 1 IoCs

pid	Process
3320	Solara.exe

Loads dropped DLL 64 IoCs

pid	Process
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023906-1312.dat	upx
behavioral1/memory/1424-1316-0x00007FFAA3D00000-0x00007FFAA42E8000-memory.dmp	upx
behavioral1/files/0x0007000000023499-1323.dat	upx
behavioral1/memory/1424-1329-0x00007FFAADDC0000-0x00007FFAADDE4000-memory.dmp	upx
behavioral1/files/0x00070000000238b2-1330.dat	upx
behavioral1/files/0x0007000000023497-1341.dat	upx
behavioral1/files/0x000700000002349d-1346.dat	upx
behavioral1/memory/1424-1347-0x00007FFAB1B90000-0x00007FFAB1BBD000-memory.dmp	upx
behavioral1/memory/1424-1345-0x00007FFAB1BC0000-0x00007FFAB1BD9000-memory.dmp	upx
behavioral1/memory/1424-1342-0x00007FFABC300000-0x00007FFABC30F000-memory.dmp	upx
behavioral1/memory/1424-1389-0x00007FFAB1B70000-0x00007FFAB1B84000-memory.dmp	upx
behavioral1/memory/1424-1390-0x00007FFAA3360000-0x00007FFAA36D5000-memory.dmp	upx
behavioral1/memory/1424-1392-0x00007FFABC2F0000-0x00007FFABC2FD000-memory.dmp	upx
behavioral1/memory/1424-1395-0x00007FFAB1B20000-0x00007FFAB1B4E000-memory.dmp	upx
behavioral1/memory/1424-1394-0x00007FFAA4F00000-0x00007FFAA4FB8000-memory.dmp	upx
behavioral1/memory/1424-1396-0x00007FFAB6DA0000-0x00007FFAB6DAD000-memory.dmp	upx
behavioral1/memory/1424-1399-0x00007FFAA4ED0000-0x00007FFAA4EF6000-memory.dmp	upx
behavioral1/memory/1424-1400-0x00007FFAA3240000-0x00007FFAA335C000-memory.dmp	upx
behavioral1/memory/1424-1398-0x00007FFAB67F0000-0x00007FFAB67FB000-memory.dmp	upx
behavioral1/memory/1424-1397-0x00007FFAADDC0000-0x00007FFAADDE4000-memory.dmp	upx
behavioral1/memory/1424-1393-0x00007FFAA3D00000-0x00007FFAA42E8000-memory.dmp	upx
behavioral1/memory/1424-1391-0x00007FFAB1B50000-0x00007FFAB1B69000-memory.dmp	upx
behavioral1/memory/1424-1402-0x00007FFAA4E90000-0x00007FFAA4EC6000-memory.dmp	upx
behavioral1/memory/1424-1419-0x00007FFAA4E60000-0x00007FFAA4E6B000-memory.dmp	upx
behavioral1/memory/1424-1420-0x00007FFAA4E50000-0x00007FFAA4E5C000-memory.dmp	upx
behavioral1/memory/1424-1418-0x00007FFAA4E70000-0x00007FFAA4E7B000-memory.dmp	upx
behavioral1/memory/1424-1417-0x00007FFAB1B20000-0x00007FFAB1B4E000-memory.dmp	upx
behavioral1/memory/1424-1416-0x00007FFAA4F00000-0x00007FFAA4FB8000-memory.dmp	upx
behavioral1/memory/1424-1415-0x00007FFAA4E80000-0x00007FFAA4E8C000-memory.dmp	upx
behavioral1/memory/1424-1414-0x00007FFAB1B50000-0x00007FFAB1B69000-memory.dmp	upx
behavioral1/memory/1424-1413-0x00007FFAAF170000-0x00007FFAAF17B000-memory.dmp	upx
behavioral1/memory/1424-1412-0x00007FFAA85A0000-0x00007FFAA85AE000-memory.dmp	upx
behavioral1/memory/1424-1411-0x00007FFAAD710000-0x00007FFAAD71C000-memory.dmp	upx
behavioral1/memory/1424-1421-0x00007FFAA3240000-0x00007FFAA335C000-memory.dmp	upx
behavioral1/memory/1424-1429-0x00007FFAA4E90000-0x00007FFAA4EC6000-memory.dmp	upx
behavioral1/memory/1424-1430-0x00007FFAA4400000-0x00007FFAA4414000-memory.dmp	upx
behavioral1/memory/1424-1431-0x00007FFAA3210000-0x00007FFAA3232000-memory.dmp	upx
behavioral1/memory/1424-1428-0x00007FFAA4420000-0x00007FFAA4432000-memory.dmp	upx
behavioral1/memory/1424-1427-0x00007FFAA4DE0000-0x00007FFAA4DF5000-memory.dmp	upx
behavioral1/memory/1424-1426-0x00007FFAA4ED0000-0x00007FFAA4EF6000-memory.dmp	upx
behavioral1/memory/1424-1425-0x00007FFAA4E00000-0x00007FFAA4E0C000-memory.dmp	upx
behavioral1/memory/1424-1424-0x00007FFAA4E10000-0x00007FFAA4E22000-memory.dmp	upx
behavioral1/memory/1424-1423-0x00007FFAA4E30000-0x00007FFAA4E3D000-memory.dmp	upx
behavioral1/memory/1424-1422-0x00007FFAA4E40000-0x00007FFAA4E4C000-memory.dmp	upx
behavioral1/memory/1424-1410-0x00007FFAAF160000-0x00007FFAAF16C000-memory.dmp	upx
behavioral1/memory/1424-1409-0x00007FFAA3360000-0x00007FFAA36D5000-memory.dmp	upx
behavioral1/memory/1424-1408-0x00007FFAAFFA0000-0x00007FFAAFFAC000-memory.dmp	upx
behavioral1/memory/1424-1407-0x00007FFAB1A50000-0x00007FFAB1A5B000-memory.dmp	upx
behavioral1/memory/1424-1406-0x00007FFAB3310000-0x00007FFAB331C000-memory.dmp	upx
behavioral1/memory/1424-1405-0x00007FFAB5EF0000-0x00007FFAB5EFB000-memory.dmp	upx
behavioral1/memory/1424-1404-0x00007FFAB6010000-0x00007FFAB601B000-memory.dmp	upx
behavioral1/memory/1424-1403-0x00007FFAB1B70000-0x00007FFAB1B84000-memory.dmp	upx
behavioral1/memory/1424-1401-0x00007FFAB1B90000-0x00007FFAB1BBD000-memory.dmp	upx
behavioral1/memory/1424-1432-0x00007FFAA31F0000-0x00007FFAA3207000-memory.dmp	upx
behavioral1/memory/1424-1433-0x00007FFAA3180000-0x00007FFAA3199000-memory.dmp	upx
behavioral1/memory/1424-1434-0x00007FFAA3130000-0x00007FFAA317D000-memory.dmp	upx
behavioral1/memory/1424-1436-0x00007FFAA3110000-0x00007FFAA3121000-memory.dmp	upx
behavioral1/memory/1424-1435-0x00007FFAA4E50000-0x00007FFAA4E5C000-memory.dmp	upx
behavioral1/memory/1424-1437-0x00007FFAA4DD0000-0x00007FFAA4DDA000-memory.dmp	upx
behavioral1/memory/1424-1438-0x00007FFAA30F0000-0x00007FFAA310E000-memory.dmp	upx
behavioral1/memory/1424-1439-0x00007FFAA3090000-0x00007FFAA30ED000-memory.dmp	upx
behavioral1/memory/1424-1440-0x00007FFAA2F80000-0x00007FFAA2FA9000-memory.dmp	upx
behavioral1/memory/1424-1444-0x00007FFAA3210000-0x00007FFAA3232000-memory.dmp	upx
behavioral1/memory/1424-1443-0x00007FFAA2B60000-0x00007FFAA2CD3000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Solara.exe = "C:\\Users\\Admin\\Solara.exe\\Solara.exe"	Solara.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3720	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685291586955364"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
1424	Solara.exe
4660	powershell.exe
4660	powershell.exe
4660	powershell.exe
1088	msedge.exe
1088	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
5816	identity_helper.exe
5816	identity_helper.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeDebugPrivilege	1424	Solara.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeDebugPrivilege	4660	powershell.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeDebugPrivilege	3720	taskkill.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe
Token: SeShutdownPrivilege	4592	chrome.exe
Token: SeCreatePagefilePrivilege	4592	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
4592	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
4592	chrome.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4896	4592	chrome.exe	89
PID 4592 wrote to memory of 4896	4592	chrome.exe	89
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 4260	4592	chrome.exe	90
PID 4592 wrote to memory of 408	4592	chrome.exe	91
PID 4592 wrote to memory of 408	4592	chrome.exe	91
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92
PID 4592 wrote to memory of 1556	4592	chrome.exe	92

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4804	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Solara.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.exe"
1⤵
PID:4708
- C:\Users\Admin\AppData\Local\Temp\Solara.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3656
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Solara.exe\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\Solara.exe\activate.bat
    3⤵
    PID:644
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4804
  - - C:\Users\Admin\Solara.exe\Solara.exe
      "Solara.exe"
      4⤵
      Executes dropped EXE
      PID:3320
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "Solara.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa7e4cc40,0x7ffaa7e4cc4c,0x7ffaa7e4cc58
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,5243258779350078482,2468447123309695387,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:1848

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1184

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x494
1⤵
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab1e646f8,0x7ffab1e64708,0x7ffab1e64718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,3559036607354456260,9490690954161505858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\07ab0b80-6592-450f-aada-8007b62c2676.tmp

Filesize
199KB

MD5
f6e62ad4d449ccd9504c8abd0c714557

SHA1
6e66e4e9d0f62984942d6316715dd7faa0f72064

SHA256
7afb631c93c2d7f90ffad91ef052e7399f1540bbdc0b35bf566fa105c8ba8cae

SHA512
b98774e6dbd4a7c7e7fc8dc510591272eb6f79ea3ff331fb3ffa8dd76eeba113df866a1bfb846fbd961e86de05b0b6f9f63f042c04963a54f47e9c8db2a4145c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f73d9f44f45984b663828a0b8df825c8

SHA1
93999d92cc876b5bee653abd3521e4baf326fdd6

SHA256
76d45a10a29536e5b492af78baf796bacdd1d52ba7b638067150c5a00abfd758

SHA512
2427a9b8e443c2fb31e31cafec770e95fe1d32d343aa695aaa77b6aa5374dd16d0ff571eefd28688d97059a3465f62e9ab566a314e117c666eb47db9f9e0cd59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
16aa794bf29a28fc8cb9caf7e0d848c7

SHA1
2cee95a6585436dd0c4cafd3edf749e2c2227eb1

SHA256
7ee4e0f6d18ba4398a82df02be0aadcd20bfabd1ebd7f4790df809a25beef813

SHA512
4e0fdc24ee9928289d5f331e8c6525c4671e3555174cc63b9a6c6c8b2391ffc01d04df7b536a3ce62b6efdd81e3706c55cf1344cfa5e375d7c2cb8aa29b1a57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
cfaf197d331ea0b2c99d33ff3f6cf02e

SHA1
a5d7a2329f91190a37bee21dfc2af871dd63ed26

SHA256
b1f6e888cb358de3f6be5b329e195743be19467f04bd6c30e273a9495ae9a523

SHA512
7332fc6d0528eddcb94e67728c1dc80a57ee2912f150da2ad4b9c3a49920f1cb8e9be402c22f28f17c53d76899874c20d3a440636d70efb521b9f7557e36cdcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9ee7349e35919b1a90757d499e553392

SHA1
14a51fb08b31ff4a4abadb6c33e2973d245a68c0

SHA256
4661ec17804803fe5f6352abc4678cd249b2f13acc18932f4223700c97ad1ac0

SHA512
3f8f4f1eedddb5f1fc39920716c0bec302a302e9653ffc473e2c08165d18adcb8963e4f145074fc1c77cc411496a9a42c7decc0266830f18801f619361bde966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74893bd173546fa8191b8016ba621efb

SHA1
c96b02bea315b848ef2d00facad2ec6ee85dfb12

SHA256
8141a4ff72e557b12ea177b6fcca86adb18498cd8ebc0401ef71f0ef252e45c3

SHA512
5c597744c46fc1e8a4d870a721fe7303a612e5a8f26201d9f350a5301cec6c366ccacde812406f8583d41aa73aa54403ced0970a4bfbec9a6e680dd352b08fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f3c58b371e22cfeaa5d48f89df7e5311

SHA1
6539c29c16771a55cd65c9a49d9615c184c06aed

SHA256
e006d28c7d8d8562a82f71b614525bcce06745e7a9f640a5e0fe9bb0d179d0c2

SHA512
0e7d895985f42a34d5f81f743e9da4fe083202307b4bd6524d2d03f329e03440241d58976e707d953ff81d17eeefc680274f6a85b37c75ea0d580f49901d187b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f3e460fad1b4b25a36540bfcd24bdd41

SHA1
ce7c62bb4b4fa37b12e7854559f5db15d07d2cf2

SHA256
e30359930eab721bddcaf8214f3c0c7d8b837f13cec5a73eeecc6051d42b1e7b

SHA512
596181d1b8909c6f72036ea3a8a00f4ef6685f65d8f40c80fb7ae6441bb9cb9f1ccfe8179d44a137de90183d3650437c949172002e572b87cbe3c6b5bfff4cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36d07cd55b012fcf557defbac40f1501

SHA1
7a708c5839a9623bf1d751ed2d5cb5527346eeb3

SHA256
ee11f1217e45e867f2462d162b21c1e1ce3b510b68b9275379723df59d17b933

SHA512
7a10475c66c2edadc4abb3756c6925eed4432a542002f4cd3bf1818d11c384dd1ffb6d92a74d149df87479440787fe20bdb1558b97eafa0a2a7db933b42625e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
401066db2db83e8051b6fa7a523d3c9a

SHA1
8b354134f6fed7791a83dee3c47c42411dffe0d2

SHA256
1316392fcaa60ea3e16c34adf7b2023861d26e6071836a8a76b5e139ce43c2ab

SHA512
229f4776ce0dfce4e2e0f52330c4cf05ccfd7868691c48fda413deecbe140f6c6b46db7609f53d2c8e458f5c54805ff187ce77a1904216d741c0d52cbb5e8763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec5e3ffc9c48e525ba49faf99e973785

SHA1
33439d128a02f3be08d014616a083a534dbe903b

SHA256
631ea13e3c66866c805b971aae978a1422a94fa393605a951f584091b1ba31b1

SHA512
0fdcf3ca768fa2c99bf67aec491171491feaa9a682c863fa144674bd8f4e17c807a7d299d63fdbadd78d5ea24d84e9aff1568b55076081ecc0dfc2c8e623b7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\_bz2.pyd

Filesize
46KB

MD5
c33370fc6631725aec3102b955b5e4bf

SHA1
0fce43642e54cd9db1eb48bbfd7661b8a4613e0d

SHA256
6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5

SHA512
1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\_ctypes.pyd

Filesize
57KB

MD5
e7ec734581f37a065e54b55515222897

SHA1
9205e3030ea43027cba202b4c968447927d3dc0d

SHA256
9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3

SHA512
281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\_lzma.pyd

Filesize
84KB

MD5
49a6a6127ad0a70a2d60f193254ba710

SHA1
eb9f1f5a0b264d6c2c477562b9331a798b9a1909

SHA256
4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7

SHA512
e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
5107487b726bdcc7b9f7e4c2ff7f907c

SHA1
ebc46221d3c81a409fab9815c4215ad5da62449c

SHA256
94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade

SHA512
a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d5d77669bd8d382ec474be0608afd03f

SHA1
1558f5a0f5facc79d3957ff1e72a608766e11a64

SHA256
8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8

SHA512
8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
650435e39d38160abc3973514d6c6640

SHA1
9a5591c29e4d91eaa0f12ad603af05bb49708a2d

SHA256
551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0

SHA512
7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
b8f0210c47847fc6ec9fbe2a1ad4debb

SHA1
e99d833ae730be1fedc826bf1569c26f30da0d17

SHA256
1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7

SHA512
992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
29KB

MD5
075419431d46dc67932b04a8b91a772f

SHA1
db2af49ee7b6bec379499b5a80be39310c6c8425

SHA256
3a4b66e65a5ee311afc37157a8101aba6017ff7a4355b4dd6e6c71d5b7223560

SHA512
76287e0003a396cda84ce6b206986476f85e927a389787d1d273684167327c41fc0fe5e947175c0deb382c5accf785f867d9fce1fea4abd7d99b201e277d1704

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-private-l1-1-0.dll

Filesize
73KB

MD5
7ea5935428f10d970ad446ba72313440

SHA1
58c2a2938bc44769bc3487327bd6c840a3fe2e5c

SHA256
8b19bcb4918b346a8ba5e19d91823e5842314e928dbb86de8758d0dbb2b94bb4

SHA512
02abf2c37283ad69648b22375c6cac76e5c2cc8c637e106da014977d1a22beac8be65b75890e9d0bf96a55d77652254aad597ef7bd1e61577813bd393b7ed0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
272c0f80fd132e434cdcdd4e184bb1d8

SHA1
5bc8b7260e690b4d4039fe27b48b2cecec39652f

SHA256
bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d

SHA512
94892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
20c0afa78836b3f0b692c22f12bda70a

SHA1
60bb74615a71bd6b489c500e6e69722f357d283e

SHA256
962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc

SHA512
65f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
96498dc4c2c879055a7aff2a1cc2451e

SHA1
fecbc0f854b1adf49ef07beacad3cec9358b4fb2

SHA256
273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d

SHA512
4e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
115e8275eb570b02e72c0c8a156970b3

SHA1
c305868a014d8d7bbef9abbb1c49a70e8511d5a6

SHA256
415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004

SHA512
b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
001e60f6bbf255a60a5ea542e6339706

SHA1
f9172ec37921432d5031758d0c644fe78cdb25fa

SHA256
82fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945

SHA512
b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
a0776b3a28f7246b4a24ff1b2867bdbf

SHA1
383c9a6afda7c1e855e25055aad00e92f9d6aaff

SHA256
2e554d9bf872a64d2cd0f0eb9d5a06dea78548bc0c7a6f76e0a0c8c069f3c0a9

SHA512
7c9f0f8e53b363ef5b2e56eec95e7b78ec50e9308f34974a287784a1c69c9106f49ea2d9ca037f0a7b3c57620fcbb1c7c372f207c68167df85797affc3d7f3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\base_library.zip

Filesize
1.4MB

MD5
481da210e644d6b317cafb5ddf09e1a5

SHA1
00fe8e1656e065d5cf897986c12ffb683f3a2422

SHA256
3242ea7a6c4c712f10108a619bf5213878146547838f7e2c1e80d2778eb0aaa0

SHA512
74d177794f0d7e67f64a4f0c9da4c3fd25a4d90eb909e942e42e5651cc1930b8a99eef6d40107aa8756e75ffbcc93284b916862e24262df897aaac97c5072210

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\libffi-8.dll

Filesize
24KB

MD5
77199701fe2d585080e44c70ea5aed4c

SHA1
34c8b0ce03a945351e30fb704a00d5257e2a6132

SHA256
4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee

SHA512
d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47082\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nufpfpj1.ygj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1424-1422-0x00007FFAA4E40000-0x00007FFAA4E4C000-memory.dmp

Filesize
48KB

Download
memory/1424-1456-0x00007FFAA2AA0000-0x00007FFAA2AAC000-memory.dmp

Filesize
48KB

Download
memory/1424-1419-0x00007FFAA4E60000-0x00007FFAA4E6B000-memory.dmp

Filesize
44KB

Download
memory/1424-1420-0x00007FFAA4E50000-0x00007FFAA4E5C000-memory.dmp

Filesize
48KB

Download
memory/1424-1418-0x00007FFAA4E70000-0x00007FFAA4E7B000-memory.dmp

Filesize
44KB

Download
memory/1424-1417-0x00007FFAB1B20000-0x00007FFAB1B4E000-memory.dmp

Filesize
184KB

Download
memory/1424-1416-0x00007FFAA4F00000-0x00007FFAA4FB8000-memory.dmp

Filesize
736KB

Download
memory/1424-1415-0x00007FFAA4E80000-0x00007FFAA4E8C000-memory.dmp

Filesize
48KB

Download
memory/1424-1414-0x00007FFAB1B50000-0x00007FFAB1B69000-memory.dmp

Filesize
100KB

Download
memory/1424-1413-0x00007FFAAF170000-0x00007FFAAF17B000-memory.dmp

Filesize
44KB

Download
memory/1424-1412-0x00007FFAA85A0000-0x00007FFAA85AE000-memory.dmp

Filesize
56KB

Download
memory/1424-1411-0x00007FFAAD710000-0x00007FFAAD71C000-memory.dmp

Filesize
48KB

Download
memory/1424-1421-0x00007FFAA3240000-0x00007FFAA335C000-memory.dmp

Filesize
1.1MB

Download
memory/1424-1429-0x00007FFAA4E90000-0x00007FFAA4EC6000-memory.dmp

Filesize
216KB

Download
memory/1424-1430-0x00007FFAA4400000-0x00007FFAA4414000-memory.dmp

Filesize
80KB

Download
memory/1424-1431-0x00007FFAA3210000-0x00007FFAA3232000-memory.dmp

Filesize
136KB

Download
memory/1424-1428-0x00007FFAA4420000-0x00007FFAA4432000-memory.dmp

Filesize
72KB

Download
memory/1424-1427-0x00007FFAA4DE0000-0x00007FFAA4DF5000-memory.dmp

Filesize
84KB

Download
memory/1424-1426-0x00007FFAA4ED0000-0x00007FFAA4EF6000-memory.dmp

Filesize
152KB

Download
memory/1424-1425-0x00007FFAA4E00000-0x00007FFAA4E0C000-memory.dmp

Filesize
48KB

Download
memory/1424-1424-0x00007FFAA4E10000-0x00007FFAA4E22000-memory.dmp

Filesize
72KB

Download
memory/1424-1423-0x00007FFAA4E30000-0x00007FFAA4E3D000-memory.dmp

Filesize
52KB

Download
memory/1424-1391-0x00007FFAB1B50000-0x00007FFAB1B69000-memory.dmp

Filesize
100KB

Download
memory/1424-1410-0x00007FFAAF160000-0x00007FFAAF16C000-memory.dmp

Filesize
48KB

Download
memory/1424-1409-0x00007FFAA3360000-0x00007FFAA36D5000-memory.dmp

Filesize
3.5MB

Download
memory/1424-1408-0x00007FFAAFFA0000-0x00007FFAAFFAC000-memory.dmp

Filesize
48KB

Download
memory/1424-1407-0x00007FFAB1A50000-0x00007FFAB1A5B000-memory.dmp

Filesize
44KB

Download
memory/1424-1406-0x00007FFAB3310000-0x00007FFAB331C000-memory.dmp

Filesize
48KB

Download
memory/1424-1405-0x00007FFAB5EF0000-0x00007FFAB5EFB000-memory.dmp

Filesize
44KB

Download
memory/1424-1404-0x00007FFAB6010000-0x00007FFAB601B000-memory.dmp

Filesize
44KB

Download
memory/1424-1403-0x00007FFAB1B70000-0x00007FFAB1B84000-memory.dmp

Filesize
80KB

Download
memory/1424-1401-0x00007FFAB1B90000-0x00007FFAB1BBD000-memory.dmp

Filesize
180KB

Download
memory/1424-1432-0x00007FFAA31F0000-0x00007FFAA3207000-memory.dmp

Filesize
92KB

Download
memory/1424-1433-0x00007FFAA3180000-0x00007FFAA3199000-memory.dmp

Filesize
100KB

Download
memory/1424-1434-0x00007FFAA3130000-0x00007FFAA317D000-memory.dmp

Filesize
308KB

Download
memory/1424-1436-0x00007FFAA3110000-0x00007FFAA3121000-memory.dmp

Filesize
68KB

Download
memory/1424-1435-0x00007FFAA4E50000-0x00007FFAA4E5C000-memory.dmp

Filesize
48KB

Download
memory/1424-1437-0x00007FFAA4DD0000-0x00007FFAA4DDA000-memory.dmp

Filesize
40KB

Download
memory/1424-1438-0x00007FFAA30F0000-0x00007FFAA310E000-memory.dmp

Filesize
120KB

Download
memory/1424-1439-0x00007FFAA3090000-0x00007FFAA30ED000-memory.dmp

Filesize
372KB

Download
memory/1424-1440-0x00007FFAA2F80000-0x00007FFAA2FA9000-memory.dmp

Filesize
164KB

Download
memory/1424-1444-0x00007FFAA3210000-0x00007FFAA3232000-memory.dmp

Filesize
136KB

Download
memory/1424-1443-0x00007FFAA2B60000-0x00007FFAA2CD3000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1442-0x00007FFAA2CE0000-0x00007FFAA2D03000-memory.dmp

Filesize
140KB

Download
memory/1424-1441-0x00007FFAA2F50000-0x00007FFAA2F7E000-memory.dmp

Filesize
184KB

Download
memory/1424-1446-0x00007FFAA2B40000-0x00007FFAA2B58000-memory.dmp

Filesize
96KB

Download
memory/1424-1445-0x00007FFAA31F0000-0x00007FFAA3207000-memory.dmp

Filesize
92KB

Download
memory/1424-1447-0x00007FFAA2B30000-0x00007FFAA2B3B000-memory.dmp

Filesize
44KB

Download
memory/1424-1463-0x00007FFAA3110000-0x00007FFAA3121000-memory.dmp

Filesize
68KB

Download
memory/1424-1465-0x00007FFAA2A20000-0x00007FFAA2A2C000-memory.dmp

Filesize
48KB

Download
memory/1424-1464-0x00007FFAA2A30000-0x00007FFAA2A42000-memory.dmp

Filesize
72KB

Download
memory/1424-1462-0x00007FFAA2B10000-0x00007FFAA2B1C000-memory.dmp

Filesize
48KB

Download
memory/1424-1461-0x00007FFAA2A50000-0x00007FFAA2A5D000-memory.dmp

Filesize
52KB

Download
memory/1424-1460-0x00007FFAA2A60000-0x00007FFAA2A6C000-memory.dmp

Filesize
48KB

Download
memory/1424-1459-0x00007FFAA2A70000-0x00007FFAA2A7C000-memory.dmp

Filesize
48KB

Download
memory/1424-1458-0x00007FFAA2A80000-0x00007FFAA2A8B000-memory.dmp

Filesize
44KB

Download
memory/1424-1457-0x00007FFAA2A90000-0x00007FFAA2A9B000-memory.dmp

Filesize
44KB

Download
memory/1424-1402-0x00007FFAA4E90000-0x00007FFAA4EC6000-memory.dmp

Filesize
216KB

Download
memory/1424-1455-0x00007FFAA2AB0000-0x00007FFAA2ABE000-memory.dmp

Filesize
56KB

Download
memory/1424-1454-0x00007FFAA2AC0000-0x00007FFAA2ACC000-memory.dmp

Filesize
48KB

Download
memory/1424-1453-0x00007FFAA2AD0000-0x00007FFAA2ADC000-memory.dmp

Filesize
48KB

Download
memory/1424-1452-0x00007FFAA2AE0000-0x00007FFAA2AEB000-memory.dmp

Filesize
44KB

Download
memory/1424-1451-0x00007FFAA2AF0000-0x00007FFAA2AFC000-memory.dmp

Filesize
48KB

Download
memory/1424-1450-0x00007FFAA2B00000-0x00007FFAA2B0B000-memory.dmp

Filesize
44KB

Download
memory/1424-1449-0x00007FFAA2B20000-0x00007FFAA2B2B000-memory.dmp

Filesize
44KB

Download
memory/1424-1448-0x00007FFAA3130000-0x00007FFAA317D000-memory.dmp

Filesize
308KB

Download
memory/1424-1466-0x00007FFAA29E0000-0x00007FFAA2A15000-memory.dmp

Filesize
212KB

Download
memory/1424-1468-0x00007FFAA2FD0000-0x00007FFAA308C000-memory.dmp

Filesize
752KB

Download
memory/1424-1467-0x00007FFAA30F0000-0x00007FFAA310E000-memory.dmp

Filesize
120KB

Download
memory/1424-1469-0x00007FFAA2F20000-0x00007FFAA2F4B000-memory.dmp

Filesize
172KB

Download
memory/1424-1470-0x00007FFAA2F80000-0x00007FFAA2FA9000-memory.dmp

Filesize
164KB

Download
memory/1424-1471-0x00007FFAA2700000-0x00007FFAA29DF000-memory.dmp

Filesize
2.9MB

Download
memory/1424-1472-0x00007FFAA2F50000-0x00007FFAA2F7E000-memory.dmp

Filesize
184KB

Download
memory/1424-1473-0x00007FFAA2CE0000-0x00007FFAA2D03000-memory.dmp

Filesize
140KB

Download
memory/1424-1474-0x00007FFAA2B60000-0x00007FFAA2CD3000-memory.dmp

Filesize
1.4MB

Download
memory/1424-1475-0x00007FFAA0600000-0x00007FFAA26F3000-memory.dmp

Filesize
32.9MB

Download
memory/1424-1477-0x00007FFAA2FB0000-0x00007FFAA2FC7000-memory.dmp

Filesize
92KB

Download
memory/1424-1478-0x00007FFAA2EA0000-0x00007FFAA2EC1000-memory.dmp

Filesize
132KB

Download
memory/1424-1479-0x00007FFAA2E70000-0x00007FFAA2E92000-memory.dmp

Filesize
136KB

Download
memory/1424-1480-0x00007FFAA2DC0000-0x00007FFAA2E5C000-memory.dmp

Filesize
624KB

Download
memory/1424-1393-0x00007FFAA3D00000-0x00007FFAA42E8000-memory.dmp

Filesize
5.9MB

Download
memory/1424-1397-0x00007FFAADDC0000-0x00007FFAADDE4000-memory.dmp

Filesize
144KB

Download
memory/1424-1530-0x00007FFAA3D00000-0x00007FFAA42E8000-memory.dmp

Filesize
5.9MB

Download
memory/1424-1537-0x00007FFAB1B50000-0x00007FFAB1B69000-memory.dmp

Filesize
100KB

Download
memory/1424-1554-0x00007FFAA2CE0000-0x00007FFAA2D03000-memory.dmp

Filesize
140KB

Download
memory/1424-1553-0x00007FFAA3110000-0x00007FFAA3121000-memory.dmp

Filesize
68KB

Download
memory/1424-1552-0x00007FFAA3130000-0x00007FFAA317D000-memory.dmp

Filesize
308KB

Download
memory/1424-1551-0x00007FFAA3180000-0x00007FFAA3199000-memory.dmp

Filesize
100KB

Download
memory/1424-1550-0x00007FFAA31F0000-0x00007FFAA3207000-memory.dmp

Filesize
92KB

Download
memory/1424-1549-0x00007FFAA3210000-0x00007FFAA3232000-memory.dmp

Filesize
136KB

Download
memory/1424-1548-0x00007FFAA4400000-0x00007FFAA4414000-memory.dmp

Filesize
80KB

Download
memory/1424-1547-0x00007FFAA4420000-0x00007FFAA4432000-memory.dmp

Filesize
72KB

Download
memory/1424-1546-0x00007FFAA4DE0000-0x00007FFAA4DF5000-memory.dmp

Filesize
84KB

Download
memory/1424-1545-0x00007FFAA4E90000-0x00007FFAA4EC6000-memory.dmp

Filesize
216KB

Download
memory/1424-1544-0x00007FFAA3240000-0x00007FFAA335C000-memory.dmp

Filesize
1.1MB

Download
memory/1424-1543-0x00007FFAA4ED0000-0x00007FFAA4EF6000-memory.dmp

Filesize
152KB

Download
memory/1424-1542-0x00007FFAB67F0000-0x00007FFAB67FB000-memory.dmp

Filesize
44KB

Download
memory/1424-1541-0x00007FFAB6DA0000-0x00007FFAB6DAD000-memory.dmp

Filesize
52KB

Download
memory/1424-1540-0x00007FFAA4F00000-0x00007FFAA4FB8000-memory.dmp

Filesize
736KB

Download
memory/1424-1536-0x00007FFAA3360000-0x00007FFAA36D5000-memory.dmp

Filesize
3.5MB

Download
memory/1424-1398-0x00007FFAB67F0000-0x00007FFAB67FB000-memory.dmp

Filesize
44KB

Download
memory/1424-1400-0x00007FFAA3240000-0x00007FFAA335C000-memory.dmp

Filesize
1.1MB

Download
memory/1424-1399-0x00007FFAA4ED0000-0x00007FFAA4EF6000-memory.dmp

Filesize
152KB

Download
memory/1424-1396-0x00007FFAB6DA0000-0x00007FFAB6DAD000-memory.dmp

Filesize
52KB

Download
memory/1424-1394-0x00007FFAA4F00000-0x00007FFAA4FB8000-memory.dmp

Filesize
736KB

Download
memory/1424-1395-0x00007FFAB1B20000-0x00007FFAB1B4E000-memory.dmp

Filesize
184KB

Download
memory/1424-1392-0x00007FFABC2F0000-0x00007FFABC2FD000-memory.dmp

Filesize
52KB

Download
memory/1424-1390-0x00007FFAA3360000-0x00007FFAA36D5000-memory.dmp

Filesize
3.5MB

Download
memory/1424-1389-0x00007FFAB1B70000-0x00007FFAB1B84000-memory.dmp

Filesize
80KB

Download
memory/1424-1342-0x00007FFABC300000-0x00007FFABC30F000-memory.dmp

Filesize
60KB

Download
memory/1424-1345-0x00007FFAB1BC0000-0x00007FFAB1BD9000-memory.dmp

Filesize
100KB

Download
memory/1424-1347-0x00007FFAB1B90000-0x00007FFAB1BBD000-memory.dmp

Filesize
180KB

Download
memory/1424-1329-0x00007FFAADDC0000-0x00007FFAADDE4000-memory.dmp

Filesize
144KB

Download
memory/1424-1316-0x00007FFAA3D00000-0x00007FFAA42E8000-memory.dmp

Filesize
5.9MB

Download