hxxps://drive[.]google[.]com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2400	ransom.exe
6044	ransom.exe

Loads dropped DLL 37 IoCs

pid	Process
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe
6044	ransom.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000800000002340b-116.dat	pyinstaller

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699001497583802"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 592235.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
5076	msedge.exe
5076	msedge.exe
4700	identity_helper.exe
4700	identity_helper.exe
3656	msedge.exe
3656	msedge.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 468	5076	msedge.exe	83
PID 5076 wrote to memory of 468	5076	msedge.exe	83
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 2820	5076	msedge.exe	84
PID 5076 wrote to memory of 3204	5076	msedge.exe	85
PID 5076 wrote to memory of 3204	5076	msedge.exe	85
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86
PID 5076 wrote to memory of 4524	5076	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1UhZuVquQSGbGRAjtlcJ9BiZcpGQeSjxl/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffdbf0b46f8,0x7ffdbf0b4708,0x7ffdbf0b4718
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,14386297581655630530,2618848955853606322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3720

C:\Users\Admin\Downloads\ransom.exe
"C:\Users\Admin\Downloads\ransom.exe"
1⤵
- Executes dropped EXE
PID:2400
- C:\Users\Admin\Downloads\ransom.exe
  "C:\Users\Admin\Downloads\ransom.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdbe9bcc40,0x7ffdbe9bcc4c,0x7ffdbe9bcc58
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2140,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3700,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,17694495882280331417,17154595307714053861,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:3140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
48a3fbfb914ae42a201d5042748a80cd

SHA1
8e8e661338485b6f94954874f6292366f978a4fd

SHA256
683ab3338071752ab90c7c8790ff52420b55347adfe77b459f41b8f2548eb59f

SHA512
5379df72a158276c22508a213db773cf06a3caa738fded2511c6990fcfda274521658c05fe4bd33347a49fff900e3ec0cb56a703c4e161cf13fa9fea6fc0efb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d810f6a2b74655791d808ecba5ad2682

SHA1
1c20dab6de7a851289b3f2b58c190a995f27724d

SHA256
8522eb10148a437bc7b7d532cf5d788057b328b51380ef05d698144892d242de

SHA512
829c951d57d99b19ab9d48a7492d0e4f277fed176360ef0730d36290c6ed107dfd8cb5df6a15ff9b794bdcf82f3b24efbefc3ed0c08160d1135be74f122c0813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
57d6b7b72b27b9882658aef60c7f0d5a

SHA1
10e4ede40a59db746a67745f0a0199436095ff86

SHA256
17768b88c18c5d45faabf18a0cf453b59dfb135e75db39728e9c907500e81f0f

SHA512
3d06c27376ae4125eec21cd06d206c5581c741a31a7a85556a4179bccf24a7dbcec27cb9df40e8e9a80ae61af81595ddba2e10f762000c1df73ee109ccfa7ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
667ed7ead0a670d3ab1161803c0d7103

SHA1
d622380873fbfb8e221e2ab2e54197e4ee090d3c

SHA256
5f278e8a010c7f24be0aa845e2444b3c8bf5fd1c5f3f0812c1bfdd99fed19c57

SHA512
9b7d6fb98978c1af476b69ab65c1e512f6ae91f1f80e8865ef67057748903fd37206fb85070a67c7b2adabc0ecfc6e9521e4151f30f000ca4a8406447ee82f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7961244ee6cd64d1a034b329a6eb32d5

SHA1
f99235f74a4d79b4c8fedf073837edec8786bbaf

SHA256
e4cb6122990c9ca2093da6f57f1e86e9c2e8d3005ddc4ad0b96a7e609d383250

SHA512
796bff0248c791bf86706f97d4f4cb86bda08d102d3f764d0123c9e606ad400b5bbe95bd77f7b64fc767c2fdc8a81fbc52b60af45135059c4e052a72b5c45d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
865d16b933953534f1dd36591f035b0d

SHA1
089edbbf2d8b1e53f2a7d094fa5429a1cde16a34

SHA256
a25c9e9a4fb3d7ae513eb620a7778f770cc755527b587e8fa2c8199b19affd1d

SHA512
01f31f3705b44c13549dae71beb1023a0752c073cd145f9ee407f424e9dac9a52d266f46d663e4a2633fd771988546fccd7b40b656e5a143ec9b785d7517d297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
596281fa82635f8ce96340c16c21bcac

SHA1
d1fb73d8b14a86f50f905d9d5309643aabb5738d

SHA256
4aa3d8eebc8302f4d6fc50bd46c1fd85ae5bae25e34eb960a154f341c567ddd0

SHA512
eec7aad2413afce50a894ac618063f1dd1d3df550bff5dd56e308758a8257fa90ddb0d4b540f773b21e791138011c8d4ca6ca21e143c9fb174b2599030a015ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6fc54bdb8ac9bea2ac14f421bcda3c6

SHA1
875c70d8018785c823926225c5646e1423787ef5

SHA256
934362b4b4ec810314bc8e76c9768b1cd79855f762c38882e23ae438be9668fb

SHA512
337d8f43680979be8ed6ff2dea7e8afba78e1f618229709f9f1800180749048e9ea762f625094a08c4cfac3c40ad18995275f0b075e1d441ceb6d4987a7539a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
6af4ff09ab2dfbacafd51d8773aa11cb

SHA1
eb4f87f39059d5ca05211b92d30fe12434119d18

SHA256
df7de062a6489a56962a804732c83f659993d99097744df97a5cd37efbdf0742

SHA512
0e52563d8bf1e42f24b8a313635406ee20e4dd7b03977c37be86700eb714a627363f77fb28c274cab14817a7efebe77e0c3e5dc1387110b2cb599e231f3308ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
7a299ab50b05dae466258585b1113b46

SHA1
e7ec04d05fe28245c93702e254fd821637d84a2d

SHA256
a082ca7ff5cc8ed611468b2acd3746eea8df5e7b91870707213cf4085af0494f

SHA512
bc94f98fbe14e925cfd17bf754bdabfbd2787f8bde252ba490593f5c5fd479f4c1b78d8b3e3af51d9a671c76819b3b7c7cc63c39a0b989d36ae655ff02eba8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
40f21b15de5014a07d77d83a57f90b8a

SHA1
7e5821f8416e98609e7ff2a26834a9602df5dc4a

SHA256
92f707996e415dc6202826184d8318895ffdfa6562d76ce0dcbdc63fd02d9b2e

SHA512
2c2abae8d0045e3830232287615894d4a3013e44e0c5676c22c5fc8b8da9508f97c98d1250d1ef7a63793183a7a4106accda5f638450c694ff25e34c7c2b865f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
d0b3dfc6d3bdabee40acc4e49fa45eb0

SHA1
eb2d4ac5f17d0deaff21a3919fe5cd7e70a11daa

SHA256
8daa171e5694aeb1c88f61733c85f92deba33e216296bd85b02c806c4a085e1a

SHA512
c7ba1255845791d817a192d6969e336e4036d375a0ef9bb3187ceaaa990df300e681102823a533edc1d1f0d2a75430646a2a8948d7cdeeb765cb69089ba7adea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a6562b103b1d56927918d3e0972892c

SHA1
58fa393e2c17c6ba6dc9499ac142b2ed5349135d

SHA256
825cdebca6e3a9d1c1504545893413dde5d668edd192a854039962ba3cfa8751

SHA512
c09759168cb73caa74c7c2a8999ccdcb694370497a75bbaf9df39618ce33564239dc8dea618990096a8da24c582cb722d8c5b2148abb64f877a8e46140e8264f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a84055f7de17a1b123109a00b5a855af

SHA1
2453d35b22dcf3254d5bd2e3713882acc8e4b0f2

SHA256
1b86043d4bd83544d0bedc63b375d23ccc430691ccb01ca9ac9d3b933565bc4b

SHA512
02db9711400337fb7fdecd54fa22ef3b3e5983232fa945c9bc9589aabdca7d1a9379f438b43a8e1fb6d622f0c8222ba12d4dd433742f400a3fd64312af426392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19dd8d64f12ac556af7e8e09d7b25880

SHA1
0b4e84ab4ca9b59386af43f99ce693de85f7d16c

SHA256
7e46cb729e645b10e56b5cf5beedbbef9b1d5f486ec337997600ccb419d744ab

SHA512
8f75d23bf9d3e83e62ee810963e356c6f3574a1011133a75d43e0274a201712ea7203f320599faa8e8d021cf3d6529afe2ebcc222885fefbac0090756dfc483f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc87bcee1bac7dd75946b9de5b28857a

SHA1
19c24bb98eb6fdfa301db0e3c89982a105311219

SHA256
ca82eb3d6baf399f17784d308558d3e6f26d44fb94bf58f3bfc912d3555b4eaf

SHA512
ff5558c0ac42c403baecc5af84f3d3e9805dbf336673ad94a1e9df625ae894e3020d4f9c5a6a9f221fd0d7642c8ffccb3da0731f217772361465bfb27fd7aadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8fa0dc8cddf8bd684a0f3d08dd19adb5

SHA1
b298f42cee7a601d4033533f7d1de499e2a71d23

SHA256
7d648e63637b21350b3435fec3b59f3a35f7836ffb26ae39aff87f4c8ac0be33

SHA512
c222bb6b27b29213091dee1a3e254d02c7c6d139fdc1226fad4e7ac31b0fde6c94565d61746b46b8004e411c0fc3a50c929f070c3e97ca18465f63b4c4f6d9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a05042b3330b21e759488718a75b089f

SHA1
f98f8a5887af1012dad831d9bffc40a01f9915c2

SHA256
f7cea7223f883803057f095d52410a8b13a52cfe16c6c3ef01019e5bf1aaa431

SHA512
e5c81ffa4f2243597738267fac9718d7608c7312ae8c4f838ac883298e29c6d64676d124eecd080d5a288e35bc72903d5c0834be50c556b38967b5327f293f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e91cc9199eceea347739004e4217716f

SHA1
89362f9e008a5a3a3e7d68116a31e415ddd3734e

SHA256
ea163cfe2311fff1a91b9e6e8119e24990da5107bc314e93ed8d68e874ee95bf

SHA512
22fe69e8bd0dd7d82efba33ebe555555ef4c28c0c9a511725213dc8498f6c26895348be3074070847eac068a443fc8dfd0067efa64c0c3e2d6a23965d5a15cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14af260e782aecd8bdab1df76c8719a8

SHA1
eb1870cf2ef8c1424260d0f531e31897d338415a

SHA256
2fc7a40f198b676c1b3c86076c9d06a6834f242e5f8fb46ce120a86872e6c323

SHA512
7a35a4b6abe6747003c88283a059cb9e3d2054baea9f4d1f9f6e7a33aac2c49c89acccfc45b56c29ba105fd6cc08d7903ccee60edad4441e04883e3d54945797

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_asyncio.pyd

Filesize
69KB

MD5
28d2a0405be6de3d168f28109030130c

SHA1
7151eccbd204b7503f34088a279d654cfe2260c9

SHA256
2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d

SHA512
b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_bz2.pyd

Filesize
83KB

MD5
223fd6748cae86e8c2d5618085c768ac

SHA1
dcb589f2265728fe97156814cbe6ff3303cd05d3

SHA256
f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb

SHA512
9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
d8caf1c098db12b2eba8edae51f31c10

SHA1
e533ac6c614d95c09082ae951b3b685daca29a8f

SHA256
364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d

SHA512
77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_ctypes.pyd

Filesize
122KB

MD5
bbd5533fc875a4a075097a7c6aba865e

SHA1
ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00

SHA256
be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570

SHA512
23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_decimal.pyd

Filesize
245KB

MD5
3055edf761508190b576e9bf904003aa

SHA1
f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890

SHA256
e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577

SHA512
87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_hashlib.pyd

Filesize
64KB

MD5
eedb6d834d96a3dffffb1f65b5f7e5be

SHA1
ed6735cfdd0d1ec21c7568a9923eb377e54b308d

SHA256
79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2

SHA512
527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_lzma.pyd

Filesize
156KB

MD5
05e8b2c429aff98b3ae6adc842fb56a3

SHA1
834ddbced68db4fe17c283ab63b2faa2e4163824

SHA256
a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c

SHA512
badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_multiprocessing.pyd

Filesize
34KB

MD5
a4281e383ef82c482c8bda50504be04a

SHA1
4945a2998f9c9f8ce1c078395ffbedb29c715d5d

SHA256
467b0fef42d70b55abf41d817dff7631faeef84dce64f8aadb5690a22808d40c

SHA512
661e38b74f8bfdd14e48e65ee060da8ecdf67c0e3ca1b41b6b835339ab8259f55949c1f8685102fd950bf5de11a1b7c263da8a3a4b411f1f316376b8aa4a5683

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_overlapped.pyd

Filesize
54KB

MD5
ba368245d104b1e016d45e96a54dd9ce

SHA1
b79ef0eb9557a0c7fa78b11997de0bb057ab0c52

SHA256
67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615

SHA512
429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_queue.pyd

Filesize
31KB

MD5
6e0cb85dc94e351474d7625f63e49b22

SHA1
66737402f76862eb2278e822b94e0d12dcb063c5

SHA256
3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b

SHA512
1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_socket.pyd

Filesize
81KB

MD5
dc06f8d5508be059eae9e29d5ba7e9ec

SHA1
d666c88979075d3b0c6fd3be7c595e83e0cb4e82

SHA256
7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a

SHA512
57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_ssl.pyd

Filesize
174KB

MD5
5b9b3f978d07e5a9d701f832463fc29d

SHA1
0fcd7342772ad0797c9cb891bf17e6a10c2b155b

SHA256
d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa

SHA512
e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_tkinter.pyd

Filesize
62KB

MD5
1df0201667b4718637318dbcdc74a574

SHA1
fd44a9b3c525beffbca62c6abe4ba581b9233db2

SHA256
70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076

SHA512
530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\_wmi.pyd

Filesize
35KB

MD5
7ec3fc12c75268972078b1c50c133e9b

SHA1
73f9cf237fe773178a997ad8ec6cd3ac0757c71e

SHA256
1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f

SHA512
441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\base_library.zip

Filesize
1.3MB

MD5
8dad91add129dca41dd17a332a64d593

SHA1
70a4ec5a17ed63caf2407bd76dc116aca7765c0d

SHA256
8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783

SHA512
2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\pyexpat.pyd

Filesize
196KB

MD5
5e911ca0010d5c9dce50c58b703e0d80

SHA1
89be290bebab337417c41bab06f43effb4799671

SHA256
4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b

SHA512
e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\python312.dll

Filesize
6.6MB

MD5
3c388ce47c0d9117d2a50b3fa5ac981d

SHA1
038484ff7460d03d1d36c23f0de4874cbaea2c48

SHA256
c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb

SHA512
e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\select.pyd

Filesize
29KB

MD5
92b440ca45447ec33e884752e4c65b07

SHA1
5477e21bb511cc33c988140521a4f8c11a427bcc

SHA256
680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3

SHA512
40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Filesize
1KB

MD5
4ce7501f6608f6ce4011d627979e1ae4

SHA1
78363672264d9cd3f72d5c1d3665e1657b1a5071

SHA256
37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b

SHA512
a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\tcl86t.dll

Filesize
1.7MB

MD5
21dc82dd9cc445f92e0172d961162222

SHA1
73bc20b509e1545b16324480d9620ae25364ebf1

SHA256
c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03

SHA512
3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\tk86t.dll

Filesize
1.5MB

MD5
9fb68a0252e2b6cd99fd0cb6708c1606

SHA1
60ab372e8473fad0f03801b6719bf5cccfc2592e

SHA256
c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de

SHA512
f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\unicodedata.pyd

Filesize
1.1MB

MD5
16be9a6f941f1a2cb6b5fca766309b2c

SHA1
17b23ae0e6a11d5b8159c748073e36a936f3316a

SHA256
10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04

SHA512
64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24002\zlib1.dll

Filesize
143KB

MD5
297e845dd893e549146ae6826101e64f

SHA1
6c52876ea6efb2bc8d630761752df8c0a79542f1

SHA256
837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1

SHA512
f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 592235.crdownload

Filesize
14.8MB

MD5
3d8451e4a7a7325d6980bd0b075e7c6b

SHA1
a2cecd434b14f23fd405760f09c786bec85b1a29

SHA256
cf8c1099ed35b9de09b02e179a8613665a9443752ab01148e2a541709dc322c7

SHA512
68e85e9c9d91dc487c0937de81ecf8d39e613bfb03a441669eec124baee624baca90fe7b2cece823942c1ede6de6d56ef799e18853d64955b28de59ffb66f7a7

Download Submit
memory/6044-1419-0x00007FFDC2BB0000-0x00007FFDC2BDA000-memory.dmp

Filesize
168KB

Download