b2fd41b241aef3c5400bff943206a710c6971e8b80c27cc8504a3a6b8fa7e7db

Resubmissions

13/09/2024, 22:39

240913-2k2aassgrj 10

13/09/2024, 22:21

240913-19nj3asgra 10

Analysis

max time kernel
108s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SSCOSMETICS.exe
Size

102.9MB
MD5

a06ccc09faef64a85a921426d9e60f12
SHA1

9a2f19c0730bc8312b4301e9454cccad3107f4e6
SHA256

b2fd41b241aef3c5400bff943206a710c6971e8b80c27cc8504a3a6b8fa7e7db
SHA512

7e6778ff098bdbd7c9f764551c64c89fb652a01a89f540c2fccb4df72a80fcbb04bfda2f57ffee2c20ad86f0c5362bbeec6ae2585fcca4ba43f4f55cf5fef9cb
SSDEEP

3145728:eiWL88S6xjKcBanL2qHO5iVjdqlnGQbRe0zJcBq3gvgO3p:e7HSWNaBHCi651XcBq3G3

Score

9^/10

discovery evasion execution persistence

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	runtime.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	runtime.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	SSCOSMETICS.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	SSCOSMETICS.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5016	powershell.exe
7232	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4884	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
1216	runtime.exe
7480	runtime.exe

Loads dropped DLL 64 IoCs

pid	Process
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SScosmetics = "C:\\Users\\Admin\\SScosmetics\\runtime.exe"	SSCOSMETICS.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
49	discord.com
50	discord.com
51	discord.com
52	discord.com
53	discord.com
54	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4884	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707424491583405"	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
1560	SSCOSMETICS.exe
5016	powershell.exe
5016	powershell.exe
5016	powershell.exe
7480	runtime.exe
7480	runtime.exe
7480	runtime.exe
7480	runtime.exe
7480	runtime.exe
7480	runtime.exe
7232	powershell.exe
7232	powershell.exe
7232	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7480	runtime.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeDebugPrivilege	1560	SSCOSMETICS.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeDebugPrivilege	5016	powershell.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeDebugPrivilege	4884	taskkill.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeDebugPrivilege	7480	runtime.exe
Token: SeDebugPrivilege	7232	powershell.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe
Token: SeCreatePagefilePrivilege	1592	chrome.exe
Token: SeShutdownPrivilege	1592	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe
1592	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
7480	runtime.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 3508	1592	chrome.exe	91
PID 1592 wrote to memory of 3508	1592	chrome.exe	91
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 3100	1592	chrome.exe	93
PID 1592 wrote to memory of 1752	1592	chrome.exe	94
PID 1592 wrote to memory of 1752	1592	chrome.exe	94
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95
PID 1592 wrote to memory of 2908	1592	chrome.exe	95

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4884	attrib.exe

C:\Users\Admin\AppData\Local\Temp\SSCOSMETICS.exe
"C:\Users\Admin\AppData\Local\Temp\SSCOSMETICS.exe"
1⤵
PID:4476
- C:\Users\Admin\AppData\Local\Temp\SSCOSMETICS.exe
  "C:\Users\Admin\AppData\Local\Temp\SSCOSMETICS.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1560
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SScosmetics\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\SScosmetics\activate.bat
    3⤵
    PID:2808
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4884
  - - C:\Users\Admin\SScosmetics\runtime.exe
      "runtime.exe"
      4⤵
      Executes dropped EXE
      PID:1216
    - - C:\Users\Admin\SScosmetics\runtime.exe
        
        "runtime.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:7480
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\SScosmetics\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7232
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "SSCOSMETICS.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff901a7cc40,0x7ff901a7cc4c,0x7ff901a7cc58
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5328,i,10498841961961480333,4186235820033747597,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:6904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x304
1⤵
PID:4616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\74e59b86-3579-480b-aa5f-a7aaabfd0a82.tmp

Filesize
9KB

MD5
474f2513a551f876bf1f67903df06825

SHA1
386adcb8b11ca550d3506cc9ca08989351ec564f

SHA256
185ff8e9365b21f2322dd15f445e3a4cc0c89f9af182aa43941ece720a2fa6ee

SHA512
bdfb064ff0bdb7fab7c2f9a17c1b1a1b3cf15f94314b1fb0830107f31e6a1118ded9e02bec0bdb03d8628c28d2a3ee68ab9cc10cebb0f7124b8a67f3417508e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
17df95828fe07033d5c5e676898d3707

SHA1
c3b55e154b28954565c47f4fdb20add8556ecb0b

SHA256
b52da8bde43c9c69529d3877f523fe0b84e0d8d37b3d8423c0734310216ad308

SHA512
b8b48ea7e36e33b22b448e96d019ab589bc83e139d24930194e0a69ae3df730cb72927371e07bf9011f450990e6eb636a4930100cca1e64f15980c122484367c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a57190b065e60b6edad0c2e65701c215

SHA1
aeadc6101ec53a3f29fcc15c7823561fa195fad7

SHA256
ce4c07e21b7e551352b90c14607ba540c15cbc2521bd8422d60e9ff68d5aa0b1

SHA512
5a169661658956694d741ad8c3d575f2e47b3aed80b5a4e0122a0d1f15c66f5f837a85eba68e022648ff115f9916f455b44099207f5f9df542d870296e5c5f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e7b5a6ef9dcea33c9daf36864a7b9ee8

SHA1
de8c41ba6a5ac29a7087187dd9da3c86ff578d02

SHA256
8291f7809920aaa69aba3eb7928936b0186f9690904fc3f8e79e7b36ef0a1691

SHA512
bf9ac39ed769d1cfde3c116234209e6ee0b9c4d764b5cc4285156704087b6a3d64e4ecc4d5ae95ecb142da4f48eaa67017e2be8e82b1847daff7dad6aa737999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8aae11b08e581d698ca6ac5e02326f3f

SHA1
ad1f30390889cd0d0cd0a0d798fb1de6d6a04fe2

SHA256
df9ed77a7be2e0182718fec97ac88b34efd31fc2a43092954834de816e6874c0

SHA512
d87ab8fbd643e87ffbf41750c979905de41fe497d57b4b2e1d3fea5876f18f9a888d7b9dfcc4886dc030c4d96257e93ac88ca1e3fc169881e86d32f20e9bf501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8daa213da5e2969b1bfeaf3483388d72

SHA1
6983ea9958b606149c5fb6ffaa7ef0e2d6d5b142

SHA256
7047e2b37a1f2f9c9f007c4456868a7bc1208cb81155142066fb971dd92f7f45

SHA512
942b72870e35d3496a1c57fde1ed5ad80d3058b0db2ae43f591b0427267ee8c0bd706b0e914df3cc6a6a53e04137edf3de805a6ce45b23d314e66f7d38d9d8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0f7a7d915f816cdf5665cec80654e7db

SHA1
f6d00c58163c595f21dd235154a86a3f60397c8d

SHA256
82a42150a530d35918adb0d326c2e53f22f38ee18fb5610709fe0e08f039aee1

SHA512
8f0852b5f412bf29a81a72058625077ceee107e5a33a62544d8a4d06f691066f2982d1acbc82a7783bec33a26955c0cec86d32827f9484c69f8f9b0f0c6da330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df79a93421e2f5a6149604cef3cbaedc

SHA1
09cb905ff531165227960606e385dd1d99fe7e9b

SHA256
24cd326ab0fdecef4279a681054b5443dc48b90109372c0a1237303572323208

SHA512
2cbec15706de88a22b95952194bb9d8c76d8bf6561ec0908d1c076d366d7d0095c415674f1b8d5c472742dfd3b0d7d469ef3cbef4dbdadd71723eb42dea36ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
206d545fe0fcefe6a59ac9778c015dc4

SHA1
2ce2340cbbb7fc94c827001dc5a7b036bfd3300d

SHA256
5a4a585cd7fbf9ebbfdeddb9daf9333f771d7e60f513896562e93b6b5defa72d

SHA512
b8c96124cf2705c9040c44599ca550ea3ee93ba6ff2680ca429487308f7504d870c6fd640ade573a6f8380d7cccf064468f9eb354d2e20c82b9a45fb99481f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59a368d773b9243375d26d035a2bc3f8

SHA1
d9f3d68b7d3a83fed09c73180a55684dac12e066

SHA256
dd3a5360818a9f4320505f395a336253517c2e10e7d3cece6d772e74a45ff995

SHA512
95d6a3a747224744739b106eab09462e3b1f210813935920d58c3c11b4db4c5f55b04e414afba33ee3993ac3c596d7e64dbfc2deb51c897f86f3fbd891ff7740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9837c0e34c5562d81be5c0108e507d2

SHA1
89e55dfc09cec9a01ef23c96ffc1bed35b21dc15

SHA256
4bb34000a6f2d8ae3c113b2defea131ccfce84ba564b57d5a9c2f309fff22322

SHA512
cd824e988480eee31f6e23e108648507fd4b77106f1a5e9b71e8c88d6be3c3b9a50860d750d5577350db5101e6409bbdc1c996101a3fa407d78633ccdb8c828d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d96f1ab8f77391e78712665825cbc6d5

SHA1
22a372b9020289ea7ce15a483269620cdeca7f93

SHA256
51e70f933c897595c160d1d3104729b7bce11def407b5954dd3a9b57c61cd262

SHA512
ea3143c0ee88660088f6a9dbe55d931544e66522e7a448609cf7940bd31f1f8458bd29cb3fd1a55f725b1a9b27776cd83e1538b7e98e837b3f02c477e23124b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc663f19aa2cddc8f3408fe1da160930

SHA1
e51d4f6595eca5905427a70f2e083fa5e2570b56

SHA256
2ceb087cfec5897987e75952e1e8e1ca911d432b1f7542c201f53549f9c0e392

SHA512
d7655cfadbcdd72ef073c943c4c481981117ae2f2dbc99005759ebc246485e2cdac3fb5fa74c60d3894229219875befbe821435c7fdd2cbafc53ea44468e692c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5358693990a166b68691ebe8fc9715ba

SHA1
f55c5bce7b67ff96907f0b51dbccfacc0c20c743

SHA256
50c025922111d1ce2fe89f9883f3c1383afde01c1087ef33d3ff4445199e5ebd

SHA512
a84742a0c7ea44717903a001af45c29fb12e015c8c3e3b248c29ecc8aa8a2f1a107760a9610ff6c1c7d4a9df33abcebdfb82bb7856842d5ffbeaf5551ff4125e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
e0a4442d5cfd67d480e4030db9ddfeea

SHA1
c877002f229bc99060c256a97611142eca64e2c8

SHA256
34596fd9eca3385c77c5086bffc1ca105ed64094972b1388790950ff4dae3ed8

SHA512
772954f80b3fb29cce7cfaae0d5c95c93f4b79d529ac0d34101eab26be540a3009a2381f46b07391d7dfb451cd0e1d88ac4d5d4c4ecad2bdf33b6666106ca098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
877ad53f56e1241de5fe5f2b93ca9fe9

SHA1
d6f027d3b2a3559539452a63d74152db5c9be87e

SHA256
e0a503936d38c129599afbe4d635408c2a96708fa375277d7e05cd6533a129fd

SHA512
75c7d7df982d4fdd00893b8da8732eb82c91e099ba4752699ed3bc5d4eda149430553113ec8b5d7d0f135b49c06dde26689025d0eb18f01db68560a91595a30f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\SDL2.dll

Filesize
2.4MB

MD5
83c5ff24eae3b9038d74ad91dc884e32

SHA1
81bf9f8109d73604768bf5310f1f70af62b72e43

SHA256
520d0459b91efa32fbccf9027a9ca1fc5aae657e679ce8e90f179f9cf5afd279

SHA512
38ff01891ad5093d0e4f222c5ab703a540514271bf3b94fb65f910193262af722adb9d4f4d2bd6a54c090a7d631d8c98497b7d78bd21359fdea756ff3ac63689

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\SDL2_mixer.dll

Filesize
285KB

MD5
201aa86dc9349396b83eed4c15abe764

SHA1
1a239c479e275aa7be93c5372b2d35e98d8d8cec

SHA256
2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8

SHA512
bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\SDL2_ttf.dll

Filesize
1.5MB

MD5
f187dfdccc102436e27704dc572a2c16

SHA1
be4d499e66b8c4eb92480e4f520ccd8eaaa39b04

SHA256
fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63

SHA512
75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_asyncio.pyd

Filesize
69KB

MD5
90a38a8271379a371a2a4c580e9cd97d

SHA1
3fde48214fd606114d7df72921cf66ef84bc04c5

SHA256
3b46fa8f966288ead65465468c8e300b9179f5d7b39aa25d7231ff3702ca7887

SHA512
3bde0b274f959d201f7820e3c01896c24e4909348c0bc748ade68610a13a4d1e980c50dab33466469cdd19eb90915b45593faab6c3609ae3f616951089de1fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_bz2.pyd

Filesize
83KB

MD5
30f396f8411274f15ac85b14b7b3cd3d

SHA1
d3921f39e193d89aa93c2677cbfb47bc1ede949c

SHA256
cb15d6cc7268d3a0bd17d9d9cec330a7c1768b1c911553045c73bc6920de987f

SHA512
7d997ef18e2cbc5bca20a4730129f69a6d19abdda0261b06ad28ad8a2bddcdecb12e126df9969539216f4f51467c0fe954e4776d842e7b373fe93a8246a5ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
fcb71ce882f99ec085d5875e1228bdc1

SHA1
763d9afa909c15fea8e016d321f32856ec722094

SHA256
86f136553ba301c70e7bada8416b77eb4a07f76ccb02f7d73c2999a38fa5fa5b

SHA512
4a0e98ab450453fd930edc04f0f30976abb9214b693db4b6742d784247fb062c57fafafb51eb04b7b4230039ab3b07d2ffd3454d6e261811f34749f2e35f04d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_ctypes.pyd

Filesize
122KB

MD5
5377ab365c86bbcdd998580a79be28b4

SHA1
b0a6342df76c4da5b1e28a036025e274be322b35

SHA256
6c5f31bef3fdbff31beac0b1a477be880dda61346d859cf34ca93b9291594d93

SHA512
56f28d431093b9f08606d09b84a392de7ba390e66b7def469b84a21bfc648b2de3839b2eee4fb846bbf8bb6ba505f9d720ccb6bb1a723e78e8e8b59ab940ac26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_decimal.pyd

Filesize
251KB

MD5
7ae94f5a66986cbc1a2b3c65a8d617f3

SHA1
28abefb1df38514b9ffe562f82f8c77129ca3f7d

SHA256
da8bb3d54bbba20d8fa6c2fd0a4389aec80ab6bd490b0abef5bd65097cbc0da4

SHA512
fbb599270066c43b5d3a4e965fb2203b085686479af157cd0bb0d29ed73248b6f6371c5158799f6d58b1f1199b82c01abe418e609ea98c71c37bb40f3226d8c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_elementtree.pyd

Filesize
130KB

MD5
d20e0888b180c980e54b9e74db901c26

SHA1
c1ea58dd9c475f1fd5e89be2088c7ea0d38efcce

SHA256
798e8ddfc45495c26593a0550554e32a62cbdd9da5556e25da7231a0bf8fd274

SHA512
fbf27fc1021d7954c653cac702121e46d39f3a6a09e5d60392334f40d589feda4f6714a5bae6ebc2ef0196776a650bc8a0a5dd0a16a0e6e4f2911918443fbe79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_hashlib.pyd

Filesize
64KB

MD5
a25bc2b21b555293554d7f611eaa75ea

SHA1
a0dfd4fcfae5b94d4471357f60569b0c18b30c17

SHA256
43acecdc00dd5f9a19b48ff251106c63c975c732b9a2a7b91714642f76be074d

SHA512
b39767c2757c65500fc4f4289cb3825333d43cb659e3b95af4347bd2a277a7f25d18359cedbdde9a020c7ab57b736548c739909867ce9de1dbd3f638f4737dc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_lzma.pyd

Filesize
156KB

MD5
9e94fac072a14ca9ed3f20292169e5b2

SHA1
1eeac19715ea32a65641d82a380b9fa624e3cf0d

SHA256
a46189c5bd0302029847fed934f481835cb8d06470ea3d6b97ada7d325218a9f

SHA512
b7b3d0f737dd3b88794f75a8a6614c6fb6b1a64398c6330a52a2680caf7e558038470f6f3fc024ce691f6f51a852c05f7f431ac2687f4525683ff09132a0decb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_multiprocessing.pyd

Filesize
34KB

MD5
41ee16713672e1bfc4543e6ae7588d72

SHA1
5ff680727935169e7bcb3991404c68fe6b2e4209

SHA256
2feb0bf9658634fe8405f17c4573feb1c300e9345d7965738bedeb871a939e6b

SHA512
cb407996a42bdf8bc47ce3f4c4485e27a4c862bf543410060e9f65d63bfba4c5a854a1f0601e9d8933c549e5459cb74ca27f3126c8cdbde0bdd2e803390ab942

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_overlapped.pyd

Filesize
54KB

MD5
737f46e8dac553427a823c5f0556961c

SHA1
30796737caec891a5707b71cf0ad1072469dd9de

SHA256
2187281a097025c03991cd8eb2c9ca416278b898bd640a8732421b91ada607e8

SHA512
f0f4b9045d5328335dc5d779f7ef5ce322eaa8126ec14a84be73edd47efb165f59903bff95eb0661eba291b4bb71474dd0b0686edc132f2fba305c47bb3d019f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_queue.pyd

Filesize
31KB

MD5
e1c6ff3c48d1ca755fb8a2ba700243b2

SHA1
2f2d4c0f429b8a7144d65b179beab2d760396bfb

SHA256
0a6acfd24dfbaa777460c6d003f71af473d5415607807973a382512f77d075fa

SHA512
55bfd1a848f2a70a7a55626fb84086689f867a79f09726c825522d8530f4e83708eb7caa7f7869155d3ae48f3b6aa583b556f3971a2f3412626ae76680e83ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_socket.pyd

Filesize
81KB

MD5
69801d1a0809c52db984602ca2653541

SHA1
0f6e77086f049a7c12880829de051dcbe3d66764

SHA256
67aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3

SHA512
5fce77dd567c046feb5a13baf55fdd8112798818d852dfecc752dac87680ce0b89edfbfbdab32404cf471b70453a33f33488d3104cd82f4e0b94290e83eae7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_sqlite3.pyd

Filesize
122KB

MD5
64417c2ccd84392880b417e8a9f7a4bc

SHA1
88c6139471737b14d4161c010b10ad9615766dbb

SHA256
fdeacc2aff71fe21d7a0de0603388299fa203c2692fdbdb3709f1bc4cc9cdc0e

SHA512
05163d678f18ea901c5da45f41ee25073b7834e711c2809f98df122e6485b3979c5331709a6f48079a53931d3dbc3b569738b51736260ce1b67811c073c7ea84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_ssl.pyd

Filesize
174KB

MD5
90f080c53a2b7e23a5efd5fd3806f352

SHA1
e3b339533bc906688b4d885bdc29626fbb9df2fe

SHA256
fa5e6fe9545f83704f78316e27446a0026fbebb9c0c3c63faed73a12d89784d4

SHA512
4b9b8899052c1e34675985088d39fe7c95bfd1bbce6fd5cbac8b1e61eda2fbb253eef21f8a5362ea624e8b1696f1e46c366835025aabcb7aa66c1e6709aab58a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_tkinter.pyd

Filesize
64KB

MD5
911d7552870c5d1ffa646326ab760d38

SHA1
c6d90ef0540f16e0c0112801ff57325d676d2946

SHA256
f91d38d865378a120f76596c90e79f6ba57fcf3c39dedb99098e597d9b577256

SHA512
44fbba9cfe5ae64b440751145c7497588c19cc038838c9e046a328682f100d7f45bd9c914fb8e1d462cf105628767ed308bbc19cdbcc5b0afe74621bccc81d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_uuid.pyd

Filesize
25KB

MD5
d8c6d60ea44694015ba6123ff75bd38d

SHA1
813deb632f3f3747fe39c5b8ef67bada91184f62

SHA256
8ae23bfa84ce64c3240c61bedb06172bfd76be2ad30788d4499cb24047fce09f

SHA512
d3d408c79e291ed56ca3135b5043e555e53b70dff45964c8c8d7ffa92b27c6cdea1e717087b79159181f1258f9613fe6d05e3867d9c944f43a980b5bf27a75ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\_wmi.pyd

Filesize
36KB

MD5
827615eee937880862e2f26548b91e83

SHA1
186346b816a9de1ba69e51042faf36f47d768b6c

SHA256
73b7ee3156ef63d6eb7df9900ef3d200a276df61a70d08bd96f5906c39a3ac32

SHA512
45114caf2b4a7678e6b1e64d84b118fb3437232b4c0add345ddb6fbda87cebd7b5adad11899bdcd95ddfe83fdc3944a93674ca3d1b5f643a2963fbe709e44fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\base_library.zip

Filesize
1.3MB

MD5
8af5529b3a42efe0c066b1b87c37d8f8

SHA1
cb9f9cc0330e7ea75b1fc4ecb2d970f857df7c13

SHA256
b634ce28b2e42c8d72cbca67140d7f38684411bf6c6ae815064ea87381666414

SHA512
c8d515c30006008b96bbaf4dbdfe846b511290af483fc705c393f2b5377f678b6ff63cbdc27d0284e538f5bcf2b7d0a30c678b9187a96dc76a930292d2d608da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libopusfile-0.dll

Filesize
45KB

MD5
245498839af5a75cd034190fe805d478

SHA1
d164c38fd9690b8649afaef7c048f4aabb51dba8

SHA256
ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4

SHA512
4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libtiff-5.dll

Filesize
422KB

MD5
7d40a697ca6f21a8f09468b9fce565ad

SHA1
dc3b7f7fc0d9056af370e06f1451a65e77ff07f7

SHA256
ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95

SHA512
5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\libwebp-7.dll

Filesize
437KB

MD5
2c5aca898ff88eb2c9028bbeefebbd1e

SHA1
7a0048674ef614bebe6cc83b1228d670372076c9

SHA256
9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50

SHA512
46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\portmidi.dll

Filesize
41KB

MD5
df538704b8cd0b40096f009fd5d1b767

SHA1
d2399fbb69d237d43624e987445694ec7e0b8615

SHA256
c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013

SHA512
408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\pyexpat.pyd

Filesize
197KB

MD5
8c1f876831395d146e3bcadcea2486dd

SHA1
82cbfb59f0581a0554d6a5061e1f82e6b46a3473

SHA256
d32d7722d6ed2b2780c039d63af044554c0ba9cf6e6efef28ebc79cb443d2da0

SHA512
73067bb8dcc44cd52551a48400bd8e721268dd44f9884ebb603452ece9c7bd276d40b7cbca4f10223f27b8ccdcd1d2ec298a1c767a691859aea10056c108a730

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\python3.dll

Filesize
66KB

MD5
5eace36402143b0205635818363d8e57

SHA1
ae7b03251a0bac083dec3b1802b5ca9c10132b4c

SHA256
25a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2

SHA512
7cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\select.pyd

Filesize
30KB

MD5
7c14c7bc02e47d5c8158383cb7e14124

SHA1
5ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3

SHA256
00bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5

SHA512
af70cbdd882b923013cb47545633b1147ce45c547b8202d7555043cfa77c1deee8a51a2bc5f93db4e3b9cbf7818f625ca8e3b367bffc534e26d35f475351a77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\sqlite3.dll

Filesize
1.5MB

MD5
f3592da629e4f247598e232b2cbfbac1

SHA1
65429fbec3f5545640f2cda784dc7dcca420eb3b

SHA256
054a7b736de7afbd447b07ee5e72df2febcaa06758f7a028873771567e8735d3

SHA512
6fc24890a7be1ed73f1efdf2b7723c3a7de5ddb36b87ff7b01949fc2b14813e7b7c8b8311abee2796a9a4efffedfc1d2020ffa794e59004ca4fb6798b993190d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\tcl86t.dll

Filesize
1.7MB

MD5
1ddd4633814e91eb748c84647c526d19

SHA1
c3c2561fd5f971e6487eafff151b2cb00f2eb1e3

SHA256
1026c8c8eaaf3744f3ad8e80b4baa366e88aa0a048c0823838e39acef86ce964

SHA512
2c9e64ca4edcd2ec0292b558f40feaa2da875deafd85945aac77e49d0b71e2280e020396f719fecca52afa66454d7a55aa9712113e8fcbbe30202c956bf7f552

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\tk86t.dll

Filesize
1.5MB

MD5
4a740c514fb3b3dfb3d9d20fb57872c5

SHA1
11bea1a884fa01146190c6cae45fdc5f27fc8adc

SHA256
59e2a8784bdbd35b4bf8e688690e2672b6b5d652cc063ba19661eff2715b8e13

SHA512
fe2d1dcae5fca2901ca1bffecb0b6fa189a55d8fcc007ec1db379d40a5f47a87d08ee2e3e5f7fbf18d7d609d738c6d31a5a291cd08577d750ab2cc8c54f6491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\unicodedata.pyd

Filesize
1.1MB

MD5
a8ed52a66731e78b89d3c6c6889c485d

SHA1
781e5275695ace4a5c3ad4f2874b5e375b521638

SHA256
bf669344d1b1c607d10304be47d2a2fb572e043109181e2c5c1038485af0c3d7

SHA512
1c131911f120a4287ebf596c52de047309e3be6d99bc18555bd309a27e057cc895a018376aa134df1dc13569f47c97c1a6e8872acedfa06930bbf2b175af9017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44762\zlib1.dll

Filesize
106KB

MD5
5eac41b641e813f2a887c25e7c87a02e

SHA1
ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5

SHA256
b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08

SHA512
cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tifbwlsj.leu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/5016-1444-0x000001EA26AA0000-0x000001EA26AC2000-memory.dmp

Filesize
136KB

Download