hxxps://rb[.]gy/tqayge

Analysis

max time kernel
158s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/tqayge

Score

8^/10

discovery pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4912	riddlegame.exe
4316	riddlegame.exe
4064	riddlegame.exe
4668	riddlegame.exe
5772	riddlegame.exe
6116	riddlegame.exe

Loads dropped DLL 64 IoCs

pid	Process
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4316	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
4668	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe
6116	riddlegame.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0009000000023ca6-81.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733840819392275"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
5428	chrome.exe
5428	chrome.exe
5428	chrome.exe
5428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 3416	2052	chrome.exe	86
PID 2052 wrote to memory of 3416	2052	chrome.exe	86
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 3640	2052	chrome.exe	87
PID 2052 wrote to memory of 452	2052	chrome.exe	88
PID 2052 wrote to memory of 452	2052	chrome.exe	88
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89
PID 2052 wrote to memory of 4700	2052	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rb.gy/tqayge
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaf3a3cc40,0x7ffaf3a3cc4c,0x7ffaf3a3cc58
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3284,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4968,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5288,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5304,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3356,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,15431289545963823742,1943076833416238661,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2268

C:\Users\Admin\Desktop\riddlegame.exe
"C:\Users\Admin\Desktop\riddlegame.exe"
1⤵
- Executes dropped EXE
PID:4912
- C:\Users\Admin\Desktop\riddlegame.exe
  "C:\Users\Admin\Desktop\riddlegame.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4316

C:\Users\Admin\Desktop\riddlegame.exe
"C:\Users\Admin\Desktop\riddlegame.exe"
1⤵
- Executes dropped EXE
PID:4064
- C:\Users\Admin\Desktop\riddlegame.exe
  "C:\Users\Admin\Desktop\riddlegame.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4668

C:\Users\Admin\Desktop\riddlegame.exe
"C:\Users\Admin\Desktop\riddlegame.exe"
1⤵
- Executes dropped EXE
PID:5772
- C:\Users\Admin\Desktop\riddlegame.exe
  "C:\Users\Admin\Desktop\riddlegame.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bdb88bd17a30ad25266345c8a472f2ae

SHA1
f77a0dfe5f393897811b330f74b5a57490e1a18b

SHA256
d2b64992c1822ce3b5cf5104f48e593ecc6c92175793996fc4b91215cc134357

SHA512
91dd7c74d6180749f8d01099b415728f513cb343d9e61b0f92dc1814db8125b8cbccec0e7ea59933e9e9c2ee3f06913c29601fdf2cc74b59b6aaa7b28682a3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
5553c85afc9acdcae2f8ffe1d92a3390

SHA1
3b2c511ee7e7cf033bf4cc16e443d773842ed1b6

SHA256
db5da84352d72aa9c0c8ce97f92fe03f1ae78611ec1da8b18d670f74a197539a

SHA512
9f46a6d87b8a2169d23497a9f4e1cacb69917e44863bdddc7f1e980d9311771823ad9b38e8df569965a97e9f7bab24f448e74438b18e76acea5844b8cb044c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
15ab99790bdbbac19e6cacd6a5a6b00d

SHA1
5582db1c72afbc12a0fd04ac1cd86d3fea75fcb0

SHA256
03834e0792ce03f9287a4df0ec34e997f99a4fb7166b5b9c6bd462a14bd1d740

SHA512
42e732667166b319f7d5de7088278124db91792c4b29559ba001871107130549c43a3c78ab4402805eb3d3bcda3489fa124cb5005a9b4967aeb7564543d176ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d779ec227ceb88e54ca0099a793df0c1

SHA1
5d879679e139d7958c6dd866decfffc0ec3897cf

SHA256
575ad87f98ee86f9c1f6f30cd25620145ea7680150784e93f488619edff91d38

SHA512
16149d216ae9108df5020a410cc9d6e3357fdd20f21e25046ca606c64867a81f55479a255bf9cc90639dfefb18f4d2fe61ceb4c3efd9a775e85136045520ee17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee3191772e50711424589363c9b2928e

SHA1
a5f4a9b68c91a7442fbbf6524914962ed6772421

SHA256
ae52a84b141df38d388770c4a307a9640931dc41b1dda3363497ff5a12101b00

SHA512
569f24aeeeca6c6bc4389c4727657ede9e74f43c72b71e4b140794616853bacad5bf1b7130b2295d12d1815ec47973587d7203192b07049cde1aa212f1ab714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39fa4fc300fcd57000e40df0e19f1894

SHA1
1b77b1b5557060b561943b98add197de7ce1fc28

SHA256
b5038d754096469b9ff641d7a8d38bc358c908dfc16ec2103ba732b4611079e3

SHA512
9e68c3a6d2388b0882fa740d9ef1f517dd81145703df4110a43b24821c1cc7710a735b6c2d1ad1d36c5accbb8e43a2f3040e460b728722e2c24e3f7b19d7d6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa1d07634ad3f0f8031947baec22c7ad

SHA1
a16eb39bd66112a17e6bff7a6470f3653eec8917

SHA256
bb1295f8b9830fc2336847cc656b77168e4bdf394253d4b753a37dd81b77b791

SHA512
ac92db32518da362c2822ffccb247dee3338052ba6c1efa82a06e2675616f53f968f342d8c492266c2898310916c04ebf59d325dfaa2ec94c2717f3fa6b0dd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a35597b99700cb0a3829d9d68931badb

SHA1
f7e95bdaf3e13e8c4720f59dd6be0e7bda7a092c

SHA256
37aa470eb247ccd0acdf54b02c20013b01db2c6eff1782491e1c963243f6382a

SHA512
6ee6878861f5bd254bff743f0957e145018b08fd15f7ee2c93089322376cd4a43fbc9e834e714abad0ba3eced7468ddb07c1a2dc31c3a94f5e864efcd22f3c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ead69951dae235f9bd7023751f8a96f2

SHA1
1632d30e4cd3c3007caecfb5f62884e50796909f

SHA256
7cd1e93cfd01bb3ea90645ded88587f404cc39145e6bec007753d67441961feb

SHA512
a72e4b8b034fa6599fd2362302cde764d1696a6bbb28ec42139818f04e962751cdddd60349f7748c6741a5b23a9e40f3b8a3609ad89cfe4370bf1ba09b6359a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
168ae07eaeefe3bf7d80e3c764c6877c

SHA1
cf524abe90b7ceade9f6f343d84f040b89e2a9cf

SHA256
c3350479a5d2e387f8f5bbc3c516b1a67865616e8a682ffbf976fa05f207cf49

SHA512
d4b44150ba790fc2f1efaa261872f85fb9b31c32146203eeacd1b6aca802ad3191c0cf0c2ab31bb285dccc4a0d23641c3a6551516fc2aa9eae8b0b7807fced11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
262d4b0a8638af17ac75162a36d655f6

SHA1
11b882288ad468ad847aabf1c64504a7f5483e10

SHA256
706771081c8aa3601025a684b5c39b97c61d300ca619749e6df68999ed325c69

SHA512
05adc1da9a45e1921edde81dc6c67cb229867327799b43e24093696635d5d5e47347f3a7ea00f1de40182b6e8c24d54f57515d92131a3b5db002a571be4dbc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5f8ce678571385044e1a03688ea98b9

SHA1
6e988149cb70b5574579519e9685f0c6becf568a

SHA256
356d35348255d45a460ea51ca950f0a14675a864ad1e0654cf5225431352bc3a

SHA512
c7480846fa53c2d2de4855f87a721f8eb37950a0ef9fbb7d6d00498d83b5b662dd8e9b5474d7796aa79a8feb14c59ad4368d5e388a115b8872734739da3131a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af60e01c5f55a228ddc2f4f27daff691

SHA1
c614459867312a3f3dd22fbf4bab6ed51f1436a3

SHA256
5990557834aaf43bd0b09853170b526c97a626ab7901c37b4d84fe1d379f87f6

SHA512
70063213fa71257d3380a64a79b83300148460374c59bf0352fd1dfa3cc67edd719d3c031009517272d1fdacc003e7cb9c3a6a9354d8eba9fbfc0332902f951b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e44d2074cf1ca77fbd1e01428771d208

SHA1
d05f0d5ffa1c732817de7ddf20749f7a1fd49007

SHA256
97e58e18932fc60371e1a999291a604cc4c34a41f3b403021220cec09175ba40

SHA512
cec27286122674e08dd646922d2e36f72bb924819786b8e1c917dad7d0e90665c5b24d1d3b5b6c30426dcf92d54b073c7e9429418f0f91c6e820c2b406f6753c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f4e5e384bd44924a25d30482433629d5

SHA1
4ed73594f4203a86f25874df8f0c2b6894081cc0

SHA256
ad11fd18210a041d085f7b6f096b8b322032b35e689b109d8b626b4735dc27da

SHA512
9b34709157caf5a1bd562059a32aebceeef4215202e1e26f9b0611626a88b7a27c6766b08816b5601cef8ff50f1ef9074540f4b8754c579a26302b5b13144b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
84dd87c381a7a3ce125f0a978d911058

SHA1
6a3edb7b70f25c91df661b63c2dc5b79509266b0

SHA256
be4686fa079c84ece88733def7f6d20c119ab999fe8b0a5ce7d071d60c64b89e

SHA512
63f6cf63eb1afb608942a53e904698e21d7f41b48c070abbbe2e42c5ae83c6534806a2bfd7502522356e1787a4809cb97766986dd75a3852d4179fb2e17faee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40642\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_asyncio.pyd

Filesize
69KB

MD5
90a38a8271379a371a2a4c580e9cd97d

SHA1
3fde48214fd606114d7df72921cf66ef84bc04c5

SHA256
3b46fa8f966288ead65465468c8e300b9179f5d7b39aa25d7231ff3702ca7887

SHA512
3bde0b274f959d201f7820e3c01896c24e4909348c0bc748ade68610a13a4d1e980c50dab33466469cdd19eb90915b45593faab6c3609ae3f616951089de1fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_bz2.pyd

Filesize
83KB

MD5
30f396f8411274f15ac85b14b7b3cd3d

SHA1
d3921f39e193d89aa93c2677cbfb47bc1ede949c

SHA256
cb15d6cc7268d3a0bd17d9d9cec330a7c1768b1c911553045c73bc6920de987f

SHA512
7d997ef18e2cbc5bca20a4730129f69a6d19abdda0261b06ad28ad8a2bddcdecb12e126df9969539216f4f51467c0fe954e4776d842e7b373fe93a8246a5ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_cffi_backend.cp312-win_amd64.pyd

Filesize
175KB

MD5
fcb71ce882f99ec085d5875e1228bdc1

SHA1
763d9afa909c15fea8e016d321f32856ec722094

SHA256
86f136553ba301c70e7bada8416b77eb4a07f76ccb02f7d73c2999a38fa5fa5b

SHA512
4a0e98ab450453fd930edc04f0f30976abb9214b693db4b6742d784247fb062c57fafafb51eb04b7b4230039ab3b07d2ffd3454d6e261811f34749f2e35f04d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_ctypes.pyd

Filesize
122KB

MD5
5377ab365c86bbcdd998580a79be28b4

SHA1
b0a6342df76c4da5b1e28a036025e274be322b35

SHA256
6c5f31bef3fdbff31beac0b1a477be880dda61346d859cf34ca93b9291594d93

SHA512
56f28d431093b9f08606d09b84a392de7ba390e66b7def469b84a21bfc648b2de3839b2eee4fb846bbf8bb6ba505f9d720ccb6bb1a723e78e8e8b59ab940ac26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_decimal.pyd

Filesize
251KB

MD5
7ae94f5a66986cbc1a2b3c65a8d617f3

SHA1
28abefb1df38514b9ffe562f82f8c77129ca3f7d

SHA256
da8bb3d54bbba20d8fa6c2fd0a4389aec80ab6bd490b0abef5bd65097cbc0da4

SHA512
fbb599270066c43b5d3a4e965fb2203b085686479af157cd0bb0d29ed73248b6f6371c5158799f6d58b1f1199b82c01abe418e609ea98c71c37bb40f3226d8c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_hashlib.pyd

Filesize
64KB

MD5
a25bc2b21b555293554d7f611eaa75ea

SHA1
a0dfd4fcfae5b94d4471357f60569b0c18b30c17

SHA256
43acecdc00dd5f9a19b48ff251106c63c975c732b9a2a7b91714642f76be074d

SHA512
b39767c2757c65500fc4f4289cb3825333d43cb659e3b95af4347bd2a277a7f25d18359cedbdde9a020c7ab57b736548c739909867ce9de1dbd3f638f4737dc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_lzma.pyd

Filesize
156KB

MD5
9e94fac072a14ca9ed3f20292169e5b2

SHA1
1eeac19715ea32a65641d82a380b9fa624e3cf0d

SHA256
a46189c5bd0302029847fed934f481835cb8d06470ea3d6b97ada7d325218a9f

SHA512
b7b3d0f737dd3b88794f75a8a6614c6fb6b1a64398c6330a52a2680caf7e558038470f6f3fc024ce691f6f51a852c05f7f431ac2687f4525683ff09132a0decb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_multiprocessing.pyd

Filesize
34KB

MD5
41ee16713672e1bfc4543e6ae7588d72

SHA1
5ff680727935169e7bcb3991404c68fe6b2e4209

SHA256
2feb0bf9658634fe8405f17c4573feb1c300e9345d7965738bedeb871a939e6b

SHA512
cb407996a42bdf8bc47ce3f4c4485e27a4c862bf543410060e9f65d63bfba4c5a854a1f0601e9d8933c549e5459cb74ca27f3126c8cdbde0bdd2e803390ab942

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_overlapped.pyd

Filesize
54KB

MD5
737f46e8dac553427a823c5f0556961c

SHA1
30796737caec891a5707b71cf0ad1072469dd9de

SHA256
2187281a097025c03991cd8eb2c9ca416278b898bd640a8732421b91ada607e8

SHA512
f0f4b9045d5328335dc5d779f7ef5ce322eaa8126ec14a84be73edd47efb165f59903bff95eb0661eba291b4bb71474dd0b0686edc132f2fba305c47bb3d019f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_queue.pyd

Filesize
31KB

MD5
e1c6ff3c48d1ca755fb8a2ba700243b2

SHA1
2f2d4c0f429b8a7144d65b179beab2d760396bfb

SHA256
0a6acfd24dfbaa777460c6d003f71af473d5415607807973a382512f77d075fa

SHA512
55bfd1a848f2a70a7a55626fb84086689f867a79f09726c825522d8530f4e83708eb7caa7f7869155d3ae48f3b6aa583b556f3971a2f3412626ae76680e83ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_socket.pyd

Filesize
81KB

MD5
69801d1a0809c52db984602ca2653541

SHA1
0f6e77086f049a7c12880829de051dcbe3d66764

SHA256
67aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3

SHA512
5fce77dd567c046feb5a13baf55fdd8112798818d852dfecc752dac87680ce0b89edfbfbdab32404cf471b70453a33f33488d3104cd82f4e0b94290e83eae7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_ssl.pyd

Filesize
174KB

MD5
90f080c53a2b7e23a5efd5fd3806f352

SHA1
e3b339533bc906688b4d885bdc29626fbb9df2fe

SHA256
fa5e6fe9545f83704f78316e27446a0026fbebb9c0c3c63faed73a12d89784d4

SHA512
4b9b8899052c1e34675985088d39fe7c95bfd1bbce6fd5cbac8b1e61eda2fbb253eef21f8a5362ea624e8b1696f1e46c366835025aabcb7aa66c1e6709aab58a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_tkinter.pyd

Filesize
64KB

MD5
911d7552870c5d1ffa646326ab760d38

SHA1
c6d90ef0540f16e0c0112801ff57325d676d2946

SHA256
f91d38d865378a120f76596c90e79f6ba57fcf3c39dedb99098e597d9b577256

SHA512
44fbba9cfe5ae64b440751145c7497588c19cc038838c9e046a328682f100d7f45bd9c914fb8e1d462cf105628767ed308bbc19cdbcc5b0afe74621bccc81d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\_wmi.pyd

Filesize
36KB

MD5
827615eee937880862e2f26548b91e83

SHA1
186346b816a9de1ba69e51042faf36f47d768b6c

SHA256
73b7ee3156ef63d6eb7df9900ef3d200a276df61a70d08bd96f5906c39a3ac32

SHA512
45114caf2b4a7678e6b1e64d84b118fb3437232b4c0add345ddb6fbda87cebd7b5adad11899bdcd95ddfe83fdc3944a93674ca3d1b5f643a2963fbe709e44fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\background.png

Filesize
2.5MB

MD5
5b2ee33d8e552172cb66ae53ef916e9e

SHA1
9a7e90dc24286ee4cd6ff540df575a15f8e9541d

SHA256
ff758021f504196628afd00ccaa0d80c71870aa7627b424b2df6ae3741aba3c2

SHA512
2f80f1ad80fce2624da3e53fe6bbc204f852aadabdc5c3b47ddf3833208df012ab06a3af588e481bd1b31dc27d7a01b3bec1620a97afed090044825f3238d77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\base_library.zip

Filesize
1.3MB

MD5
fe165df1db950b64688a2e617b4aca88

SHA1
71cae64d1edd9931ef75e8ef28e812e518b14dde

SHA256
071241ac0fd6e733147a71625de5ead3d7702e73f8d1cbebf3d772cbdce0be35

SHA512
e492a6278676ef944363149a503c7fade9d229bddce7afa919f5e72138f49557619b0bdba68f523fffe7fbca2ccfd5e3269355febaf01f4830c1a4cc67d2e513

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\icon.ico

Filesize
422KB

MD5
aba2c1dd1520a6821a4a87891866dbb2

SHA1
614757578bf70aa604a9b11c7cc9073e67c87f39

SHA256
3647f7077ef41d050da4e14e0f68338a160c5662eee1729f57a968653b782259

SHA512
982beb8ae655a13a2c80fcb034ef27e866a7f77660f3b701183d8f4083386f2a840610acd9d817f006202fbc055ab8020285643e7f4b6972210e71006f1b506c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\pyexpat.pyd

Filesize
197KB

MD5
8c1f876831395d146e3bcadcea2486dd

SHA1
82cbfb59f0581a0554d6a5061e1f82e6b46a3473

SHA256
d32d7722d6ed2b2780c039d63af044554c0ba9cf6e6efef28ebc79cb443d2da0

SHA512
73067bb8dcc44cd52551a48400bd8e721268dd44f9884ebb603452ece9c7bd276d40b7cbca4f10223f27b8ccdcd1d2ec298a1c767a691859aea10056c108a730

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\python3.dll

Filesize
66KB

MD5
5eace36402143b0205635818363d8e57

SHA1
ae7b03251a0bac083dec3b1802b5ca9c10132b4c

SHA256
25a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2

SHA512
7cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\select.pyd

Filesize
30KB

MD5
7c14c7bc02e47d5c8158383cb7e14124

SHA1
5ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3

SHA256
00bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5

SHA512
af70cbdd882b923013cb47545633b1147ce45c547b8202d7555043cfa77c1deee8a51a2bc5f93db4e3b9cbf7818f625ca8e3b367bffc534e26d35f475351a77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

Filesize
1KB

MD5
4ce7501f6608f6ce4011d627979e1ae4

SHA1
78363672264d9cd3f72d5c1d3665e1657b1a5071

SHA256
37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b

SHA512
a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\tcl86t.dll

Filesize
1.7MB

MD5
1ddd4633814e91eb748c84647c526d19

SHA1
c3c2561fd5f971e6487eafff151b2cb00f2eb1e3

SHA256
1026c8c8eaaf3744f3ad8e80b4baa366e88aa0a048c0823838e39acef86ce964

SHA512
2c9e64ca4edcd2ec0292b558f40feaa2da875deafd85945aac77e49d0b71e2280e020396f719fecca52afa66454d7a55aa9712113e8fcbbe30202c956bf7f552

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\tk86t.dll

Filesize
1.5MB

MD5
4a740c514fb3b3dfb3d9d20fb57872c5

SHA1
11bea1a884fa01146190c6cae45fdc5f27fc8adc

SHA256
59e2a8784bdbd35b4bf8e688690e2672b6b5d652cc063ba19661eff2715b8e13

SHA512
fe2d1dcae5fca2901ca1bffecb0b6fa189a55d8fcc007ec1db379d40a5f47a87d08ee2e3e5f7fbf18d7d609d738c6d31a5a291cd08577d750ab2cc8c54f6491d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\unicodedata.pyd

Filesize
1.1MB

MD5
a8ed52a66731e78b89d3c6c6889c485d

SHA1
781e5275695ace4a5c3ad4f2874b5e375b521638

SHA256
bf669344d1b1c607d10304be47d2a2fb572e043109181e2c5c1038485af0c3d7

SHA512
1c131911f120a4287ebf596c52de047309e3be6d99bc18555bd309a27e057cc895a018376aa134df1dc13569f47c97c1a6e8872acedfa06930bbf2b175af9017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49122\zlib1.dll

Filesize
143KB

MD5
c04a1ec01ca28803bb5cd7230bd40e86

SHA1
35f18aca58e6749029a65e598780cd41efcd5b3b

SHA256
acfa5dbb606aada439fa2bca317d023725cbbd5b5f111fbd61a488d449966845

SHA512
756545e218ca384da40f973d38510486a3889e8b7c4e0c304c91158e89ebc7aeca66f9e0ef54027700cd311d27b1f23b2f5eb07089f8da649950e43a555e1cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\_tcl_data\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\typeguard-4.3.0.dist-info\LICENSE

Filesize
1KB

MD5
f0e423eea5c91e7aa21bdb70184b3e53

SHA1
a51ccdcb7a9d8c2116d1dfc16f11b3c8a5830f67

SHA256
6163f7987dfb38d6bc320ce2b70b2f02b862bc41126516d552ef1cd43247e758

SHA512
8be742880e6e8495c7ec4c9ecc8f076a9fc9d64fc84b3aebbc8d2d10dc62ac2c5053f33b716212dcb76c886a9c51619f262c460fc4b39a335ce1ae2c9a8769a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\typeguard-4.3.0.dist-info\METADATA

Filesize
3KB

MD5
b6daac02f66ac8403e9061881322babe

SHA1
9a94672ccfea06156a5f8a321cd0626cfd233ae8

SHA256
cf675c1c0a744f08580855390de87cc77d676b312582e8d4cfdb5bb8fd298d21

SHA512
9c6b7326c90396aa9e962c2731a1085edb672b5696f95f552d13350843c09a246e0bbf0ec484862dff434fa5a86de4c0b7c963958ade35a066b9d2384076dd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\typeguard-4.3.0.dist-info\RECORD

Filesize
2KB

MD5
d680b2881597974acd91750e5ab61010

SHA1
e00ed2416b5ce21641e3946905504d62d536972f

SHA256
48a51959582478352275428ceecd78ef77d79ac9dae796e39a2eaf2540282552

SHA512
112172acb515b0712ac58d78898eb159580ada3dd3f16aabb37cb7a8d964f9e4badf2869a245927b83b208d56904831c0f04ed925c95dfcb705801734fb0c7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\typeguard-4.3.0.dist-info\entry_points.txt

Filesize
48B

MD5
aeab5bcf8bf89a51c97c4cdf70578848

SHA1
2e9c1617560ab66431aab90700db901985293485

SHA256
aa9ecd43568bb624a0310aa8ea05a57c6a72d08217ce830999e4132e9cea1594

SHA512
2be73e99296df26a28835f91dd8bc50eb104af06a3c54666175faf322e0ad4620453db0388531c4113b052a92c1d2e4c3088e25af43cde42aa852cf7b0cb5b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\typeguard-4.3.0.dist-info\top_level.txt

Filesize
10B

MD5
004a2a8ce1ab120a63902a27d76bd964

SHA1
a4e367ab40410598dadd1fc5f680ed7a176beb09

SHA256
e33dbc021b83a1dc114bf73527f97c1f9d6de50bb07d3b1eb24633971a7a82bb

SHA512
0d8ff9a43897ab390ab41afe5bac8bd38a68c2bef88e844e5b49bf70e3164b226975cc2717ae3dc3428d1cfbb0be068c243f104915fee1ffa58c23fbe76fdb89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Filesize
1KB

MD5
7ffb0db04527cfe380e4f2726bd05ebf

SHA1
5b39c45a91a556e5f1599604f1799e4027fa0e60

SHA256
30c23618679108f3e8ea1d2a658c7ca417bdfc891c98ef1a89fa4ff0c9828654

SHA512
205f284f3a7e8e696c70ed7b856ee98c1671c68893f0952eec40915a383bc452b99899bdc401f9fe161a1bf9b6e2cea3bcd90615eee9173301657a2ce4bafe14

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

Filesize
2KB

MD5
ebea27da14e3f453119dc72d84343e8c

SHA1
7ceb6dbe498b69abf4087637c6f500742ff7e2b4

SHA256
59bac22b00a59d3e5608a56b8cf8efc43831a36b72792ee4389c9cd4669c7841

SHA512
a41593939b9325d40cb67fd3f41cd1c9e9978f162487fb469094c41440b5f48016b9a66be2e6e4a0406d6eedb25ce4f5a860ba1e3dc924b81f63ceee3ae31117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

Filesize
4KB

MD5
44d352c4997560c7bfb82d9360f5985a

SHA1
be58c7b8ab32790384e4e4f20865c4a88414b67a

SHA256
783e654742611af88cd9f00bf01a431a219db536556e63ff981c7bd673070ac9

SHA512
281b1d939a560e6a08d0606e5e8ce15f086b4b45738ab41ed6b5821968dc8d764cd6b25db6ba562a07018c271abf17a6bc5a380fad05696adf1d11ee2c5749c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57722\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

Filesize
104B

MD5
6180e17c30bae5b30db371793fce0085

SHA1
e3a12c421562a77d90a13d8539a3a0f4d3228359

SHA256
ad363505b90f1e1906326e10dc5d29233241cd6da4331a06d68ae27dfbc6740d

SHA512
69eae7b1e181d7ba1d3e2864d31e1320625a375e76d3b2fbf8856b3b6515936ace3138d4d442cabde7576fcfbcbb0deed054d90b95cfa1c99829db12a9031e26

Download Submit
C:\Users\Admin\Desktop\encrypted_files.json

Filesize
442B

MD5
3b9af555a020deb3ed7fd6ca64970bab

SHA1
a64e27e7a0bf77b3b322cf415eb6fe528112698c

SHA256
ec69631543beb00d6cbfedf18689665050ba1988c2104232cacfbff8f82c0b26

SHA512
c860645798b60e05066d3d553d2600b34b1ba0cbc23ea754cfa033f213430df53772d4afd811a35d9537dbce7f362aa786a94769ae5f5580a74d76d35035e6fc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 722154.crdownload

Filesize
20.8MB

MD5
ff16eb34c6115d174418473d9da63661

SHA1
34f42afee218236f72dfee6c16430e1baa319a34

SHA256
19abb732f8f9c1748694368e89c334d68dd64a7728a8e313f8321d70d79dced6

SHA512
e547aef38dd9fa4a3f53439e802c349935086147b340730ffa45204694572855d8fbf99f98a795e94e0e2e3267055a1d5c1607e36151e7975e57671e041bf3ac

Download Submit
\??\pipe\crashpad_2052_SCLVGCYBIRAEGPTY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4316-1304-0x00007FFAF9C70000-0x00007FFAF9C9A000-memory.dmp

Filesize
168KB

Download
memory/4316-1236-0x00007FFAF9C70000-0x00007FFAF9C9A000-memory.dmp

Filesize
168KB

Download
memory/4668-3418-0x00007FFAF9570000-0x00007FFAF959A000-memory.dmp

Filesize
168KB

Download
memory/4668-3394-0x00007FFAF9570000-0x00007FFAF959A000-memory.dmp

Filesize
168KB

Download
memory/6116-5508-0x00007FFB02520000-0x00007FFB0254A000-memory.dmp

Filesize
168KB

Download
memory/6116-5522-0x00007FFB02520000-0x00007FFB0254A000-memory.dmp

Filesize
168KB

Download