hxxps://github[.]com/onejeuu/stalcraft-legacy-lang/releases/download/v1[.]0[.]2/stalcraft-legacy-lang[.]exe

Analysis

max time kernel
136s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14/10/2024, 14:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/onejeuu/stalcraft-legacy-lang/releases/download/v1.0.2/stalcraft-legacy-lang.exe

Score

8^/10

discovery pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3956	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe

Loads dropped DLL 18 IoCs

pid	Process
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe
2724	stalcraft-legacy-lang.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0009000000023c7e-122.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733897872199989"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe
2704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 4892	3084	chrome.exe	84
PID 3084 wrote to memory of 4892	3084	chrome.exe	84
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 4640	3084	chrome.exe	85
PID 3084 wrote to memory of 2336	3084	chrome.exe	86
PID 3084 wrote to memory of 2336	3084	chrome.exe	86
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87
PID 3084 wrote to memory of 3488	3084	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/onejeuu/stalcraft-legacy-lang/releases/download/v1.0.2/stalcraft-legacy-lang.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff95c0fcc40,0x7ff95c0fcc4c,0x7ff95c0fcc58
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4908,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5056,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:3616
- C:\Users\Admin\Downloads\stalcraft-legacy-lang.exe
  "C:\Users\Admin\Downloads\stalcraft-legacy-lang.exe"
  2⤵
  - Executes dropped EXE
  PID:3956
- - C:\Users\Admin\Downloads\stalcraft-legacy-lang.exe
    "C:\Users\Admin\Downloads\stalcraft-legacy-lang.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c chcp 65001 > NUL
      4⤵
      PID:2404
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5212,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=728 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4380,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3308,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5596,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5864,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,8344108129474836094,4604629277271362129,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2704

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ea47cf04ddc4c6694e0027a2acf15c48

SHA1
f30929efe8ca9ed0dca714377067c70cc851dd4d

SHA256
4660e54d87374fa558958d562f9ef02f0266c35d350ebfa15e67d26e28b49e29

SHA512
1a95f2fe27382032d75f4783a991adb5464f51e0b554f5205448375dc5ef372ee94d90eed14a6ba1cc7ec979123a3f46e0964dac6b48bf3e5197f5767b7ee793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
534b20ddb03c6a38575c6039780209b7

SHA1
f2ea8e71655ee2ce199d0dbb6c619ffc245c3794

SHA256
8337acb0b21dfd18f31c2c39e99821882e9041f473e3d5353a9891424173a429

SHA512
cadab0ac0553244fd28950922341cd748d5fe8ee46491ecf4580cd009a6bfdb1fd463b1b274f8b4252826eef76cb834bedac3b63c26cb1bd7f6e2842bc108240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8eccbede21556e2ea7444f6cf5e0022e

SHA1
dd7ed052d22e297b56cc13b44ca111e122b42a88

SHA256
1be5c77c74438c6bfb95a0cc5aa23aff46b0a3726aee4404e6f2ea4e07fe2a77

SHA512
b70ffe0fd5b8768ecadeee1e6c70e58932f03024adffa620b3ebe8b6fd03a5b1c0bc95941b54cc4e41da51a499ae4ce02ab94c685f7e5d0ceea441fbe18ed8c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b6c41a60a9fa774e1eb05fa21b22108d

SHA1
1c8a80c25598df24ee83758369d456726b81febd

SHA256
03113f9c290a94b465959bd0fc4d050671ee8a4a12db139198cac73999dc8b8c

SHA512
d8559df16a3faa8e8ec108802a13460aa066533667e05b20e1a65f974cf85bffcff84523a169af868ec04fe9dcd2f8d01f5c2e28672840ebcc134b13997bdaff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
7afd665cd5c408130df2dd0ac8998d97

SHA1
31647fedd7206b3a6e2f85e9ff9eaf2023f04265

SHA256
4d13f3ea9e369a7d8c1d526f63b89a71a513c9cd6716f1b270a93e749a535bef

SHA512
c2393dc150e2cd9ef4c08d6f77a9fc18a05639502e3e1616a65a4f62266de101ade8ce3609d8b542995f8a6e23250d8f0c53bd1d6a9e848e329215f0c5458832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ccfbd70813d7094cccf3ed76422b4136

SHA1
eb604d992d4df2ac310ae0371eb78656785e0206

SHA256
4d2f14408a08022d0ffaeb90c5f073d471ce4d8ef0af46801788b6b16a14581f

SHA512
055e4a72c3850bb3260ac49c5c8b33d5717dc63f08994ec0246fd12516f046d6fffd7a4648f92178069344e75e8c5a4dd6ee096a0a9038b08c36de3b565efae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d6c5325c2f3f1e36848f8a55df7f603a

SHA1
5b0389bed38a88416de388ce05477d64421134d2

SHA256
7d2df5f2b26142fd0049a861bb5e4ff305cea2d3e6d2269e84857703a17ffcc1

SHA512
cccb682ea803e3b1c7e8cdb42c1883ea9ac9cd84e3a892d153a19f48d3b99f681641ea86a030a6b74e6cd342dd94c0bf0106a5b53a7d9d5c9ebc12476a7adebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
633d9b98904d2dda747e678580384719

SHA1
3dcca33f4fee1f2b2a3b00dea3f0c5071c4f9884

SHA256
31db5c45f26793b922a2d752e70d14e391a3a3f393cb8ee1a3c77474d344912b

SHA512
e88fd9a2c2bd18c16641c27f496fd2eba4922705c4b839ed24aa22728fe9cd14d449044807e98b2483a05746d612b8082cee47532f38e9d3c99021e87f575daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1965dd58c7af4d24297e1b6db361a76

SHA1
7cc804208d7813ad0ffa7000a7c503d3239a1f2d

SHA256
a21f20d71ac2881924b8fa2e67502bc3b1707a713c2e5e0a06d8ca02decbd475

SHA512
40617e1de28641579f427a65cb32b117b63e986179ad1ed792ee1091d231f9e3bc7d4268884812da6fc149a7c145bc7c98ede40ab79a97f261f95c5449602c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
193ea411c2c855d58d8856169c4e86da

SHA1
1c191da6a79294df04a9b34bf47199486a57150f

SHA256
05b721fd2837d3dcaa781b4ea6c6cf3a46a02a516c99e48ce8aecb079be81d0f

SHA512
47960b828b0dc87b3b1c3e3ee6ad7e5ddd26d338049774f6a6f9b2529fc314038ac5a19a5a80d1bc8e79fa69c858db70fa6622f7745573f6ad6191dcf4f670fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
239a84e31dbde3db4c8bf650bc6686ce

SHA1
fb489734974367a669f2fcd8a169155ae96678a0

SHA256
97dfa140eaf51fb9e2eb13d6831a9bae4bb663774aba8b900313e9a772b96ace

SHA512
b494a4617dc3c9d42414e2e7c037a4391358fd90bc3eba92a3e3983c0ed7db67ea0cecd8735fd5c7ed687a03f174f18292873eb33bcda93d70dd89efe3fd984f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de689250b4e75b45da049cd693a34434

SHA1
f1265f69e8fa110f60232c85dc6e3098d870a7df

SHA256
8cea0c5c021f8d61f3d16ef32e2120cde133c7a292e0d36352536969b0d51e44

SHA512
69fead370a655074a1dfd31ea14bfdc17a0873d275d6f2aefe57efb43f729c90ad27f90aaebaf3a6d479ca6a9fc11ed9e6ecc866bacc29be74ef7d4b4407d29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e50a55a90826900ea74911ff02bfcf0b

SHA1
a97239c6cfd30462d821b9f09c1d5189193424e6

SHA256
8639e65e61ae23f5108386a99f73ff32933c47896be7268f3a8f43e2874d8faf

SHA512
e9d37dfb643ba5fd53409b0ddd59521338b5fe7ee7c2a9e565e9444ecad85209d1a00a7f87ae44a4a18dae647e1ac5c8ac2a7b5527fd5b464bfe1c699c24064b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5f714a147495502c203bd973692a4bcf

SHA1
d67c621cb123d62c8fd0129ea8f99616146abd91

SHA256
04ad659aca6698d4329d18d2183250f3bf46690982ebbe8b039eca80332cf783

SHA512
2a3f29503cb3071d1197217527e8091e68d3aba59cd3cc754051066025a5701aa64f349d8cfc174f396b21bf3f59d47d5cd237b8c933450f1e9bfbbf46071e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
66f64f015714550c59885048965d0b95

SHA1
b6e9db91a75c4e2ca3381a13832009a694aacf08

SHA256
c83510d73dd2caafed91f84ff7fe526a347e9ca413bbb571b73bd0b259d843c3

SHA512
d16d417c9546effa0557a2e8b59ee78f6da177b7c2ee4470bf43f5ce6f0e02c0a21670fba5af1fa8b6489440f691d4043ab46ab7327a21b9e70c3cdcb4c8f6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
178e742fd90065b7b779348079421c8c

SHA1
52d7afe26f24eca0ffcff23881ea7a03a94860c4

SHA256
e89ab41fe0d281cd548f7e1dc8894804a583cc7d7bf19fa74e3e147e06aecb9f

SHA512
52f15ef9dc9c9af0848860649276283b9059cbf9cc8087c4bb884ad5b0ee7b8bf7e76da260a4e97ddc82827fa62f8879cca1fed2e08a0cb9638f897fb9fde778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1504485c1c83f98ab375384456872fd1

SHA1
b04da56f3ac672fd1dcce7aeb4d7313c2addb06b

SHA256
813ce79537e314bf22d0e08e74928031261f13df83fedd7d321ddef5321f9ed6

SHA512
30da50101bae2403e8001d0dfde80b6a4e147987c0426146144026741b60b4a85af95ebe848466e46ef5da45707dc91d609bfc78ae9302682393355c02c8d98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\_ctypes.pyd

Filesize
121KB

MD5
565d011ce1cee4d48e722c7421300090

SHA1
9dc300e04e5e0075de4c0205be2e8aae2064ae19

SHA256
c148292328f0aab7863af82f54f613961e7cb95b7215f7a81cafaf45bd4c42b7

SHA512
5af370884b5f82903fd93b566791a22e5b0cded7f743e6524880ea0c41ee73037b71df0be9f07d3224c733b076bec3be756e7e77f9e7ed5c2dd9505f35b0e4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-console-l1-1-0.dll

Filesize
10KB

MD5
6746e9cbc897101fd8ca22e42490614f

SHA1
3d732b58411eb6f4ad624bc9c7c5243315466ed3

SHA256
81310fd7aaf3a8a280e6efddecd5a682c871fc6f5595a3ba131c9e60b58c80e1

SHA512
2d9e059c9f924030d119e42de65e7488dfb87459d732391c674448e63e3a10b75b0886e0eedfdcab86dbb14c987cf6d1a0d276a9bc7571fcb0cfd8ff0c9157d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-datetime-l1-1-0.dll

Filesize
10KB

MD5
50ccec6aa3033c421ec34a17625bdc08

SHA1
abce26f3702e8f3d833f2e35adc8bc42d95354d6

SHA256
0d9125cc84892ef961f33f316139e027095e325d540a98d5cd8099633d31b368

SHA512
633ca161419f6dd990750a6f674a7cc8436b43c1c5ee02699bb0935ee030434f76a773dfe8f1c9b01e15c507ba8f1de4768a1829c239a34bfedee2b5226fbaf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-debug-l1-1-0.dll

Filesize
10KB

MD5
ae0f85a63ada456eeaf94b846fe8bd26

SHA1
621625b9913b257eb8fa39aa0637adb6737394fe

SHA256
305ce445fa2e3bbd9aca3f1a31ca8c805daec293cc79bcd20b39ea5ae5b9989d

SHA512
059d8de197387c761f2ea0066892e47722fc56fd274e4eff181e1192223d0c6ba8230b4d5f656cfec426dbd715c0e0acbef91681c462b2be6928f56ea7aaa267

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
10KB

MD5
4fc7b688f541c78df18402f7e3256929

SHA1
b431cecc0dd87ef4b4d3154b3ed6ff3b5c2eb0cd

SHA256
6e6c39c29890949d9857190c608ba8e4a195b8dc656d8616322e27a9d268fa49

SHA512
3d082b60af05566b9bc0135dbc5b9a9ccd9ba0aac07522a63ef15739f83b5b43f0c432274b15c29e00d4cd18e85d6c1673f7bfd872f57319c7b490db3ed69fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-file-l1-1-0.dll

Filesize
13KB

MD5
ca2c182a0d46f7f614cbb61d3e9555c5

SHA1
04713c5ff488e17c151bfca1c540c495783c6e4a

SHA256
34b41b7160bf5fe3d46b95f51399de8666c5ab32b064e7d57d7771fd51aa0ce2

SHA512
7b1a994b8681921d308e8ebb62f47e705807c4eaeb7b6b25517b633b4bb324865a0987d4f4f3e8c166973ad5c8d8dce8ec83aafe20de8194c0ad8a64565b703f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
4e7b40f3c457212792ed796d5ceb7c0f

SHA1
dedb78bbcc0ae5e5ab1cb15eec15e4f3300bc32e

SHA256
11f046a0bd6ea6bbae9355e7b3f6ca42adae2a5c7f41f30fcb497baec80d69ad

SHA512
3f8fd4171d48cf8f9a37fad1b42d79bb9b8cf8c08d0e594aebc6425c1b5d981db542a4a57bf71d5fd936641755c1c8548bc77ead99aff142da0da10e03b1c135

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
80ab22c6d0250257b61b217822aa5d7c

SHA1
e659198c8045d918384e276783507d77ce297cd6

SHA256
d56b63aefedc21372a5d75918032e98f3e4c564733d4838a5b442351e32a300b

SHA512
94e61803a318fde919ba18a20cbdfae1250a844c2266311bc99cfcbb22757bd43b5279567f24bae32192dc0b9fbb0b20d10db3b3f19014708af7e8f89a1c96a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-handle-l1-1-0.dll

Filesize
10KB

MD5
71cdf92988835da9a691482a6f06174f

SHA1
16f12bb281540a0de6c95120fc51dd0a068e28dd

SHA256
797f05fb447cdba1078acb66cb7bde7c908f0efba0bc3fd4a54b4daebffaf84b

SHA512
1987fbf26559e59894de2289792577b857f320809ab1720e799933528a8d082240556f63d2f4c16907b45f6da10a7e04dac8bb953f036f0ebe822c7d13b1bb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-heap-l1-1-0.dll

Filesize
10KB

MD5
e58baf7e437354716be8bff0495f9bfe

SHA1
e873e3d8d422f62cabe7040517e561e31862278c

SHA256
6dee9c5652e2858fbfdd50c5175127108d227b7e90f575b2e6c33f1c8f5a0976

SHA512
2b7f122b48dbc7304118653e371ed99b45b203251a6dca2387311c4c70562121132bf2e00fa8d1b953583f2ca878602c2a1625f3bf3782112fd2619ba1ff25f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
10KB

MD5
cedb4d3397a2c134fec77753f880d025

SHA1
173f8841d20ef214c197eb4bab0a0d1e0cb6bebd

SHA256
433b60ea4523c5733da468703d14ab8dcce42ef5f2417f9cde2fea3d3c3c977c

SHA512
6df040faa43172f14e65d1a2311d5ab66cee250e12596e901a2d7cd8144a3738e8e486545ad760a254ed278f4d35f68e1dcefaf77bf581858b2070768d1bc18d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
11KB

MD5
650ecbe45be7506075f93351bb0389f5

SHA1
4c33717c81500c72d4d7e9963b3c9043b8441a3f

SHA256
406e80902211d987ef0260d9db08821460e0702e90ae47165a727e0ca6b7c325

SHA512
63696d75015f2ed5c04883111aeae7eb594ff9fbc83f9b9399ccfd8186b9a5c52e4656005ef2c540091f82f7687745a209da79d12aa944a1d12b64547c31f342

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-localization-l1-2-0.dll

Filesize
12KB

MD5
7859eb82f99fa849ad33909cdae8d493

SHA1
b56512906e9642a99dcb7eb7373fa8ad5990019e

SHA256
7c7a3c0d04519d1656a50604b1052850e9d937b6c3e973d564a6b2f9495ae05f

SHA512
a6548d6d70e8c22638d0619b4eaafead5289953c013d2e95477fb34316b788cd756217426dd36582b49ba5fd93702c4ec4590cabbe47d79156516fff5fcdb149

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-memory-l1-1-0.dll

Filesize
10KB

MD5
273fdaa82afae0337f7f04ff9936afa3

SHA1
dd0ef3117be0d59ee13051346708b3008b1149c6

SHA256
9becf626ccabbcfc9a7b779026644606ec565b08cc9b85d3af09ab5189e8c6f9

SHA512
b19b2998bb197b741d878f0a25e75abea0f05033f20b17003bf8eed983ca35a90918fc4bb399d6c7150c8be8cb5a428e4f2fe804f1aae5a32f0a363604bc1fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
10KB

MD5
bbee8d15501d1fe036fdac6c032c4380

SHA1
a8be3ab44d754498405ffabd39f77fc829bad3c6

SHA256
c26aae1fe2c56eb26ed1af5bb7cca7cea762e126f4c2e06b6ab39d75a8cb4482

SHA512
9851d4bc159a5b21e281c591c001245ced0455adf2c419977490546cbf452d405a34152a2df645a344aa50f45c2caff383e43a75e062c3478aba713868fbe2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
11KB

MD5
9dd8cc2363db5f39ea3b6fc28dbb5695

SHA1
33c49373c772c0c7ec71983158213569cf572ee2

SHA256
173bbf24f7420db3d1e53e45dd0179b9b152bc6d08f3d46eb9d47a833a46cb0a

SHA512
946d4acde2773332405e1c4c0bf427f0cbde4ee42e72acac7039a482a62dd99f033c526428f42b63a2aca5db1eea0e6b45063d1e2de044ee8201ab829d884523

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
12KB

MD5
b6ef15e2cff6a7de8db778da9e845c55

SHA1
8062e8b2a02f9e0ad346bcc5ed8263fd61f17b4b

SHA256
c1ed94eade0309c4c4f0854f5a972bf76d55393857e45c770e217a996103aa62

SHA512
50a8267aab8819eac91e81bdcad64585b926dad0b41db46677b2214e68e3046bba0a9af33eb86c310e9bb2c8b4a04a12c6a70a772540072c7fc815a293a00c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
10KB

MD5
54d6888e154d8fd2b35c7a7b8dcaa84b

SHA1
883cca38ff0d43ab86b344ec7a490515f594a060

SHA256
9e2744bc1f7fa7015881c5edc7f14b031472ca1a08c57c38325cbf7736890be0

SHA512
0b2f048b2b5f1083d8e65ddb3278a4340eab05e41d9a08b4337f4cdf6b5afe540cda6c3b87462a2de3bb9ff2fc2ab6d95631913c6e1e02335a42812d7ef681dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-profile-l1-1-0.dll

Filesize
9KB

MD5
93ad9b6d88b931d7c1672ae0af2d9dac

SHA1
8aa5583b42555a8706fd05b2211c1b6cd1c51c2b

SHA256
5ef9cd62cf2a2b0cb068126d9c680016c9e1f3b738a284325b9796c86af06594

SHA512
b04d553a719388347409047756db2ecbe58b2f4e08fa5bb4544725c1342c7e795267ab6493fca1a850eecaeb9c7a1779f874ce0367dcefa1ab1cb79b14cd7b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
10KB

MD5
93a2ea4844b8e80c1cff746c295553c7

SHA1
bd29d940b9c70ad7fd3b8645ca6d450c3392830a

SHA256
a50682fdd5a5ae9ceb02c7b9caffdce10e3b38178ebe3e74b6323627fc6d3a89

SHA512
0b95784543bf554d375c84721103f5a84aecc22d6d712df9713d6bd247258e5d6349a2ba9d92c7543d1303c91cfaf99d6d4f609b717db3bcd35f393a10d57d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-string-l1-1-0.dll

Filesize
10KB

MD5
8e1b04d0e6ff7a3fc381f7306d6cf243

SHA1
a0a2794da5bfd59e7a7db03dd21aba9f10613623

SHA256
b4c44d1ee830c37ae96b90b0a119b4e137862f45314454a23b81fd3a2399a635

SHA512
1c45e2b37b9b648227b1af4d739e5d4f1979fa8796651a53d01d0a1cb871665115ded270b74e2abd9600a1c6157cfb0999c7958e69d188d9a420599d015bfb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-synch-l1-1-0.dll

Filesize
12KB

MD5
0bd7734587b455b3b0fe4ff1342d38a5

SHA1
dbafbba73d821a395c97281741ed8ecbdfd9711d

SHA256
3f554614aba0bf193d101495b88fb5e3e6abc8e8c1f45dcc8053265fbc6b0a8c

SHA512
24f58e431a3660d94d7b2180dcd218c787f2b7fce4285e933c5191a7397ded002459487552b360dce5b8e61f2b70184a9bbdc6f5afe2767e6876f49f31f14451

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-synch-l1-2-0.dll

Filesize
10KB

MD5
c959ff1b1b733abd45125d6392a4f0fc

SHA1
3ce203f1e864e313ae0025acf776429a7d440150

SHA256
0c764d9856bbedd7ea95e3427790fdb0c3c270c1a97fa3e0d085d77bd684537d

SHA512
b71f6a4130ebb122506ecbd86ea5ddb73ab5bd6c6bac0caab9fff2e908b998a0cf8e45a95af14060186e114701141980192ad506a1365eaaa8364f6e649d0e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
11KB

MD5
6c97c8a4e1231863a6f2638bf44fbe53

SHA1
265e0b59a4ff5b7011d477f9172925b008be728c

SHA256
dad6738302efa9875f8c929c6c375cf15942a2cd6205b42166cde543f59697fd

SHA512
f957695f43212057905e4898c8d77bf82219bd33de3877d337625f5064b794f1dd6d507a7ab167d6b73e6531f9e839bc4148e0c433b396abeb827167448a6f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-timezone-l1-1-0.dll

Filesize
10KB

MD5
9ec9658795a82a6f689dbbf9b14d56a8

SHA1
90498e0259ec68959e0ca9b7dfb6e94f24a192e5

SHA256
e25a1056beef787a1857541714d3ced677bc29257ddb70643a3f332d7081e24b

SHA512
ddab3d638f6b685ecf438870b3b6f1d7dd56319ed4748cbca20d54863970ce1e4e5edac4b7df5b63712fa63b1214f9477360f6f1dc7ec28feb807d3a3eb6457a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-core-util-l1-1-0.dll

Filesize
10KB

MD5
ded095a3ea12e19e8fa06b400f4da71c

SHA1
c0537be41395dc58c2050527a1302bcca385c819

SHA256
fcbc8a6d4fcfda1df56188c7415874ac6e163aa5669da8b4dc5817411c7499b0

SHA512
5e27db0972db7ec821db1000d7293bbad4c9253aeaec37114be767625f32102bdc98476b0e819c2598dbe9f67e54cdb6d67a2046971467febba93e447f62b338

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-conio-l1-1-0.dll

Filesize
11KB

MD5
0b61c5aaf5794c40643856d3f84fd107

SHA1
88cd05a9d2c4ad3f928793e3d5479cf84eea088a

SHA256
8eb4ad287946765485ae35ca7fabb29844293412b01678d7c29d53688db80499

SHA512
78b22375796848e78f39495619dfb5a91da28f95b0a931effa7971265ed95663894ec55a8c2b249a326d9605d053c7c0abdd65f7d9a271fc803ac2fe2695411a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
e813f085bb974077fd1ff02f859c19ff

SHA1
bdca1e7ca980373cfe93e2c07eae4e5f14fa92f8

SHA256
9818a2278ce39e0ecffa9bd2502fed106f9f2c6acaf801fb7d7df80606abc2ab

SHA512
b3b4b0e749dd04e698a26a82e2daa21e91d50896a648310253d69feb33585fd91e9c54698e33e8b9843642c865123e60a1cfaf3f2af46827afd38cd87a1b3e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-environment-l1-1-0.dll

Filesize
10KB

MD5
61d0f3d97c1a7af5314c39c80c838796

SHA1
06f7971574f67f34f61ff1a9a54b60221070d04b

SHA256
0bfca5c3f717d1373e3faf94dd3d010a6976ae2d57cb35a197c5bbac80724b10

SHA512
9651f768c448fbb878b7600cbd80c001b7d7ea7dbec04b4ec50a637939787591a484aafd7ea5c2e0c77447229970b3bf1b6175e552a9f2a1024272895ed04a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
ef655e2df6aa03c6aa11679e1601cbd1

SHA1
435082a01784be95f473095e4f0499f5c8c1e6b1

SHA256
8ec445f97325160b291ca8046c1cba997067e42e4095f724bda9b43ae13bfed7

SHA512
3a1ef8c4bfe553de57d59dc2c2009e65e69a8dca914d8d2396495b888be0859e78508e4000a39a482c7116fadfe1b8d143b9aaa2c97785a0954afd8b8b81a23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
6a32b4a457bc7eb515ed59dba1114897

SHA1
7a69af1660d76285183754c7d1b29d81968d3960

SHA256
da3fcc1283339ddd4504e48a63f75e4f8ac8f30ce48384e7c643b80b372bfcd6

SHA512
7c5968f24940e35eae221f6b17b44aef51f751d685d74e79aa247d5dfd95d8a8d3da3f7ce95a2c15764c5005be05fec22ec7a7c61617444acea353bf7931d19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-locale-l1-1-0.dll

Filesize
10KB

MD5
3089adc12784121cdba1e6b550efd6c9

SHA1
eaa9b3760d7b25590cea4564d5dc81c86442d336

SHA256
25420d595989c800fe5f274aebf32e74f2e670e1d08bc5336ed67de9e1b1d62c

SHA512
62d8c2f07c8670e5135b8f092b533272c87e38191ceefe03c2e6e707fa71997a68b4e00d68020aa2cf3ef6e4de1d6c7a48f1eadcd409bf6c3889f635a1f89696

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-math-l1-1-0.dll

Filesize
19KB

MD5
8b0fe0eb8a838ea1524b9244679136ed

SHA1
a32b845db57f66845e9d5f428a871eecc8900e57

SHA256
8324e803620d6c7a57d644efb951b5b811d258f85195f71404198456d6a20da6

SHA512
a1861b8098855c1833e1e080df325ae1078ebb8918d658c7379f24f982560ab420d858be6c19353a79cbac6a4378bc23e7636f7fb7d517121cd82d924e8dcfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-process-l1-1-0.dll

Filesize
11KB

MD5
1b686ce09c3d5b958b29065520a90c6f

SHA1
dda2b3316f1f2c557b09fe0b8557785dd8be847c

SHA256
201b8ed6e586afb1ae44ca4da8d4a923bcf87889a8dea0c0921f995839ec41c0

SHA512
68dc42abaecd78ce34ee0e130cc74d0932d3bf53994bd45a7f804bf3c3e59cf8125283efe67d7c12e34313401baf8a707ddb20a015fbfb9849b96870047edfe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
14KB

MD5
5a04d702c462ac7b564f5da8bb35a2a0

SHA1
b8ed4c5710fb8c8ed81617c11b71b22cd57d5325

SHA256
0210604c8dd1e9aa8c2458e2734deff9d77897d7dfce42bc0f28ad62d265bd9b

SHA512
9986cb05ca1203c086e7d4f0c4a30c6c7394d6fc4ae3908b25867f387bf61a393b054c3a9e13ba9a0d103c5b1d4be874b81dc314be611457b3bd69113d91bd3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
41ba9068fd432758ae08d80470cff8c8

SHA1
9de3cff0d99e3baef7ff1f45187c414c5a803a9f

SHA256
3c4f7104e8257b64b4a856c06dee4ab12e35a5bdfe361b2fc4a04a564454010b

SHA512
1d50207493b3f3a3834ef09e4f78bb03d82f2760106842e7cb57742741a1182917f3e975244543e0cef63c16ebad147e3e8b16e18d14c63dc3c906670cee7545

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-string-l1-1-0.dll

Filesize
16KB

MD5
30a6e4b8fe2d9b2df594e809cbbac128

SHA1
f30559b281cb679bb406bfe42f1f501a376bca23

SHA256
f8bbf236334c083682cd710632005cb6a5a3b60086d05946827eb8ca45e24b8d

SHA512
337949c3b5a6e13ad3aae93294c5f97b6271f639e3296d4aab8ac546f4417c79c1906f92ab20955ca451d5317ba7fe64eed0c7a79309e337b20516283987c2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-time-l1-1-0.dll

Filesize
12KB

MD5
9e4620c44403dfb42d3badd40ddef313

SHA1
0696df5c3f71aed9763408d2ab8ff8cbfd1d1a41

SHA256
5e2f92250a058802b4a72b93226616f390044c6bfe34a04b5533773806f7072e

SHA512
5b96b4775c5fae03ba0e96d2d0f5d2fb1b4bcb05014a47686b378e11659b53a518bb56acf0d3d076ec73eadb1b639c07a6be969bd68c34f3f3ca77451f160001

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\api-ms-win-crt-utility-l1-1-0.dll

Filesize
10KB

MD5
bd9a3823f7eab3959c358c9a02c07424

SHA1
4c689623c353bffbd28c19a4b69dc85d5791b65e

SHA256
8e32928cab5e81b35b232754a5ccf78cc55d6bc8fe362a90ab6d5eab1fe8f5d9

SHA512
16b9cdf77d83da944b56772ac78dd8af6ef94976d1468b8a32d43419487c5b0f3ff3169fb29fdeada3f64d74b8900e7833728bf332f93809cb4a8c9cf42b7f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\base_library.zip

Filesize
1.4MB

MD5
add95481a8e9d5743eee394036ca4914

SHA1
eab5d38e7fa33ae86452e6609ed8afed21516969

SHA256
396171544049d4554472e78cb41f873f7d8951d7450685f364d4487d09b98ad8

SHA512
161b64229f676d1894954bef08fbc0cacc9a5aff5cbf607918f919aa7065e9b5edbaed7057d0113eec24c688b60e7dcd0aa8610105ab350c6c5c30e0f5e6db1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\pyexpat.pyd

Filesize
194KB

MD5
79561bc9f70383f8ae073802a321adfb

SHA1
5f378f47888e5092598c20c56827419d9f480fa7

SHA256
c7c7564f7f874fb660a46384980a2cf28bc3e245ca83628a197ccf861eab5560

SHA512
476c839f544b730c5b133e2ae08112144cac07b6dfb8332535058f5cbf54ce7ed4a72efb38e6d56007ae755694b05e81e247d0a10210c993376484a057f2217c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\select.pyd

Filesize
29KB

MD5
e4ab524f78a4cf31099b43b35d2faec3

SHA1
a9702669ef49b3a043ca5550383826d075167291

SHA256
bae0974390945520eb99ab32486c6a964691f8f4a028ac408d98fa8fb0db7d90

SHA512
5fccfb3523c87ad5ab2cde4b9c104649c613388bc35b6561517ae573d3324f9191dd53c0f118b9808ba2907440cbc92aecfc77d0512ef81534e970118294cdee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39562\ucrtbase.dll

Filesize
984KB

MD5
6914ef1fad4393589072e06a4630d255

SHA1
028669a97db7c007441ae3330767968544eba3c6

SHA256
81c9b5d54e1b1da192f4a167f7e06439e36c670a99af2f1ef056e0959e85de57

SHA512
b682c749d6f2ed56d69ff4f8520899638fa6f436b2af8241db686ccbc606d23d4e77721222ab7ad863336d5e5aafa1033b94f550198a1a083af5811ce8dec004

Download Submit
C:\Users\Admin\Downloads\stalcraft-legacy-lang.exe

Filesize
10.5MB

MD5
fb8b2bf530a5a278892b073d5dd8e9a4

SHA1
ca0c7f3b821d47505bcad112fc4d38d86890513f

SHA256
e58a4d254c547655d401b454a713b5b5c835e0b9908076ce05218466034a6208

SHA512
8b5ab67edd5b304da1afae7cd1aeab9f93c987c98da169dba2e7e8bf36a0c65f688c945787f01932f7c0bbb254e41a9e17edd62153847e84c250dd5d5d275488

Download Submit