8f98b9295b615636382d42add12e1fee1bb951c4d40f59c42d50f65e7f7ecf38

Resubmissions

09-11-2024 11:13

241109-nbgyeasmfy 10

09-11-2024 11:00

241109-m35ywatapk 10

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Legends Forever - Game.exe
Size

103.6MB
MD5

5365793f1d0480f951074892e81cd92a
SHA1

8bf692d90306e5f8ef734596384e7d2289b803f6
SHA256

8f98b9295b615636382d42add12e1fee1bb951c4d40f59c42d50f65e7f7ecf38
SHA512

c12febabf3eba6661475c2d173782f9681cda6d73ce633080ca0e506991246f2176301ad12769d92e5cd1467774cb7da82681245ea6eacd77570a1486bdc7293
SSDEEP

3145728:gnGir7rS6xjKcBanL2qHO5iVAunGQbRe0zJcBx7Z2:P0nSWNaBHCin1XcBu

Score

9^/10

discovery evasion execution persistence

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	Legends Forever - Game.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Legends Forever - Game.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	Legends Forever.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	Legends Forever.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
380	powershell.exe
6020	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
348	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
4848	Legends Forever.exe
5748	Legends Forever.exe

Loads dropped DLL 64 IoCs

pid	Process
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eazy = "C:\\Users\\Admin\\legendinc\\Legends Forever.exe"	Legends Forever - Game.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
18	discord.com
19	discord.com
85	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
116	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756245070257238"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
4660	Legends Forever - Game.exe
380	powershell.exe
380	powershell.exe
5748	Legends Forever.exe
5748	Legends Forever.exe
5748	Legends Forever.exe
5748	Legends Forever.exe
6020	powershell.exe
6020	powershell.exe
6312	powershell.exe
6312	powershell.exe
6896	chrome.exe
6896	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5748	Legends Forever.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4660	Legends Forever - Game.exe
Token: SeDebugPrivilege	380	powershell.exe
Token: SeDebugPrivilege	116	taskkill.exe
Token: SeDebugPrivilege	5748	Legends Forever.exe
Token: SeDebugPrivilege	6020	powershell.exe
Token: SeDebugPrivilege	6312	powershell.exe
Token: SeIncreaseQuotaPrivilege	6312	powershell.exe
Token: SeSecurityPrivilege	6312	powershell.exe
Token: SeTakeOwnershipPrivilege	6312	powershell.exe
Token: SeLoadDriverPrivilege	6312	powershell.exe
Token: SeSystemProfilePrivilege	6312	powershell.exe
Token: SeSystemtimePrivilege	6312	powershell.exe
Token: SeProfSingleProcessPrivilege	6312	powershell.exe
Token: SeIncBasePriorityPrivilege	6312	powershell.exe
Token: SeCreatePagefilePrivilege	6312	powershell.exe
Token: SeBackupPrivilege	6312	powershell.exe
Token: SeRestorePrivilege	6312	powershell.exe
Token: SeShutdownPrivilege	6312	powershell.exe
Token: SeDebugPrivilege	6312	powershell.exe
Token: SeSystemEnvironmentPrivilege	6312	powershell.exe
Token: SeRemoteShutdownPrivilege	6312	powershell.exe
Token: SeUndockPrivilege	6312	powershell.exe
Token: SeManageVolumePrivilege	6312	powershell.exe
Token: 33	6312	powershell.exe
Token: 34	6312	powershell.exe
Token: 35	6312	powershell.exe
Token: 36	6312	powershell.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe
Token: SeCreatePagefilePrivilege	6896	chrome.exe
Token: SeShutdownPrivilege	6896	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe
6896	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5748	Legends Forever.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 4660	3976	Legends Forever - Game.exe	86
PID 3976 wrote to memory of 4660	3976	Legends Forever - Game.exe	86
PID 4660 wrote to memory of 380	4660	Legends Forever - Game.exe	95
PID 4660 wrote to memory of 380	4660	Legends Forever - Game.exe	95
PID 4660 wrote to memory of 2068	4660	Legends Forever - Game.exe	97
PID 4660 wrote to memory of 2068	4660	Legends Forever - Game.exe	97
PID 2068 wrote to memory of 348	2068	cmd.exe	99
PID 2068 wrote to memory of 348	2068	cmd.exe	99
PID 2068 wrote to memory of 4848	2068	cmd.exe	100
PID 2068 wrote to memory of 4848	2068	cmd.exe	100
PID 2068 wrote to memory of 116	2068	cmd.exe	103
PID 2068 wrote to memory of 116	2068	cmd.exe	103
PID 4848 wrote to memory of 5748	4848	Legends Forever.exe	104
PID 4848 wrote to memory of 5748	4848	Legends Forever.exe	104
PID 5748 wrote to memory of 6020	5748	Legends Forever.exe	108
PID 5748 wrote to memory of 6020	5748	Legends Forever.exe	108
PID 5748 wrote to memory of 6312	5748	Legends Forever.exe	111
PID 5748 wrote to memory of 6312	5748	Legends Forever.exe	111
PID 6896 wrote to memory of 6988	6896	chrome.exe	121
PID 6896 wrote to memory of 6988	6896	chrome.exe	121
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 1716	6896	chrome.exe	122
PID 6896 wrote to memory of 3976	6896	chrome.exe	123
PID 6896 wrote to memory of 3976	6896	chrome.exe	123
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124
PID 6896 wrote to memory of 1284	6896	chrome.exe	124

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
348	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Legends Forever - Game.exe
"C:\Users\Admin\AppData\Local\Temp\Legends Forever - Game.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Temp\Legends Forever - Game.exe
  "C:\Users\Admin\AppData\Local\Temp\Legends Forever - Game.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\legendinc\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\legendinc\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:348
  - - C:\Users\Admin\legendinc\Legends Forever.exe
      "Legends Forever.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4848
    - - C:\Users\Admin\legendinc\Legends Forever.exe
        
        "Legends Forever.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5748
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\legendinc\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6020
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6312
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "Legends Forever - Game.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:116

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x2b4
1⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb7869cc40,0x7ffb7869cc4c,0x7ffb7869cc58
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:3
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4988,i,4690442816811244548,232970633593704632,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  PID:2244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7a9c32def6acbab546591fe86d602277

SHA1
7fedee07eaee0564483b5a21c757ebe120447aa4

SHA256
751d2ca92e104f6be6ed396aa2c76204cdd89f125be75367274c5b927eebb266

SHA512
f34ef9fa64a139afceda0bf6bd702b709685b4d4c56e54d7ae6d2a25f8269e0cad431001a5e438ca818191f7630670a91e9e6924b24d977fad7e1d9b5b117697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8af6d553-4266-4b81-86f3-65c50cfaa6c6.tmp

Filesize
356B

MD5
4b174d7974479eeef631a3fc78d18398

SHA1
890ac2b64f2b4f6ce22ee3e52c385db95d6fbef8

SHA256
02b043f68ee81771bc06801ef48efff70c6fb3d372a620bc1d089e0238723c5a

SHA512
65c104bcff47ca8d3707d1cda427e8ef2c204e2d14cc06d7a2bcaf7037748c8fe70a5999332dce6bb9d4a329de58cb05033e3420d4bbcab96d7d50dbb76ca796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ca795c8c18de371c5e4976f64f88bcc9

SHA1
2114fbd860c0d6cc74c7c288d17cdd2ea19aefbb

SHA256
4ec7135975aad2ef497f09e506217ce65001f3f64f2a670efaaeee99d4cfe9cb

SHA512
e66864bb6d57c71dd1294259551ad9f309ac274b7e285eef1d5bfd50d1afde61335ca80df14d11ca63afe73cdaadd238c450fdab6f5e63db2f9cdb0e553a1e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
388eb227a6a36ce6d37f1cdd2b9570ef

SHA1
d0272911f5d70750147bc3eb72657dc922bfcd4d

SHA256
dc0e7c890d0ffaeb15b5b49cbaa7cc4fbe83bccb9ddf1985a71087f7fa466d49

SHA512
7a2f9e20bb621fffdd6482819d5ad6ae98bce10fd16706c6fb29449b52e86fcf36ea1caeadf041c99ad184258074b041aab818fbf5b29d5640ce80e59bd81d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df6aefa183fd06e25791ffccaaf17b85

SHA1
e3adc49d19b426105bbac34bc870a77ed78525e0

SHA256
515f254a734e44536acf82d1ab090aa84b5664e76365f58f01e65dc910a173a4

SHA512
54cc023f814814d4999a98967dd3010f7339cccb1698c1720fbe614aa9fb5ade31572dfc38e7b7a2b59fda0847314076a14eb1a9aebcf9d1298ee14ddb8aa7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
907ee9cd5d0c6672b88ee14a2fc90258

SHA1
b901fe801e4c8f19903b021a25b19ed00c58ebca

SHA256
5d47303554b2ede4b262048d251bf050ba0d6b4d9c5b28fdd92e6f4f635c7797

SHA512
eb63b6281331808f0cd82b0dac787fd6cd6d203a6008d3b61880426009ed6c0d42bbf3233edebc18d245f5cc298a61a7cabd6785bdeed665acddbefca66f4321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ffc2e96b30d4e96d93bcbf8874a2d0c

SHA1
f8b30d1f1126970d3e4c4ac9fbd9bdc94a1e58aa

SHA256
d3851ae368e441ffccaceb24cffc0bd6c76ae5d3b28bc91211fe55d8f11b1b74

SHA512
f6b762dfcd9bcf75cd7eb4a90f4542c5afc0a7fbe1702fe4848e69877447ad87e4eb473ec4420187b8f027ae8cace2a5e18550e25fa68f3f18c89aeff59e1a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
62f61e6ab830096c68e00d15383ede79

SHA1
a5726cde39b1450332e2bc607038942ffa683cee

SHA256
8d15779e31170419f363030df06b1e0e52847b1dbb00c07a42493321aafd33f7

SHA512
82768675838200d97d7bc6124a5e71af1b2d9ca12fc4714296b84183a0d83f348e369c68dd740b18e5f11c54485e45d525fd0dafeb4bd99dad1f55f9ea3cd4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bd7bedfa66aa7e713ce86b62cef1b179

SHA1
892c980d122616dee6bbb45b3e40fbd311367360

SHA256
9f1b66fb5b4daa9e7c5fabebebada58a9907fb2825001bc8f64f0d0878314d43

SHA512
3c29c5e9ca3893404f0d96356d7b18b657f2bd4a9e0fa466decdb890037d7e33ffdb9e5f52d9d0421bb3f067de97203676e531e30a11a89ebe26a0854290a5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
94ad0e5d5f4261d4c56d6bb0867bf833

SHA1
b887ce50d6e53dd821a7367df32f2c25fed2d765

SHA256
deac84b91e97518ac5952ed78bc07ab62ef890048b7a7dd382a1819628dd23b7

SHA512
5ddab1d074e0f30a48fc99de927aaceac06e0efa34501853400ba7b15e5cfd5d4362df1e8ecac749f86df149344f560bab0097d902d1bb4571ec3911dc773b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
625bce6256423f5abadc1364d402ab92

SHA1
9006bb51638b2207dbf17d62508cc0e288185bb6

SHA256
579438c336a40cb8434a4677093df53be83daef0cac90d2c0e614ce533f966c4

SHA512
fefd2c8b80bc9d0ae261623fd9530002fad3a0142ad92b0cafec2cd60e732a71cb08ad9f25065067f12d528889af8266cf3148f2ab6c7749ac65b2b2c4cec08e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_bz2.pyd

Filesize
82KB

MD5
fe499b0a9f7f361fa705e7c81e1011fa

SHA1
cc1c98754c6dab53f5831b05b4df6635ad3f856d

SHA256
160b5218c2035cccbaab9dc4ca26d099f433dcb86dbbd96425c933dc796090df

SHA512
60520c5eb5ccc72ae2a4c0f06c8447d9e9922c5f9f1f195757362fc47651adcc1cdbfef193ae4fec7d7c1a47cf1d9756bd820be996ae145f0fbbbfba327c5742

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ctypes.pyd

Filesize
122KB

MD5
302ddf5f83b5887ab9c4b8cc4e40b7a6

SHA1
0aa06af65d072eb835c8d714d0f0733dc2f47e20

SHA256
8250b4c102abd1dba49fc5b52030caa93ca34e00b86cee6547cc0a7f22326807

SHA512
5ddc2488fa192d8b662771c698a63faaf109862c8a4dd0df10fb113aef839d012df58346a87178aff9a1b369f82d8ae7819cef4aad542d8bd3f91327feace596

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\_lzma.pyd

Filesize
154KB

MD5
e3e7e99b3c2ea56065740b69f1a0bc12

SHA1
79fa083d6e75a18e8b1e81f612acb92d35bb2aea

SHA256
b095fa2eac97496b515031fbea5737988b18deee86a11f2784f5a551732ddc0c

SHA512
35cbc30b1ccdc4f5cc9560fc0149373ccd9399eb9297e61d52e6662bb8c56c6a7569d8cfad85aeb057c10558c9352ae086c0467f684fdcf72a137eadf563a909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-console-l1-1-0.dll

Filesize
19KB

MD5
3f073ae44f75a6b84649a18cff48a3c5

SHA1
fdc014680fd32f24d2312248034c4d86d6e7a301

SHA256
a6988c2d3f48b4dd93ff2dcc1794382f486aa70cea0fd5df27a7cfcf3e4c65e4

SHA512
1bd24a0e4724dee7bff38a0df96666d32a0451aad22004a4f0c0bde39615b35abc01732b92ce838cc0b5649f34d8886d4b617f8a53d42fcfe8f7f4df82041758

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-datetime-l1-1-0.dll

Filesize
19KB

MD5
70988568451a794a3e87f305a9a3c075

SHA1
ce792584da83ad882861446a7e02bbeafa1f0aea

SHA256
321301436dcd638315e42571b563666055f9da090f33c4239ac11ce1db4219c3

SHA512
62447dc9000155bddede1752274d9cef1969791d068251a35cb234e9c630b57a4b79f61ef63fc081ad661bf082b1554f4baec13c4319e9c089ceeeb8fbd8f954

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-debug-l1-1-0.dll

Filesize
19KB

MD5
e866b7f3d37b501340481e9578460f99

SHA1
0ef8e9c9829efb47f334c60a606f89b7362954ea

SHA256
c12b1d40b067dbbf3256e813cbd7fcde6ec168656fd2d9a8bb40b1cbec9c27e1

SHA512
8732bfbe80933cd369cfa2b99d3f8a318eefd9382f29921aec95f55a8a7726f9d239681d8b983193a39d490a98a63a73369c2a164ac4e29c2fc632dc5a26d9cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
19KB

MD5
4835b9b0f3f741a4e7b3f2722d89cdc9

SHA1
60f21d7cc445575d95a38c32a74b0555c6ccf47e

SHA256
610baf09cfeced19e4293336308259ef301a80660465a890f6857b73cad6363a

SHA512
805c37613b8aa12d1e4ce26c0b9f1c28e48c379d8e0b840b5c348dd0f9ad2f305a516ace47f5925d7d3b365d5e8ff8af2635e309ca5a81e23707c4c9afd83d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-fibers-l1-1-0.dll

Filesize
19KB

MD5
a5d3cf2af79db43a5be7ae1b5c56d9d1

SHA1
882ee3dab98078b2cb3f254c360212da65163475

SHA256
2dca9a26965b9ef6274400ed3e84ef29acdf41a14f0d9a6b3e8348eda0251bad

SHA512
11309e92202e0ae41aae0532a98009d653152f599df87f9bd7d7db52c7af183ac6b80a4423e9af2f7ee625e358cd987bee708d7ad90d53d832f4fcd932cc8735

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
eab4ec210dca457b40b270017861fc94

SHA1
85661406a49d34cb1f42a317fc412745626f234d

SHA256
7bacdabc1f1218e5a8994574567dee11e3d863391f820e64132727802f064e94

SHA512
cd41a61deba64b03e8361c4fbb8d3117a6c37f720b48aa0f3e3112bc6a7abe8af08b180922168b607bea9c37cf33b9440c71198bc46ab23c4a5c80d773e1e791

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
6db0f54fcd05a16297d8c0e9dc41e857

SHA1
eeff0f5aec46fa161a5303840886e53a04cd9f50

SHA256
08c4431d2e029d91db307a53943d381e4823bb53e4014c388c3d88ded9d2e233

SHA512
ff5ce9aea8da0ae286ae1a93f5023cedacd90f7a66d1d8ed89adc8dd4ca376b67eb3498f9a5608e048a76be01aedc1b77f3206f200665db6728e1bb61f9672f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
1399d7007bdb835f28cf2c155145a227

SHA1
847c72cb49da382fe0061c623ce64a333a38b88f

SHA256
f889a4e805b2b052755f188d8942a79f3eb1867ebe077064ff8707d873c33347

SHA512
25b17a4239267321865e79003f4e5ad5003f13384cdd0fabe2b70dc8b270d46e8162d0d727d27a213346026aa9442f07fbe05c414c137385c6b843792198e63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-handle-l1-1-0.dll

Filesize
19KB

MD5
8bd48feef772e524843367b7470871f5

SHA1
505b611f1688647571241e1a8b31110b8163bb93

SHA256
e22178b39098fab5c1bafe49a03ac8821e22ec2a687b434fb394b294c5379070

SHA512
b28ea4fcac26cbfe981db64625263a734c0cc914bc0e5092f9c290ffb73c5fa0a05b6dbe45309b7fc22bacbaea266760573fdf6b65e99278cd9c0edea7924811

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-heap-l1-1-0.dll

Filesize
19KB

MD5
06a782a597ad48ab07dae8382712f166

SHA1
02cc6cffadbb1bb1266ab9adb8692180602a507a

SHA256
2d81a2e0bf5a6bc256a82e152b408261bd6903aeeabfcdb980634a8c511e23dd

SHA512
8c8533f87c8f94bbcd0ddfcffa462e07683fa08575d11ee9a6d70232afdcffaab75d4a45657c5bf043c340b0f240f3bb9c5bd8dbbeb735b3293cd6e1b385352d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
19KB

MD5
9e9047756bbb3ca71134ada98a092ea9

SHA1
31f6d46439f02cf8566fdda2c3707977aa2d931c

SHA256
c88dcc1629006d9791514231cc9bdce5b749bf985e5299cea3f51f5879a1b893

SHA512
3442c2e78bdd55e2cc9fb19b1b68f838738e2057c37510709e7c59b94e4eb8ef1fd0a273e19d603c8efe053ff0243e8644ca69c1e4e2d2890143ee6948c32159

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
19KB

MD5
7b3251f303b0378ef3b6b763dbabe3c6

SHA1
302a7c1ef8bcabe801ced8299073112b27677c73

SHA256
37a821a5e53841bd86896737527e7e2869f7dcb2edafe5d1c9cffb45e1899f74

SHA512
296684f44528b84866844feec4e89b025a666875895e986a6f0400b8927980227c0d3be25cd8be3d7643aa193ba1811700e1e2b436cd873860e06243949c7b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
b4db20a9c352fd3d926717ed6c63ba88

SHA1
d470d0c8cc3b270fd99068e27aa892e42137f91b

SHA256
761d51cf2f2aac43421eecc637dc43ba092516f2b342f6d017007dc607576365

SHA512
2df3099d1f4fce06b096c70aa4c8c115f0a12a8d624b9575f292fc3597b30fd635fd8c0a44c21c3c4556bf6cc78e7b904edd42ec7bc5863ea62fa2f2cf75bd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-memory-l1-1-0.dll

Filesize
19KB

MD5
05a7a74d471abfa95cd46a9a5ad3f110

SHA1
f4f41653891ef1a88210576dc04eeac0f9ebefe2

SHA256
2ebed908fc26516c1e24d721f0612d99080bfb3d46a884970595ba93343854d4

SHA512
5a89e5949383bf4e7dfb3da7982c28a0381ee5cdde2b57ea4a5804e3d32ab1ca0b70faf6e6229d67a8b7a4c4a69c3ac17792930e2c40d511d58ef3df8275d23a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
19KB

MD5
428ce0c87c71c79ae5dba4f29adb8e6e

SHA1
8722c67710828c785e4a56a017111e2202166b61

SHA256
1e868ab4a90eeee9efe9e9801ab4bcc7553f0fe9f1dd95b83afc3648f4413e38

SHA512
42ddfe69738ff0a7b9493c5eef5eeb41749a52ba1650229d50a14e8ff5c50ce6ba2b1576868eb6c71fc1e8b718f03ac3c33dcce2dac440ad61b9c056b08d7900

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
19KB

MD5
0c13ac7317af4a827a3d4a6eed600148

SHA1
82c92e30f4c556d9091e4b2b0504a7a4bc35ee05

SHA256
d8051dc4df7fef20a08c1fcbb91590c48a49ed87db346d772bff605d47476ccb

SHA512
3ab4eca85573a295f8d53f49dbcada6631eea59c36610f6df615392a0ccb2cbcae7e2e69f974a31c612a003da0b5604f46df439544b93489a9c13ec134e3d351

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
19KB

MD5
7232e37e803ecf494015c536fd57c603

SHA1
d61f5786968aabe94a18d043fba27674637542b1

SHA256
dbe4ef3d5b222734a1e928275a157023e0d067a426ffb5e7f51957536b2b58c0

SHA512
a38e4ef78afd652d4690b00838117edbaf3b4fe6b523c1df9b4372f5b40d201745334235673802e84b2c994841c8b2767e5e182dfc1f33a61cc63f0704f7674b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
a2603e5dadb91017b83954470bc64694

SHA1
a91ea3aec86f79ebbc465dffb2115d360103e174

SHA256
b1195855a4b9125ed3482ebd45316d6105325d1ec9e3b1ce9fa084b52a00bdd4

SHA512
f7fc366e03f7208c3b0af7f19d824c8b945bf8d451389ef349ef5bcc5e0d735ecf96fd76cc23a329d7ba6d0eca7d84b909999e8774f8ea0f96a0dbd1deac3e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-profile-l1-1-0.dll

Filesize
19KB

MD5
6629695950e3bc3d97cd9540af67468c

SHA1
70f77abb9d7cbece0512c412124753a424b5c475

SHA256
a8f1559ae80efe93ac045fecf29a0e96f8874f42e2b1deeea2c2b9e73aa55657

SHA512
81dc715d8691ef28ff5ed0290d828d682c43f8699c7fb0670722c9bda55c5819dc691849e22c5ddb1c5dfb04a6396fe0e72b7fe6dde9fd0f50675aa1b5785a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
19KB

MD5
fea0d4a142fbcc56ac5be47bf72c3d17

SHA1
ab432ae2677bbcd94bce7bc938df2c3f15250724

SHA256
fb97fafe954294f79bb48b9046048db499ceebb27261611e6c89a0c6cbecb94b

SHA512
1140c50329fdb84b5cc06d2e1204e8f03d18dd40faf4f9f50be314b9105da09460064955c6736f6908c6c8f4cb27d0023d206cc6f9f84ba8feac6aa249e6d350

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-string-l1-1-0.dll

Filesize
19KB

MD5
c8e912980a83debe347c1f1f37dcff9a

SHA1
3ee9eea6739de5601431a47f9883807baa237afd

SHA256
a7d644822b18fc6f8f625c33ca23418ba3264e43b89f7faf0503931cd283f1c2

SHA512
815a8494c589800bbe9ad0993dbf67e9d184f3b000adf6e7be3300711ee77fcca16774af72b9c3dd0e869e79ae470492acfb741c12ce4eca21a22fc9952dbcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-1-0.dll

Filesize
19KB

MD5
5bf751a16c31704ba3aaf2731ab19c80

SHA1
288ac2bfee0b12bb2331fb2d0d0f362abd7fc4aa

SHA256
62d45523f434af3c28d37fe1a077f2b30785728e62c264c830262c43a5eba4ad

SHA512
c81da8e2c9f9c7d56783bca3f284d93740bd8f147e1edd2868417545d9a8325cdcefe74a15ccff25468166fd476b1381e8ec810a3b05e721d91cd2021d574f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-synch-l1-2-0.dll

Filesize
19KB

MD5
c0a9bd5b4c0faf2cc98904272af7cb66

SHA1
3b8c5382c50d9dd84d4490ddf1491efed7a2070f

SHA256
a87b4b67c7a1ba6e62c87e094c6e9560fd8d8fbb7b49a6fb773dbb7024b422e6

SHA512
b473042e167211ef9d54aa9ace596211c84445886e995664c3b5b1b6bdf8b6b711daf41b3f585d1c22f82905972f6af1129e395b441bf4ac7507469fbc6f97dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
19KB

MD5
69df6d489ccba4ea35b7250cc40a099e

SHA1
1fa3b957fb6ecff7eb670922eaeaf36a4b2073c7

SHA256
566e8f29aca9d964a56ae6505d9d7cb96d3a060f330b9c11c09e0836d050ba45

SHA512
2e067dd51912bba06697f6e7b9586f71310b646feeecdcccaaf04f0d579555f2e28a2db50439fb655de5380738d895ffe3d5d23af95714f5c963208720ae86b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
c26c5bdc48584116f822d9be4cfd4fc7

SHA1
e64d49d0d77167b4c42e16c8eba59b96b7ea1236

SHA256
a9e03df5efce9b78f958f89613b8f55e59597f6430e1f40ceb9c4130d68d183c

SHA512
7b66ad09370144fe2be39920bf7f4b3ab57be28ab50ef0bc8020ac58616b98a0a9cfb0f70e2b5b79c5d7cf4a04c0b758f9026fdf6752d0ac64b54fb5cff73d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-core-util-l1-1-0.dll

Filesize
19KB

MD5
fcfe617e631d46d5faab03f591acd94f

SHA1
f78215eff1dc88bb68df7d2d347f7a2a0b9cba48

SHA256
cbb7adcd9329b31aba1a1d7c32558c1169e6ffcc02511c933821b0e91a2512b4

SHA512
cd1b97dac5eaf96191548f61ce61a7e98cd6f29a2bdaf4c16ca6ba1e70fe1bc7a19f185bf94bb5aeea4296135180867f541e067ef1346c42a662a61901ae3671

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
7a59febf9abcc16c46af14cd2da80cc0

SHA1
dda9d32e8b5844076fd3cececac67c7c9e695ea3

SHA256
908734cec8deef44ca30396161b01f401fdebb49aae19e3b830ec9cbb22a416c

SHA512
2df406fc5e7d78ffa44898084b67d4305b707dd307ea754c80327b945489825024b876b8c106c286028a3c44f62e6812c2c159eb35989c6ebb0661ce885f893e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-convert-l1-1-0.dll

Filesize
23KB

MD5
0d6f427a72874bab49accf6124e392f6

SHA1
d9e62bea69bcc34b690d39cb2b6d4dbb71c9dc6a

SHA256
a6d4391fa7f6f85d4064cce7a77305fdb7d5a9a51ea6fb28d97dabfe2532995f

SHA512
017fa210c194c27189c2e0eac08d8e192a31e2ab83344eefa5d2a1006ae7bd269e2db5630c8b8334c3ada0acf05808943db4f406a9ea3aaca0f4f1c45b3c0abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-environment-l1-1-0.dll

Filesize
19KB

MD5
2fbbc1f408d3b5d98a2d650100867917

SHA1
b92ca703561885e1c9d9b46966c62ee6c7222c8c

SHA256
cda04289db3084c48d6ec267ea73a35c4b07352afcec84b5dad4b05f78da9d84

SHA512
a0ec1e2d8f7115e236ec2af44fa1439952b7fd76c9b5aa87f8d46e3b53f6b3e4809178d536cb230b5def603acc3e97371b1053136be812db4e7029d09716b2b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
9b3f4dece8d85d54bba6d3f767fdae6d

SHA1
24b7db8cd663f573206305e40d6278581972e7b4

SHA256
4ef654a52267db859153eadd7dc8ded94acf74d4e730bf1ab624e98d51f01648

SHA512
bc93b60aee32b5cc8800ea8f66663eaa24289d8d376926488cc41e227780ecd719ff482028ea191d171d90d8ed19c2ce1737235f36a45362a4bb862c9d8be306

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
9b2e866607ae432d9624635165fd5eec

SHA1
14baa922f90620a2f493f5482685f951a822d879

SHA256
5ef60f3832d14b057441f7c6ece2b48de41ed52b8ae14f4032bf59ef7ebbb066

SHA512
00e6eb91166cf87b8ce528de99ea930142fd26579dde7b58fa422f2d35257ab41bce3aaaf2184bd288940ae6ad06aa4148de59c5f003d9ba7c40fff8ce94b3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-locale-l1-1-0.dll

Filesize
19KB

MD5
c1ef81806c1cf82b802068ebf77ec144

SHA1
c16eeb4196b750c0ba0290abb1e705c484d9b353

SHA256
a1d33193fa0a775cad2290929f552369b8211af18390f5ccd97076076c1947ba

SHA512
942e06143d27971edafff96ab708b6664d3823751736e2fe6e0c6dedb960d62837bc072a7fd2bad52949e2af22d1c34995059121d3b8b13787ed434f4e69a51a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
8daeca0468576ed002d8bed9bd289d26

SHA1
d6ea13701cad81ba4246918c19052bbcd2dd7f91

SHA256
33841de83d5f43a6c51917753055f2ad5ef0862f08bec9005b68e6fbe669a4a3

SHA512
3d27f529ecbbe8dc7e4755b1a53f4d4b347a5ae69010853947cd435a476732c79119a66d0542ba2d4ad19a81daad18adcce948db157f8ab5b7822ec2fe9c8022

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-private-l1-1-0.dll

Filesize
71KB

MD5
2f708f9fe69b0850dfb9c56504d02eb1

SHA1
ea0e11a26725ace107c32c021ad6867b205707c3

SHA256
f233b4a93dc52f9c2fb64541f2b3ae0977d520f004bf2d516187322a8c09659d

SHA512
26f359db80757562326e05b8fd71944119bb241e2730772d7fc67640a5b32528b45c52a60ecbd7fd493d78d714229d9101c51899a18678e4f233f38b7ac1f659

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
d5a4d0e916f9cfc223fec367b45c7235

SHA1
5aafe873a3652b54c1b825b36f8e1562b28d2569

SHA256
30c48d36abc84304fae43dc4bd6fcbaf817be6d80b23082f5296710619cc3974

SHA512
342a423075e70185fe10781af95c8ba546c370a683017ef998217a18c4dd20b4c44c0130dff329a299c2b50303892a72878234264a4492f598778ffb069bca82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
23KB

MD5
0d1a896b308b21a201572e78b131ffe1

SHA1
bbb69ad63e80c5d4c0247e5168d82d24c66d9dc8

SHA256
9f5fc20fea2ebdb036d8a77e4c7845a4e70c97c5c78876d63c52407719012ceb

SHA512
a83f9c86fcae049fdb6156eb3a53f5ae2d36cde545c0a03b62ca694f914d247a6acb7ba7e011f97d5b365566e5eaddc1f3efbe53b5b19a5b65a70611f2ad37dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
b2d50c88df63aeff96ea13ac43b5cebf

SHA1
b93e22b32d30d314fac85cc7d09fbac269b552d6

SHA256
51889bae7d1a3ba167678f0c0a2346e4cc8897691b81081af13d6f6eac1d6462

SHA512
e312f430a450e515323aece5ea8619127b320b6dba148aecfc3a35dc414cffa2af4c293d752602c9fbcab24137ce99fcf543ca133397925554c34d8c50e2da0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
1cf956b004efecc61ed721a381918adf

SHA1
972e65c621f3652d72d1f9f1fbe7f7bcba4dcf12

SHA256
9651fe8789c5c94155f504d67f6729c4dad723a32e367e60d06b694d7eabc7b7

SHA512
f00aab4b63a02a5d1acbefd86425fc7e6aba128b19672c56af763d9b10e1e85b2697d15a4a9fd7be911fa875f07ec4a248c9496d8948f57bc1ecf9132c478933

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-time-l1-1-0.dll

Filesize
19KB

MD5
521d735d173ab6c84816c9ab6c24c980

SHA1
d3b0705ecc4260ed4f109e320b17e9a184b62797

SHA256
49bef3d4862dd4664f32e81a60f516080db0dffc86bb78f7c12a7dcef9403f38

SHA512
a8189a5a3b2a2e190978fb110380a30b0e4e51c384f5f44d8263e2b78cdb76183d1a31637aa93cc44f46aa137607900b10539a11fc2c98f67a3dbeb97f81259a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\api-ms-win-crt-utility-l1-1-0.dll

Filesize
19KB

MD5
3023936042052e8897fdd5fc7055662d

SHA1
25f493eef58e6d993e75abfbfad8571f63f9a8e8

SHA256
d1a47555701e50cea3ee5cda5de97fb0df9a774c31dd6729e83c55beb1fd2a56

SHA512
8b8149f3f08a7ed973efb46dd17a3267593a82b8608a74bda4b6c58f6369e5ec9917f523a5e91eea492c5b645e47597a23d3638593ece79bc1faa23c4007a53a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\base_library.zip

Filesize
1.3MB

MD5
bed03063e08a571088685625544ce144

SHA1
56519a1b60314ec43f3af0c5268ecc4647239ba3

SHA256
0d960743dbf746817b61ff7dd1c8c99b4f8c915de26946be56118cd6bedaebdc

SHA512
c136e16db86f94b007db42a9bf485a7c255dcc2843b40337e8f22a67028117f5bd5d48f7c1034d7446bb45ea16e530f1216d22740ddb7fab5b39cc33d4c6d995

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\crypto_clipper.json

Filesize
167B

MD5
6f7984b7fffe835d59f387ec567b62ad

SHA1
8eb4ed9ea86bf696ef77cbe0ffeeee76f0b39ee0

SHA256
519fc78e5abcdba889647540ca681f4bcb75ab57624675fc60d60ab0e8e6b1c5

SHA512
51d11368f704920fa5d993a73e3528037b5416213eed5cf1fbbea2817c7c0694518f08a272ad812166e15fcc5223be1bf766e38d3ee23e2528b58500f4c4932a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\python3.dll

Filesize
66KB

MD5
2e2bb725b92a3d30b1e42cc43275bb7b

SHA1
83af34fb6bbb3e24ff309e3ebc637dd3875592a5

SHA256
d52baca085f88b40f30c855e6c55791e5375c80f60f94057061e77e33f4cad7a

SHA512
e4a500287f7888b1935df40fd0d0f303b82cbcf0d5621592805f3bb507e8ee8de6b51ba2612500838d653566fad18a04f76322c3ab405ce2fdbbefb5ab89069e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\python312.dll

Filesize
6.6MB

MD5
b243d61f4248909bc721674d70a633de

SHA1
1d2fb44b29c4ac3cfd5a7437038a0c541fce82fc

SHA256
93488fa7e631cc0a2bd808b9eee8617280ee9b6ff499ab424a1a1cbf24d77dc7

SHA512
10460c443c7b9a6d7e39ad6e2421b8ca4d8329f1c4a0ff5b71ce73352d2e9438d45f7d59edb13ce30fad3b4f260bd843f4d9b48522d448310d43e0988e075fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI39762\ucrtbase.dll

Filesize
1.1MB

MD5
79fe69af4009290dcd5298612e5551f7

SHA1
c7d770a434381ed593b32be5705202271590bc39

SHA256
dff01a7bfad83d7f8456fef597e845b2d099291c8bf22b27584486d948d971f5

SHA512
6a9a582b32076c7e7fdef3ea78775067133ff1f68a1eed5ec89fb66582c1fb51f077124bab915bde6f2afe245ab2fb127fd0ea231bd020ca8ca2d614f525cf8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48482\attrs-24.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t5me0asy.icx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6896_1047957976\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6896_1047957976\e8b64d28-7152-4e57-b4dc-9d874ef077b2.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
memory/380-1373-0x00007FFB775E3000-0x00007FFB775E5000-memory.dmp

Filesize
8KB

Download
memory/380-1383-0x00000184FD8C0000-0x00000184FD8E2000-memory.dmp

Filesize
136KB

Download
memory/380-1384-0x00007FFB775E0000-0x00007FFB780A1000-memory.dmp

Filesize
10.8MB

Download
memory/380-1388-0x00007FFB775E0000-0x00007FFB780A1000-memory.dmp

Filesize
10.8MB

Download
memory/380-1385-0x00007FFB775E0000-0x00007FFB780A1000-memory.dmp

Filesize
10.8MB

Download
memory/6312-3806-0x000002354D240000-0x000002354D264000-memory.dmp

Filesize
144KB

Download
memory/6312-3805-0x000002354D240000-0x000002354D26A000-memory.dmp

Filesize
168KB

Download