f7ed3b2a9ceffa0001302bafd62a728b3462e251371be232df66a6881bae872a

Analysis

max time kernel
156s
max time network
210s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RenameThisThisIsTheRAT.exe
Size

77.5MB
MD5

f327e91dd3f1507f075d435231c84f5e
SHA1

4b4726e2819170b08915de3beabf6704a7a04d96
SHA256

f7ed3b2a9ceffa0001302bafd62a728b3462e251371be232df66a6881bae872a
SHA512

4f177cc19a2055277324a85446125343ff0f20790b5448001dc762c20c09629006c0a41e6c3b3407d12b55db7feba547aab3c1e6fe07c9968e91ee02d3ae99b7
SSDEEP

1572864:H1lVW950hSk8IpG7V+VPhqFxE7LlhpBB8iYweyJulZUdgP7Xip5+vMTzqvCZH1O3:H1bWySkB05awFeLpnNpur71vMXRrO3

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2824	python-3.13.0-amd64.exe
1616	python-3.13.0-amd64.exe

Loads dropped DLL 9 IoCs

pid	Process
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2188	RenameThisThisIsTheRAT.exe
2824	python-3.13.0-amd64.exe
1616	python-3.13.0-amd64.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b43-1320.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.13.0-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.13.0-amd64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D3BB5E1-9F4A-11EF-AA6E-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
1656	iexplore.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1656	iexplore.exe
1656	iexplore.exe
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2188	3012	RenameThisThisIsTheRAT.exe	31
PID 3012 wrote to memory of 2188	3012	RenameThisThisIsTheRAT.exe	31
PID 3012 wrote to memory of 2188	3012	RenameThisThisIsTheRAT.exe	31
PID 1656 wrote to memory of 2616	1656	iexplore.exe	37
PID 1656 wrote to memory of 2616	1656	iexplore.exe	37
PID 1656 wrote to memory of 2616	1656	iexplore.exe	37
PID 1656 wrote to memory of 2616	1656	iexplore.exe	37
PID 1288 wrote to memory of 340	1288	chrome.exe	39
PID 1288 wrote to memory of 340	1288	chrome.exe	39
PID 1288 wrote to memory of 340	1288	chrome.exe	39
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3056	1288	chrome.exe	41
PID 1288 wrote to memory of 3048	1288	chrome.exe	42
PID 1288 wrote to memory of 3048	1288	chrome.exe	42
PID 1288 wrote to memory of 3048	1288	chrome.exe	42
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43
PID 1288 wrote to memory of 2480	1288	chrome.exe	43

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\RenameThisThisIsTheRAT.exe
"C:\Users\Admin\AppData\Local\Temp\RenameThisThisIsTheRAT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\RenameThisThisIsTheRAT.exe
  "C:\Users\Admin\AppData\Local\Temp\RenameThisThisIsTheRAT.exe"
  2⤵
  - Loads dropped DLL
  PID:2188

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1516

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef54b9758,0x7fef54b9768,0x7fef54b9778
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:2
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3020 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3732 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3532 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2740 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2524 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2108 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4144 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4276 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Users\Admin\Downloads\python-3.13.0-amd64.exe
  "C:\Users\Admin\Downloads\python-3.13.0-amd64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2824
- - C:\Windows\Temp\{4439255E-1547-49A6-B65B-86DB9E370112}\.cr\python-3.13.0-amd64.exe
    "C:\Windows\Temp\{4439255E-1547-49A6-B65B-86DB9E370112}\.cr\python-3.13.0-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.13.0-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1236,i,6610727288379004401,8760179168002415907,131072 /prefetch:8
  2⤵
  PID:1548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c30b9bc83cb47489e8884dd28b4cbf43

SHA1
301a72047401531911f49f9aa562ca4d407a5b4a

SHA256
3922e814a7fc527dec57328ac0881bc7983604e7283e61af2c53c6fe673462a4

SHA512
ac8cc5a584cb558ba48ccdb6bef2619e040195792308ed7862d7e7c2876165152cc88d7fdd3c4198cb1d6ef3642253d55c3d1b4395038b841c07b54b406f1342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
28dec8c486e30d6c47f87ad7512583c0

SHA1
1843e819e365bd924c36e78cb28fe0977db10b41

SHA256
0963c44b14563b55353afa190b3041e2f71f2b740782c2504568ffd52457289d

SHA512
13a479c9e28de88c9906b8e1cdedbbe499addf54f608eb7db167590c2b591bb47873e4610d18481780688918778d565d130c02d52b5896034b8c9d1c1a76eb61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d8323d625d6402a021be8a15774abfc9

SHA1
8d41ab2fe24b98191871b4123c536e4a191b65dc

SHA256
c7215e6a4f03d282bbe4ce5d07149d8ade07e6449aaf3a99d825ceeb470a31c9

SHA512
4889bb0c15714b584b7e0b9473c931f38b007a1cbfb8c1123ccbc0b97f592e66a4b830f403073176098eb07424a26fd07092f23ef0d5ac43e4c9464397a4f76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
850b93a9c4022e175c0f82c201b625e9

SHA1
c4eda1b08844283ff87a0944a9daa52dcb7965b6

SHA256
6d8ff225e254ef6af2588511b84fcbb43f8ca9b7d37189288e8cae4c0dcc1eaa

SHA512
ae5a6094d6b2b9d48294a034e5fec861271ea7e0d7aa0c446cbfbfeb3d6fead54675d4a2fc2efe2608b21305ae53398b8e8576f3d8ad63b64b4e39c179caa300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
34ea0d415a35f7edc76becc086e4ac71

SHA1
0ce1d92274081cb77c3e2971368e730bb9bcd746

SHA256
21f5090a05b169f2f9a30a210298c710f84b9e90aeab2563b97a9e016a75be1d

SHA512
8d70ab6f7473513a135e2bd19ca52634f0dd2917898f1e1524554303be6494908fdc4726da597ea6560b7252d4f7d24660b077a8f3dcfc2e001e85116a4c26a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
165558b2ac0f97032cad1af5d401a9fb

SHA1
38cd367d7d1716fb309f2c83f09f83d9f046587c

SHA256
5cdf9742e418a6a9d0813a02d25c5f96b9cbf0ec79097af61b7bd3e81069ee7e

SHA512
4aab972c840c8ab372d3fdf3ebd1943078006ad9a691db73a7b0d316e7bf3e85a18685fdf8935ec6925f64e154c58346496822d547f44bf29c0512197b72561e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c02e3cce1579a78e9e9e04919c5da70b

SHA1
b30fcfb131227131a9e566c0ea93bb7e1cbf9598

SHA256
2a28726db9e93743a88008de1918870a7032bac3a78932e0dfea8f97d893d668

SHA512
0ea63f32c90c8dfc518b4c00f420402c6dcc7ece1ae3d665e6920599f13273a0a89941f485884eeb7d18f07211c9930f973aa1c8eb7ad35be319dc6571313b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
82c4bfc3d803486ddd112db46aaf5618

SHA1
94704c749187a8f7601a016f63e79f1cfee29d9d

SHA256
0e4c273b91fd9781b74645b4f2da9b64b12b5872bd4a047ae38f10059813d2b9

SHA512
b331e8263eab8c8750c456944b4cd00146eb8231e44395fb28f1827fd7bd3407cf7de52bc3a985d1f2c72ea5041e2201b610a76772f737003dc850ee54b3baf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fca03ee6-ff9b-4fe5-9996-216a776b2907.tmp

Filesize
6KB

MD5
2b523b5342e128a43c61c2d5987188f7

SHA1
28ac953a96369e668fe6c07a2fcde22fcb083170

SHA256
d984f28a6ebbc17eaeb75305c6e333786694d827ab8ea28ad34d1120192f340f

SHA512
e505da7970a89c0e99c6e9c5b0a60f61483330943770b701b3924a3bc12e1718bf2af99b56a5ceb0eec798ba2aa43fe3784b2a2869231d6ea351ff795b6a4c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
ca0f722d519b54eaaad78925c6526bad

SHA1
6b58fe92021c9492f55dc9f4d680aaad52a88a0e

SHA256
5ce01048e90289fbd57ac590366072e0759a41c5c56f074b4dc0d7ad34a59f31

SHA512
80e44f098305c9b9c03eca880ab7c0fc4721e0bd25ab99041bca3f95f2153547fae4eb47e8f3f5952bd32c9934991d6ed964ac903bc2e6d37322d1609ce3a922

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC6E9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC71B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30122\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\Downloads\python-3.13.0-amd64.exe

Filesize
26.9MB

MD5
f5e5d48ba86586d4bef67bcb3790d339

SHA1
118838d3bc5d1a13ce71d8d83de52427b1562124

SHA256
78156ad0cf0ec4123bfb5333b40f078596ebf15f2d062a10144863680afbdefc

SHA512
ffaef212d55e3bdd87e79cbfacebc0612ffc1c8c4b495585392746202dce6332383199f0206113ee95ebb4a76d718d0700e1aed9ad518d43b7569a44f0a39427

Download Submit
C:\Windows\Temp\{1FF49E7F-20C3-4AA8-9B73-6D793299DD03}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
6db0f54fcd05a16297d8c0e9dc41e857

SHA1
eeff0f5aec46fa161a5303840886e53a04cd9f50

SHA256
08c4431d2e029d91db307a53943d381e4823bb53e4014c388c3d88ded9d2e233

SHA512
ff5ce9aea8da0ae286ae1a93f5023cedacd90f7a66d1d8ed89adc8dd4ca376b67eb3498f9a5608e048a76be01aedc1b77f3206f200665db6728e1bb61f9672f2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
1399d7007bdb835f28cf2c155145a227

SHA1
847c72cb49da382fe0061c623ce64a333a38b88f

SHA256
f889a4e805b2b052755f188d8942a79f3eb1867ebe077064ff8707d873c33347

SHA512
25b17a4239267321865e79003f4e5ad5003f13384cdd0fabe2b70dc8b270d46e8162d0d727d27a213346026aa9442f07fbe05c414c137385c6b843792198e63f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\api-ms-win-core-localization-l1-2-0.dll

Filesize
19KB

MD5
b4db20a9c352fd3d926717ed6c63ba88

SHA1
d470d0c8cc3b270fd99068e27aa892e42137f91b

SHA256
761d51cf2f2aac43421eecc637dc43ba092516f2b342f6d017007dc607576365

SHA512
2df3099d1f4fce06b096c70aa4c8c115f0a12a8d624b9575f292fc3597b30fd635fd8c0a44c21c3c4556bf6cc78e7b904edd42ec7bc5863ea62fa2f2cf75bd4a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
a2603e5dadb91017b83954470bc64694

SHA1
a91ea3aec86f79ebbc465dffb2115d360103e174

SHA256
b1195855a4b9125ed3482ebd45316d6105325d1ec9e3b1ce9fa084b52a00bdd4

SHA512
f7fc366e03f7208c3b0af7f19d824c8b945bf8d451389ef349ef5bcc5e0d735ecf96fd76cc23a329d7ba6d0eca7d84b909999e8774f8ea0f96a0dbd1deac3e68

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
c26c5bdc48584116f822d9be4cfd4fc7

SHA1
e64d49d0d77167b4c42e16c8eba59b96b7ea1236

SHA256
a9e03df5efce9b78f958f89613b8f55e59597f6430e1f40ceb9c4130d68d183c

SHA512
7b66ad09370144fe2be39920bf7f4b3ab57be28ab50ef0bc8020ac58616b98a0a9cfb0f70e2b5b79c5d7cf4a04c0b758f9026fdf6752d0ac64b54fb5cff73d9a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI30122\ucrtbase.dll

Filesize
1.1MB

MD5
79fe69af4009290dcd5298612e5551f7

SHA1
c7d770a434381ed593b32be5705202271590bc39

SHA256
dff01a7bfad83d7f8456fef597e845b2d099291c8bf22b27584486d948d971f5

SHA512
6a9a582b32076c7e7fdef3ea78775067133ff1f68a1eed5ec89fb66582c1fb51f077124bab915bde6f2afe245ab2fb127fd0ea231bd020ca8ca2d614f525cf8f

Download Submit
\Windows\Temp\{1FF49E7F-20C3-4AA8-9B73-6D793299DD03}\.ba\PythonBA.dll

Filesize
675KB

MD5
9751bbeaa1ccffa70003201b43f727c3

SHA1
8a6cedbe54a955ef25477c961679ae7482481b2c

SHA256
b76b8a4ff515ee27ba9da62e64a39b3140fcb35a83d42c5126442c9b4c5d5f59

SHA512
b9f0474e311635aa13b4c7d234101e2f08206a6853c825bc8772b977427ce7ce33e45b998cf051d5b70148b511c81d8c630b4757c662d0519ffe42bd18f906ad

Download Submit
\Windows\Temp\{4439255E-1547-49A6-B65B-86DB9E370112}\.cr\python-3.13.0-amd64.exe

Filesize
859KB

MD5
a9b28dd6caf9f5cef0271e9230fd63a7

SHA1
1b83a794bf2f657ac17da5443970f59c255a6bd5

SHA256
e28657d542725e31c0683557b2125b7f031b17cdd36177dbf030871cba83e10d

SHA512
4ce57206031fa0e43f14a389f3aac2256002631126020829ff429768faa1c729c0e97b2b90e9934e593ea212cbb370c79587eac165c623680b38784f64a6b931

Download Submit
memory/2188-1322-0x000007FEF55D0000-0x000007FEF5C95000-memory.dmp

Filesize
6.8MB

Download