8c59be7685e19816a7108e1e2208b83c937ec10ee101fec15edae229a7e3a0dc

Analysis

max time kernel
150s
max time network
150s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-12-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yt-dlp.exe
Size

18.7MB
MD5

0210cff92fabfa9254366bbe1c2d9604
SHA1

7d84b018c74f778e16e7f1c5831e152f7a794d4f
SHA256

8c59be7685e19816a7108e1e2208b83c937ec10ee101fec15edae229a7e3a0dc
SHA512

d6f07cbff2f20accfdf72ae99c348ad6956804cf5cc6943d0eec4d12f2f2ac1597deeab7e47e99059a642cca4dcacf2e80fb25a59bd316c87da136ed98760174
SSDEEP

393216:zhKRibQrGVBypyrDfDgrc6nMbN/tcjuLIvv7+XI8F:zhPv/e0b0IFZtEuLIvy5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1192	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe
1296	yt-dlp.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1192	832	yt-dlp.exe	84
PID 832 wrote to memory of 1192	832	yt-dlp.exe	84
PID 1192 wrote to memory of 2072	1192	yt-dlp.exe	86
PID 1192 wrote to memory of 2072	1192	yt-dlp.exe	86
PID 1192 wrote to memory of 4980	1192	yt-dlp.exe	87
PID 1192 wrote to memory of 4980	1192	yt-dlp.exe	87
PID 1192 wrote to memory of 3980	1192	yt-dlp.exe	88
PID 1192 wrote to memory of 3980	1192	yt-dlp.exe	88
PID 1032 wrote to memory of 452	1032	cmd.exe	107
PID 1032 wrote to memory of 452	1032	cmd.exe	107
PID 452 wrote to memory of 1296	452	yt-dlp.exe	108
PID 452 wrote to memory of 1296	452	yt-dlp.exe	108
PID 1296 wrote to memory of 552	1296	yt-dlp.exe	109
PID 1296 wrote to memory of 552	1296	yt-dlp.exe	109
PID 1296 wrote to memory of 4032	1296	yt-dlp.exe	110
PID 1296 wrote to memory of 4032	1296	yt-dlp.exe	110
PID 1296 wrote to memory of 984	1296	yt-dlp.exe	111
PID 1296 wrote to memory of 984	1296	yt-dlp.exe	111
PID 1032 wrote to memory of 4824	1032	cmd.exe	112
PID 1032 wrote to memory of 4824	1032	cmd.exe	112
PID 4824 wrote to memory of 4512	4824	yt-dlp.exe	113
PID 4824 wrote to memory of 4512	4824	yt-dlp.exe	113
PID 4512 wrote to memory of 1064	4512	yt-dlp.exe	114
PID 4512 wrote to memory of 1064	4512	yt-dlp.exe	114
PID 4512 wrote to memory of 932	4512	yt-dlp.exe	115
PID 4512 wrote to memory of 932	4512	yt-dlp.exe	115
PID 4512 wrote to memory of 4252	4512	yt-dlp.exe	116
PID 4512 wrote to memory of 4252	4512	yt-dlp.exe	116

C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
"C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
  "C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4388

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
  yt-dlp -F
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
    yt-dlp -F
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1296
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:552
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:984
- C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
  yt-dlp -F https://www.youtube.com/watch?v=GoS2ArQUIIO
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4824
- - C:\Users\Admin\AppData\Local\Temp\yt-dlp.exe
    yt-dlp -F https://www.youtube.com/watch?v=GoS2ArQUIIO
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4512
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:1064
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:932
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI4522\websockets-14.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\_bz2.pyd

Filesize
81KB

MD5
86d1b2a9070cd7d52124126a357ff067

SHA1
18e30446fe51ced706f62c3544a8c8fdc08de503

SHA256
62173a8fadd4bf4dd71ab89ea718754aa31620244372f0c5bbbae102e641a60e

SHA512
7db4b7e0c518a02ae901f4b24e3860122acc67e38e73f98f993fe99eb20bb3aa539db1ed40e63d6021861b54f34a5f5a364907ffd7da182adea68bbdd5c2b535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\_ctypes.pyd

Filesize
120KB

MD5
1635a0c5a72df5ae64072cbb0065aebe

SHA1
c975865208b3369e71e3464bbcc87b65718b2b1f

SHA256
1ea3dd3df393fa9b27bf6595be4ac859064cd8ef9908a12378a6021bba1cb177

SHA512
6e34346ea8a0aacc29ccd480035da66e280830a7f3d220fd2f12d4cfa3e1c03955d58c0b95c2674aea698a36a1b674325d3588483505874c2ce018135320ff99

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\_lzma.pyd

Filesize
154KB

MD5
7447efd8d71e8a1929be0fac722b42dc

SHA1
6080c1b84c2dcbf03dcc2d95306615ff5fce49a6

SHA256
60793c8592193cfbd00fd3e5263be4315d650ba4f9e4fda9c45a10642fd998be

SHA512
c6295d45ed6c4f7534c1a38d47ddc55fea8b9f62bbdc0743e4d22e8ad0484984f8ab077b73e683d0a92d11bf6588a1ae395456cfa57da94bb2a6c4a1b07984de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-console-l1-1-0.dll

Filesize
31KB

MD5
854560ab49893fc0eb1c3d2ade1e11fb

SHA1
5b131b6154d0c56abfb5ead12bbb5e82e3f2ccc8

SHA256
79e4edf3ff63a7b1b279dc6352594f4512e0789a3d5e80cd4a34a68129df4161

SHA512
f641c944d05b849652715d95fea2e4431056d0aaba00d28e7d1502c522e66799d1cf277c3442446d940f6fa1a285bb0f2999085d1dcc660bb730aff37de2bb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-datetime-l1-1-0.dll

Filesize
31KB

MD5
f51a025b8c1a2146847df21cb0b4136a

SHA1
45dc4a50c0c2a9b32ddac679d705e7501d95e8e1

SHA256
9600f43772639ba115fc7f45b1edd775b31bbcb7202fa87c78490383daa7030c

SHA512
3cd225f2ce1b91b7dc4c27e144cc97a36f997c0a0259395eb9ea9f57471fba589855b810b5d5326fdccd5c9e9cf06d889b758e374d389cbdcbd89601b17de545

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-debug-l1-1-0.dll

Filesize
31KB

MD5
e1dfeb517a691fd91247cfbe4349b41d

SHA1
5263d1f6d103ddf18a0590b41ffc582d61f4362b

SHA256
43533c66ae70709723e12bc80f047644d68b0282abc76b4c952461ee8554c8e2

SHA512
f5271bc1b8bd387a46f0ff5103d4c468c0b458d2f1dc0cbace0f7a568ebd0b9c8d0414d961118687ce1a7876e28d82ed531cca95dd1661f208fdfdd4223feadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
31KB

MD5
b7ea2415828ab7e8234ee71cc1274312

SHA1
d053df9b9cc701978d159e48a9f5422a275220c9

SHA256
be358d7f9a80c56125c872d98469d470c962eb89a87fe7c3eeb2813ab691f162

SHA512
af26b547f31080e359002b1a1fa71d76a2bd4771b1c5aa9584d8b0d64911d889a8af8bd46d80fc36a9ad2f5e04881ed0a640c8aab7f0a1d729b5032d84b98664

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-fibers-l1-1-0.dll

Filesize
31KB

MD5
401b34be80c11c38783e1ddb47799779

SHA1
0ad8f38bbbd41ceb5caa6e2b44d308fa4707cf1d

SHA256
772372f20239899fb25d1a72e0210d729a9ac9cce8e036922592405bcdd9d287

SHA512
bc596988318d2877dbe52aaac19470e61f441f61620ec6d72b8025b427d7772afe802bfe1dfb83a29a8a9f1bf79f22812dd4688253037fb1c5d0139381ab92f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-fibers-l1-1-1.dll

Filesize
31KB

MD5
8f12f2b949081422329527de9f752c52

SHA1
e69a417535258f9d7cbb762171d76d218f58f6aa

SHA256
8fcae6d9a2a43faafb9b78d22cce9cd2b4589952a81f713cf26e6dca0c198c6c

SHA512
a985086b592363103b786e57e623945f316b34e10a34d12fa47e385db0c999b8f143fc7d8db19220a1fe2d7e1aa63fbefc4052d95d7311357c6ca234cc360f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-file-l1-1-0.dll

Filesize
35KB

MD5
13b7840bdd7312959fd2f134caf81b04

SHA1
85e9d1981596f8d8f1584f89ff7243b02cb91787

SHA256
57a24b7d585ba98ab0dff395c62525f10f498bf0be4871adc8c805b997d7368a

SHA512
2c9573413d842a0956f914aaeef25280f6afa145b30e79e40b1caaa62b482c26438283afc08bad568d500ac98e009aa85290f0b9db0c226829e9a8d9ca10617b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-file-l1-2-0.dll

Filesize
31KB

MD5
d2f264b9f61bbbea858cca1f1a85fff4

SHA1
98903ea36bc421969360018ee953d5e293c8651e

SHA256
00af59b43e70769d1cb516ff9a83a6e11d27d44889b18b498d10e2e5eb2846fa

SHA512
a5b0056fce6e6b40ea95ff5df451c91864a963db3a97781729c9816ba72c1bea92eb1ac9ad7be33f79fc9299cd10bfc5b074b7bdc0dd049f40019bbedd1b3916

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-file-l2-1-0.dll

Filesize
31KB

MD5
9c4aa976fbba6ee469db69f3268e0ee0

SHA1
fbc510424960d4d6ca8959ab8a79ed7e0106d894

SHA256
b8ee3713b2fac086263084eb76c91906f1773ebe427ed012cc5ac77cfa506bfe

SHA512
d134d8b876507616d7b6d97421014d61d04ad82785cbbf7f9dfb44d1e3361410b4590613a2d7d4f4683533ffaf099b88fdf505f1b8c578fd933394187dd17388

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-handle-l1-1-0.dll

Filesize
31KB

MD5
2f9076385fce7a50d921c2c04ce82357

SHA1
19d86416dfb12b3fd03dbf5dd23acbd7aba39e98

SHA256
0069d044789ae935144ab20afa81947e523f7879e72781c6352060f182f16c22

SHA512
aca0f1cea0737967760d2e1d967cecb8cdda36d6cc729064643cd662313c626cce546210d6f12f653248aa5d6b9991a1bd64d0785257369cecae3de1ae67734e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-heap-l1-1-0.dll

Filesize
31KB

MD5
7893d219f6bda4beafe1937ffc026386

SHA1
6a80b511fef91031f707266dd358afd5d624737d

SHA256
95767fd45416f86b2a16bf50e971f39a9f64a680f6cdf1d6bda9c64e633fff6c

SHA512
24a3617e3b2fc2810d06a92813591e1c5f475c47648971d9d158120d96a9504d5ea3fb24f6ae2a9770a0034efca374fd1f1a8e0c944a32d201cb617bda01b096

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
31KB

MD5
e8745ce7467509e4b59522de48eef43e

SHA1
9a1058a7124d87fd6ea02442c1ba5d68f86a86a6

SHA256
6e65a8482e9867a16f9e6398335139500c6d5e2f56a232fdd33f7f46541488be

SHA512
97f5451494b1969806c010dd552a79556960d9b095cb245da83554a53b004885111cc39a53f0466efdb0e5f1f69b2990d19ce126f529e5f79a0dd0ad2e7ee672

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
31KB

MD5
b4a768285a5f30db0fec2114714d4ce0

SHA1
fd6dfc23c36d09123af87075c5130ba87e2fd81b

SHA256
569618315c6b659bc5fb0799a0a2480371425570e7f195395b5159ba12257efa

SHA512
2b45abcc9edf1a712d9f5c291a992fa198472d679a66eedd211db22836051dae1feb6235ff839f4b7a3365d3b010eb6e7aef369d4d404cf1b9043867923e4347

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
31KB

MD5
3205abc6afc72e7d9d78d6bb736068cb

SHA1
f14c3809e15dc1a39ba4b815d8b2784c3b451464

SHA256
6614e8c94f8d2e48417ee9ec2155dfc2d8dd7bd6b78c89617ace90cb851114d2

SHA512
1c9c61157d745a6948c941371f1c0ce3db32cefea8f9fd5797628d6c461650f765c3edede13f337f04c8317ea256ac06d7520edbe9fbed1f777455b4cf0be909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-localization-l1-2-0.dll

Filesize
31KB

MD5
e1877632019bb32967c40767aff863b6

SHA1
2268935f0c872feed067c3c17c70e5092ce301a1

SHA256
d1ecd2c21df1d7b130ba0f1a1d99fb8866727bffb3862883618a2cf545659df8

SHA512
98e620ce28b776dc6d2b39fa043b1e96555f641263e7254510587dfad9ebfbddef0558756035657ba10c7b800b72a322589725ffccccc4ec5847d20e7a74023f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-memory-l1-1-0.dll

Filesize
31KB

MD5
740dd1cb6ec07df5e43a2cbe3b66dd80

SHA1
e39493fd219c57f50d47119e94aee7c8bbc3863b

SHA256
03a723bcbcc88604015b66c85589afb5fd0a9f0e3f012160dcca5f4ac0762b49

SHA512
620f7743fe187b455c94177be4fe133500f94566e79402f60b0ecc7ad11bf3350e6425839692e0c7c5a4f5159df64c240314f1edb7496bde48b5590e43d0564d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
31KB

MD5
9e4398814ce476f2554dc43edb07ddbb

SHA1
db1c663354d219f9e95e4ca1b604cb77237716cd

SHA256
3c6ecc4e2284b19b8e0e673318ff9cc29f45041b2a0ea2705a8a8048d9276ba0

SHA512
bb7db2ba4dc62b3497f36f2e58ff122665a76ab94affc6ee2e5e491052d8ebf389773cfcfbe262a4d00539efabfa983bb68eeb8d70bd8e14f69093fe882bb81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
31KB

MD5
0055f1424d58a9afe0d3362bc27dc2e3

SHA1
568343a6830cdc9c74f9c0fc4743a35b086c53a5

SHA256
541bac07d88e28ddaef0a0392ef3ebfd513a161d0923a9f361671c54f362d341

SHA512
1d43913d9525d9b8c3c46dbaf57bf26ef251a377b000b4f3df09226f6b529971069d4199b69206c6839925e4d02c5729c046c49a3d77e0e5165b6eddd2aade96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
31KB

MD5
17d9ac28553c5404d110bcdb6fae4d90

SHA1
ea7b17476be37d30ee2d7dcc818161fae3157947

SHA256
e714ffde0c79fafe8067c86bcdf4ebb522af00f741f655b074f46518557ff149

SHA512
447660319ad9cb652c712c9acda67e9378f2d2dc5695a44dc24bc13e6b1359f97c86742fc3ea9649a9c0c9a105800e7f50f5c0d34984692de95ca2d69e3d50ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
31KB

MD5
774de3d2577b4f6e50cc9cbe01069d03

SHA1
8cbd24e84dccb39630fd327744ab98dba22489c9

SHA256
94a70e7cd72242e29e0d0eca78a2474aa1cc5cd529e29dcc62f680a61d47d6a6

SHA512
f89ce01766882082467efc18bd9d236d7f3f56ee09e287d41413ff870a0b81135befd896f3b26fbc6d214be795c0c06611b9b3ba9546fe1802c2c9e1fc5e27ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-profile-l1-1-0.dll

Filesize
31KB

MD5
cf1c69d66b674da34801fa8791ccaa5f

SHA1
eea39a5948f576d319846606e8a23fdbd17d4547

SHA256
9eaa28a9f953e852739b70703ef804f36db33ee0ced4a37322f5db656b1c42b9

SHA512
4dccb8582052c60ecf0d0bb3c70c0fb6963a4f9890dbb319010f10ae0c7d543ebce6d8ce9b05ffde38d1ab2ed37b2008abf2812874724615cc02115b3a861aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
31KB

MD5
0986d5c7a8d89000c279b99843686783

SHA1
c7b5347c0b0a4800cae0e2c37f96900213d60ca0

SHA256
eb8ce6ef361cb823257c9c837d046e7048c2c1fe52a25a12c5fddb0034cf9fce

SHA512
43a1f154aeb3c13d4c8c4c2e182bccd7cae8cb4643b86c480b2c9d9914e38057d13806bc406f38a00686cd0b8be66bff8fb4102ad1f728f079eda998d57dcfb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-string-l1-1-0.dll

Filesize
31KB

MD5
20291e55eb1c1866a3eaf252416df69b

SHA1
aa9d246b2ee7401bcb4746a71404ea0bf483029a

SHA256
634f1e2eec066fe2f74a25f507ca37d1d979b982cf944975d1488e0435b86ad2

SHA512
3406d33b48ca997a895d7a3eb6ef9da8dbdc2b89d517409a9475b80ec95d18e274d4314a164cc306960cbbc848653d79f6e4b13425208e2b790ccca5154236b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-synch-l1-1-0.dll

Filesize
31KB

MD5
bce65facd640d4b35adb187dc1be7180

SHA1
dfa96adc02501f9cc0f88ba16441c47225477e34

SHA256
50c78541fd07bc271b49259bf4d56e8885461371bf0852dd75e99e824bd4e754

SHA512
8bf30c64d708835c246a44f5640805ea60d2577f472f6d0c56ddf66c10a33d8e0488e79b0a53c60befc5c0a583734220bf957fb66dd4d181320d8589d65a576e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-synch-l1-2-0.dll

Filesize
31KB

MD5
447ac6acde90cd2ee991885103e10742

SHA1
e674908b19bdc62ea02f3d53c2a7a5d05990d774

SHA256
359c5d1221cfab34b70d4f55e178ccd93f54a6de3da39c7472d67e7e330e300e

SHA512
59f429b5bc95f67b0192cc70209aa79b2001694778e84241582d9e3a20d065b087428aba52eb4246e13755ce0d56df20ce6fba465cde3f96d05ecbf486162b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
31KB

MD5
abcbe7f6dcceea80952092957f797a80

SHA1
0543160ea20803e535abc83064c86c1aefb19556

SHA256
154b5470e4e265ad29248a571686f6aafccef9a8b2435a8633a70328c10bb371

SHA512
2df2a33c67bdb657f8bd1d4d01c6ffb93a82d998ddf034156dc57db6cd45c72cad6b1e18403c3eef2fec74f6094fb6eb6ff4e2643baa03e122cb9c2f5eebeeec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
31KB

MD5
7368e728c3648ed5a0f2582bd27eb583

SHA1
4a92d740358468502d23bb18b463fc293d388d47

SHA256
6d2a9c5745238eb4fc922652c72542703cfff79a20da2abf18dc4a77618d75d7

SHA512
fc42442a3dee5ebbcc4355c6498bbfef9531cb427662da929ef82a83a7667ca4b4976b0c688fc5d01dabebfbdad028c4d8eb04749dc9a6de83d892a6377f9a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-timezone-l1-1-0.dll

Filesize
31KB

MD5
eb7f8fe591da1e09de7594cc02772003

SHA1
7d2f19eaaea6cfdbc46bc302ed5ed2231cadc837

SHA256
f1061607d0dfe38c2585f22ceb326154c2cb1ac37761df75e186f2d5d11b42b6

SHA512
75b76cfe3899e45f9a0dca67dc099531700cceb06fd9ce209f641af190c4cd6b96af110e8c816e44bd194a8c109a1e85160a94da633c49104a392edb5bfe8e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-core-util-l1-1-0.dll

Filesize
31KB

MD5
d7b9b90357f4a2653abb303bb78668da

SHA1
52d4eab0b938bb977ee8bf160844ac94c297fdc2

SHA256
ac72cd7713da51edf0b57616ed57326286a4f85de8c1443ef60379db9e3887f5

SHA512
bc034bed3a82f1a47207d02ddce9f232f82110fb1a2b12ec1ebd468af4a64e7dc547aa06adadbd3993320ff5edb0be357cc7b4396160433e0ed5edff42d53b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-conio-l1-1-0.dll

Filesize
31KB

MD5
4b511048c52e62714d4ae8bf4d686db7

SHA1
2ffe23c3494e1930bb8ba9dc85ba7afd50458a79

SHA256
81cc477b01b8a2eb82e0ee21e9113604006a97281a95091823839335661569e6

SHA512
328877e54fe0ef1a4a4affdeb11e19a064974ed28693c6db9869025957f24ae2000ff39d1d1e03f804e2fb52323bbd3ef15be4f99f0f1196a58f85fd4875a1ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-convert-l1-1-0.dll

Filesize
35KB

MD5
bfbaceb27c68c53fd04488bb46afe11e

SHA1
610f0cbdf9994b818fd518a99f559913370773d2

SHA256
f16030942224f62b1bc3d5eda63af0c07c12e9af60f4ef5a29a84e9706cb3e23

SHA512
12bdbc7f6631b02350ff0c519ba2bf14cc75c624485c67bcfa1aef3d2ddff4acc6d17edfdebbbbd20ba95f14342f7874d8345567fc2478554faab03534c8ec68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-environment-l1-1-0.dll

Filesize
31KB

MD5
cbe0b9fbb04adafb76cc0d50ba1b2d1a

SHA1
40c0d5674248949a0128949c12443a72957d2ca8

SHA256
34e9a4ffe038e13bcadbec9a783896b3a67988b42d6353ce70d8987a0bf5e888

SHA512
be1186e5c2aaa3a9e23e8d3f14fdf332fbbb292c81fcd75208d990ffb5d173d9adba41f49814de1ab275388b228c9ac5d1eb72fd5afcd35b39b1dd3cca959464

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
31KB

MD5
15da941b5ad1bddf76b8f09f359aa1b6

SHA1
ea95e65edb63aa2a6fe4bb365ea3f3bc995a4df3

SHA256
4f5faf054747fd8d9a202b31bb8f687fd369c47f82ad5860dcbf7a58d2cf924f

SHA512
f4936be1ea8abf6b89b7c26db6c48abbe4498a48b32382ebe74d5dfa6ac34d3b8cf6ffdcabbfe3403f3abb19abec4486c39f52838cdd85bb04e8cd8e049a566f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-heap-l1-1-0.dll

Filesize
31KB

MD5
db4fea844f77012d7db0d0923aacbbad

SHA1
8a8a99b1f392a02aab29ef35e8207db3c47e930c

SHA256
0f885499cc169a02e409445d5307fce784295f165dcb6a8e178733c789d4526a

SHA512
de5851c4043f6bf00d9ef1b30bb9defd4ab70ffe62605b0d602f364a2dbacf86c2dfe9c43d60bcda57f0254e358644518d67c9133de0d49fd795e3d4912924b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-locale-l1-1-0.dll

Filesize
31KB

MD5
8ab373179221f08c7a7f44cadac328ca

SHA1
f06818bf5cda974d3d99456b13921b22c6470b8d

SHA256
0dfe9be5fef238a9eba4d4f03b5989389373cc8d82b03d2c34d17800655bfabf

SHA512
90591b6e4a43fc8790d4f9063e5fca2ba8076082e3a1eb00dcff37da1eaff62a209699eda000b079c2ef0ebceaf1231cec197800cead99a5912dd4aafdf2f3c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-math-l1-1-0.dll

Filesize
39KB

MD5
5387082efcdd2e6c6be7ed8a88e03005

SHA1
7078d27b3f64e49fcf2b70da4b904a10bc14c473

SHA256
5a4d354626564c6cdc7d28475b6342cf79025e9e4df0f4b43dd835beea42a548

SHA512
82446bbdd1b6c1459e0a034c1c031b817794b94a67fc093d63d8a644c66a9b7039ab8cbdf5383198be66388cf91fdbbb47a9521658eaf83783970b7c2803b305

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-process-l1-1-0.dll

Filesize
31KB

MD5
8b22ca474685e79aba401635419f69a4

SHA1
f6bd165297fdce1324ffc001111d3dd18fb115ce

SHA256
d95c89d8f1dcbcadb3ccc28877b66be769a4351d4e0173f4a192128ee3d7dd51

SHA512
6fa3a5ca83a6349b6f3c5dc31426e171816afe1d49d4da5e06ed20d31cea62374d40b7e66a5929f24777dc2b107dade2d4f6aa1d5e0ba0174c51e903a98166c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
35KB

MD5
820662fef00af503e207218ecd67765e

SHA1
fc30f9477be473ee9f9a59a4a19bc93a835a04aa

SHA256
1a460b02ebd56ac03f5117bf3cab74b3c83845b454881745c71818afe55286e3

SHA512
0c9e0bc655fe102c6f1e2af24c38b3ebba6284f6c21e5352304408822f3b0785530a8a97fa30850483cb05b3443efaab0d19e637c576497852aa094576e7ea1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
35KB

MD5
2428b2dc3ef3f8e811bb0f425794c33c

SHA1
f5adf8a7e069b6331cf31dcbe105f5bb11d2ba09

SHA256
5723612d49c760ad13cadc7857b417145406d55d0011ed55e2894f4b3bc7d4e3

SHA512
06c30ed1ff841cca96a18facf2fb337066642364b2a4799301e01e022ecf110bc6fe015d8c4da9275238dcc034fbe3b034ecc9552ba229dbda7ba2111e22aade

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-string-l1-1-0.dll

Filesize
35KB

MD5
5847cf91e8df22423af0f194fbc1c8ac

SHA1
1f349445dcfbe959ec44fcc2e487fc63d249f988

SHA256
6af625152090f685f05ad2b03f0739296d13a09c56a91a8f08461c6a22309d43

SHA512
81ea5aefd5b64e206b1a671fe1a22d908ad55a6db5894018bd779a3f4f73e8358070b8ddb27b7c534f965238e364af60c6e92b73ae07e19445822a947cfaf89b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-time-l1-1-0.dll

Filesize
31KB

MD5
111df391e83dc74f0a66c11817abaa6a

SHA1
7bdeac1cdd5b06faaf20d113a239c4ffe73d2610

SHA256
edc8849cfb5bc3d946fb0c4b86a7788a2a04d113c44e5773243c0abf7dca543f

SHA512
5acaa477b10bddc4caea85c0d725832124765a044e8416ada66161278e9ddf293ca8d4ac8dcdc6622a6920b9db7e6a62d306b7fb67dcad1cbc9ba37f32a6bd36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\api-ms-win-crt-utility-l1-1-0.dll

Filesize
31KB

MD5
a26ee6bd274cb850636742f9a5879193

SHA1
154fac323f50a8cf0fa730afa1d3a58f4b06126a

SHA256
bdfeabcbfe6f9e5305f2b39f14e6819e725feaaba14a9372ddadb9408f99757f

SHA512
845e4a06d4e7e08ea13db32ad619d9b4726e8a62f8d52d261816f917d3c78dcb76297979fd0c6b446addcc93b5d48d499cd4c5734e4bc325166f42a8f18f7400

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\base_library.zip

Filesize
859KB

MD5
f1dad11e582ec2d88d88556a4a5873dd

SHA1
e0fd9dfbef5eb67781afa2491ac9a4c95026105e

SHA256
37ec66763577def206c88fbabe5f28ee65b41d8cfbf8541d1523fca526b47167

SHA512
1ef102bad5bcd0edc33be2f1a6dd33df534f73105a78c98790f9c6a05764df9f9cd10302d016c29dbcdfca703a526a42ed987a2ae965acaafe355ee5c672a686

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\pyexpat.pyd

Filesize
194KB

MD5
1118c1329f82ce9072d908cbd87e197c

SHA1
c59382178fe695c2c5576dca47c96b6de4bbcffd

SHA256
4a2d59993bce76790c6d923af81bf404f8e2cb73552e320113663b14cf78748c

SHA512
29f1b74e96a95b0b777ef00448da8bd0844e2f1d8248788a284ec868ae098c774a694d234a00bd991b2d22c2372c34f762cdbd9ec523234861e39c0ca752dcaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\python3.DLL

Filesize
64KB

MD5
fd4a39e7c1f7f07cf635145a2af0dc3a

SHA1
05292ba14acc978bb195818499a294028ab644bd

SHA256
dc909eb798a23ba8ee9f8e3f307d97755bc0d2dc0cb342cedae81fbbad32a8a9

SHA512
37d3218bc767c44e8197555d3fa18d5aad43a536cfe24ac17bf8a3084fb70bd4763ccfd16d2df405538b657f720871e0cd312dfeb7f592f3aac34d9d00d5a643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\select.pyd

Filesize
29KB

MD5
a653f35d05d2f6debc5d34daddd3dfa1

SHA1
1a2ceec28ea44388f412420425665c3781af2435

SHA256
db85f2f94d4994283e1055057372594538ae11020389d966e45607413851d9e9

SHA512
5aede99c3be25b1a962261b183ae7a7fb92cb0cb866065dc9cd7bb5ff6f41cc8813d2cc9de54670a27b3ad07a33b833eaa95a5b46dad7763ca97dfa0c1ce54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI8322\ucrtbase.dll

Filesize
1.3MB

MD5
cce9b64d0f98c2370a2da82aa9a501e0

SHA1
0121a2b000b9a0b3f3b6660b39536fe8d72ba222

SHA256
5d69cce34d22d26bc6dcb4c3e58dbae83346eb3ea203cb80769ad4c077424c96

SHA512
66553c524ca07c537d0e7b18ea35ae0b9218d1adf076726d4ea9071b5ec546ffd87bc6efb55671109041a9aa007f7e0f59462341f365e448be9071d714b6a6f9

Download Submit
memory/452-410-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download
memory/832-202-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download
memory/1192-204-0x00007FFD30AC0000-0x00007FFD30F25000-memory.dmp

Filesize
4.4MB

Download
memory/1192-203-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download
memory/1296-368-0x00007FFD2D110000-0x00007FFD2D575000-memory.dmp

Filesize
4.4MB

Download
memory/1296-367-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download
memory/4512-565-0x00007FFD2D110000-0x00007FFD2D575000-memory.dmp

Filesize
4.4MB

Download
memory/4512-564-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download
memory/4824-607-0x00007FF75F9F0000-0x00007FF75FA27000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads