f33f4b5d2ec9e421f0d5b2b9f70b2caef04f24f3188e5198933cbbd3c487daa6

Resubmissions

21/01/2025, 01:54

250121-cbt27azpfj 10

20/01/2025, 22:23

250120-2a2hbasmcl 10

Analysis

max time kernel
72s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RoFix.exe
Size

35.5MB
MD5

c685da925e0d4cd81253fc2a862bcacd
SHA1

524fb7ceb23455fba9a1178227df36c63649cd17
SHA256

f33f4b5d2ec9e421f0d5b2b9f70b2caef04f24f3188e5198933cbbd3c487daa6
SHA512

5cd7381fb350037ed0b2fddd6dfc90dfcbb6129fc9ca38435301ecf886b240b61b4f75f48e5f7821c111ce698052eff937a24ec40dd34764a7f68d91e70919ff
SSDEEP

786432:T6VjlxwW8bKLXm1NwO8zcY876MlXRXuBBjWx8vWnWGmVtRJ8rn2k:eVjlCWK2XmwlE71lh+BBy7njQtzMn

Score

9^/10

defense_evasion discovery execution persistence pyinstaller upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	RoFix.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	RoFix.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	RoFix.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	RoFix.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3588	powershell.exe
4864	powershell.exe

Downloads MZ/PE file

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4388	attrib.exe

Executes dropped EXE 3 IoCs

pid	Process
2616	Rofix.exe
384	RoFix.exe
4880	RoFix.exe

Loads dropped DLL 64 IoCs

pid	Process
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RoFixtm = "C:\\Users\\Admin\\RoFix\\Rofix.exe"	RoFix.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
80	discord.com
79	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000240ad-1163.dat	upx
behavioral1/memory/1500-1167-0x00007FFB10FC0000-0x00007FFB11685000-memory.dmp	upx
behavioral1/files/0x0007000000023c6f-1169.dat	upx
behavioral1/files/0x0007000000024057-1176.dat	upx
behavioral1/memory/1500-1177-0x00007FFB29230000-0x00007FFB2923F000-memory.dmp	upx
behavioral1/memory/1500-1175-0x00007FFB20300000-0x00007FFB20325000-memory.dmp	upx
behavioral1/files/0x0007000000023c6d-1178.dat	upx
behavioral1/files/0x0007000000023c73-1180.dat	upx
behavioral1/memory/1500-1183-0x00007FFB202D0000-0x00007FFB202FD000-memory.dmp	upx
behavioral1/memory/1500-1182-0x00007FFB26410000-0x00007FFB2642A000-memory.dmp	upx
behavioral1/files/0x0007000000024053-1184.dat	upx
behavioral1/files/0x000700000002405b-1189.dat	upx
behavioral1/files/0x0007000000023c72-1223.dat	upx
behavioral1/memory/1500-1224-0x00007FFB26330000-0x00007FFB26344000-memory.dmp	upx
behavioral1/files/0x0007000000024056-1225.dat	upx
behavioral1/memory/1500-1226-0x00007FFB10A80000-0x00007FFB10FB3000-memory.dmp	upx
behavioral1/files/0x0007000000023c77-1227.dat	upx
behavioral1/files/0x000700000002405f-1232.dat	upx
behavioral1/memory/1500-1235-0x00007FFB1F660000-0x00007FFB1F72E000-memory.dmp	upx
behavioral1/memory/1500-1234-0x00007FFB1FDE0000-0x00007FFB1FE13000-memory.dmp	upx
behavioral1/memory/1500-1233-0x00007FFB10FC0000-0x00007FFB11685000-memory.dmp	upx
behavioral1/files/0x0007000000023c79-1231.dat	upx
behavioral1/memory/1500-1230-0x00007FFB24D90000-0x00007FFB24D9D000-memory.dmp	upx
behavioral1/files/0x00070000000240b1-1229.dat	upx
behavioral1/memory/1500-1228-0x00007FFB20070000-0x00007FFB20089000-memory.dmp	upx
behavioral1/files/0x0007000000024030-1222.dat	upx
behavioral1/files/0x000700000002402e-1220.dat	upx
behavioral1/files/0x0007000000023c78-1218.dat	upx
behavioral1/files/0x0007000000023c76-1216.dat	upx
behavioral1/files/0x0007000000023c75-1215.dat	upx
behavioral1/files/0x0007000000023c74-1214.dat	upx
behavioral1/files/0x0007000000023c71-1212.dat	upx
behavioral1/files/0x0007000000023c70-1211.dat	upx
behavioral1/files/0x0007000000023c6e-1210.dat	upx
behavioral1/files/0x0007000000023c6c-1209.dat	upx
behavioral1/files/0x00070000000240df-1208.dat	upx
behavioral1/files/0x00070000000240d4-1206.dat	upx
behavioral1/files/0x00070000000240d3-1205.dat	upx
behavioral1/files/0x00070000000240c8-1204.dat	upx
behavioral1/files/0x00070000000240c7-1203.dat	upx
behavioral1/files/0x0007000000023c69-1201.dat	upx
behavioral1/files/0x0007000000023c68-1200.dat	upx
behavioral1/files/0x0007000000023c67-1199.dat	upx
behavioral1/files/0x0007000000023c66-1198.dat	upx
behavioral1/files/0x0007000000024082-1197.dat	upx
behavioral1/files/0x000700000002407b-1196.dat	upx
behavioral1/files/0x0007000000024061-1195.dat	upx
behavioral1/files/0x0007000000024060-1194.dat	upx
behavioral1/files/0x000700000002405e-1192.dat	upx
behavioral1/files/0x000700000002405d-1191.dat	upx
behavioral1/files/0x000700000002405c-1190.dat	upx
behavioral1/files/0x000700000002405a-1188.dat	upx
behavioral1/files/0x0007000000024059-1187.dat	upx
behavioral1/files/0x0007000000024058-1186.dat	upx
behavioral1/memory/1500-1238-0x00007FFB282A0000-0x00007FFB282AD000-memory.dmp	upx
behavioral1/memory/1500-1237-0x00007FFB20300000-0x00007FFB20325000-memory.dmp	upx
behavioral1/files/0x0007000000024043-1239.dat	upx
behavioral1/memory/1500-1241-0x00007FFB24D70000-0x00007FFB24D7B000-memory.dmp	upx
behavioral1/memory/1500-1242-0x00007FFB20040000-0x00007FFB20068000-memory.dmp	upx
behavioral1/memory/1500-1244-0x00007FFB1F540000-0x00007FFB1F65A000-memory.dmp	upx
behavioral1/memory/1500-1243-0x00007FFB202D0000-0x00007FFB202FD000-memory.dmp	upx
behavioral1/memory/1500-1245-0x00007FFB26330000-0x00007FFB26344000-memory.dmp	upx
behavioral1/memory/1500-1246-0x00007FFB24570000-0x00007FFB2457F000-memory.dmp	upx
behavioral1/memory/1500-1264-0x00007FFB20210000-0x00007FFB2021C000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000800000002407b-2709.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
384	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133818854798706458"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
1500	RoFix.exe
3588	powershell.exe
3588	powershell.exe
3552	chrome.exe
3552	chrome.exe
4880	RoFix.exe
4880	RoFix.exe
4880	RoFix.exe
4880	RoFix.exe
4864	powershell.exe
4864	powershell.exe
4864	powershell.exe
928	powershell.exe
928	powershell.exe
928	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1500	RoFix.exe
Token: SeDebugPrivilege	3588	powershell.exe
Token: SeDebugPrivilege	384	taskkill.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 1500	4956	RoFix.exe	84
PID 4956 wrote to memory of 1500	4956	RoFix.exe	84
PID 1500 wrote to memory of 3180	1500	RoFix.exe	86
PID 1500 wrote to memory of 3180	1500	RoFix.exe	86
PID 1500 wrote to memory of 3588	1500	RoFix.exe	90
PID 1500 wrote to memory of 3588	1500	RoFix.exe	90
PID 1500 wrote to memory of 3424	1500	RoFix.exe	92
PID 1500 wrote to memory of 3424	1500	RoFix.exe	92
PID 3424 wrote to memory of 4388	3424	cmd.exe	94
PID 3424 wrote to memory of 4388	3424	cmd.exe	94
PID 3424 wrote to memory of 2616	3424	cmd.exe	95
PID 3424 wrote to memory of 2616	3424	cmd.exe	95
PID 3424 wrote to memory of 384	3424	cmd.exe	96
PID 3424 wrote to memory of 384	3424	cmd.exe	96
PID 3552 wrote to memory of 3016	3552	chrome.exe	113
PID 3552 wrote to memory of 3016	3552	chrome.exe	113
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2400	3552	chrome.exe	114
PID 3552 wrote to memory of 2396	3552	chrome.exe	115
PID 3552 wrote to memory of 2396	3552	chrome.exe	115
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116
PID 3552 wrote to memory of 4128	3552	chrome.exe	116

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
4388	attrib.exe

C:\Users\Admin\AppData\Local\Temp\RoFix.exe
"C:\Users\Admin\AppData\Local\Temp\RoFix.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Users\Admin\AppData\Local\Temp\RoFix.exe
  "C:\Users\Admin\AppData\Local\Temp\RoFix.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3180
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RoFix\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\RoFix\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3424
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4388
  - - C:\Users\Admin\RoFix\Rofix.exe
      "Rofix.exe"
      4⤵
      Executes dropped EXE
      PID:2616
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "RoFix.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb10eecc40,0x7ffb10eecc4c,0x7ffb10eecc58
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4576,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4564,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5396,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3380,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3196,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3372,i,8227634764247856906,13293976364570006621,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:4320
- C:\Users\Admin\Downloads\RoFix.exe
  "C:\Users\Admin\Downloads\RoFix.exe"
  2⤵
  - Executes dropped EXE
  PID:384
- - C:\Users\Admin\Downloads\RoFix.exe
    "C:\Users\Admin\Downloads\RoFix.exe"
    3⤵
    - Enumerates VirtualBox DLL files
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4880
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\RoFix\""
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4864
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d0933e5a9ac617922565feea705991c8

SHA1
5d643376d73de77b46e6742adb8b3443ef2cfb14

SHA256
ba9005d042c00febd5ede10482ffde25e2d397e3bf28d769a27c525383c5d3ca

SHA512
6cf38d4fe6d393fea4caea8eb6a5520441ff0356fdc913da3248477aeead6aa459702ea9d1cce17a38aefa798f050b5624f5011af814de6ed9de84bc4cdbb254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d1fcbd1aac99b00c0150691f5513ea5f

SHA1
86057d68a477b850fb8b2e08db858c28a229490d

SHA256
3bc48139640edbf9d151c5b1241d27678d64abf099ad148fbf5f97646cfbd2ec

SHA512
2585d0b77ef0da09f714d42b860a4fe1dce730ae291c45ac72909d663fed4a8873f4d212b98d83d5063588eb2c7cfdb57b57384f27e12b9723a58b7a5c5c8b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
5c7613d9c9bf322019e0d37cf6b62b19

SHA1
a7605edc851b3adfd353200ad48fcf546909c07a

SHA256
580b4147634efa936241caba6b1bc655664f930b3876f850eebb1cc4de4d55cc

SHA512
76911d14e862afd2d7854d9f6eb3cbc461003e55989222fc8c028f760b4c5b20a1f7621f975342f3cd0f0b94e77b33e0b3880e1507686041679e2f5867f8f135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9e8bf96e37988ec3122973c4874b3799

SHA1
5ee5449ac24a060a7527ff0d12298f482df55b2b

SHA256
6baf233ad203f557e17ceddd04e590c9d1281ef11531bb06b8c894b394b193c7

SHA512
e02eb57d35ae32da773b7f0e05854fa6b576a174965fe8db8b41b4fd25d22ef7969189bd609aecd7617adfaa5495b7ce683a3f0b6704131d89dce90ed90136a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e9cdb0eaa61d12e8cda1e60b82edd5b

SHA1
7284b4734fd87dfbc159421afa06fd746490c5dc

SHA256
b56585c93b5d0c9e24bcc66b0032240c6e8862d4f6f8d442f1ba8f39cafd29eb

SHA512
6c118817ff001020e91b528f5e923aeec36dad54a86a2f8a871bc5cb259b7008fde1cd5b813b7f49a817d7a6f0b46f6da0de7bc741737c6a1933243310d3d8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac28d06d1ec1e1acb9df31fc3e6b0620

SHA1
122440ede1434d87e500a7d9314ab13933ed042c

SHA256
33629210c51b657bcf5f6a57e57ea76b6862a078bd3e16ebd3ab80ab2c431506

SHA512
8b61dc4d6e40663c7a6a39baa876053e4f902c14315599855c7668fa257c73a4032cb2969da05e89b47372986339313fde6888d377655bb21ab637b3c11516dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3a3e0634c07f39240b28b7251c02944

SHA1
f9ce7b26e74a1889c0e2991930b8dc600336c616

SHA256
8f95f147868df5af923af19bd3f2d3354868bc1dbb316b36d896f2f1ab5b3606

SHA512
ceae439e3d49100e1adb17c1ed99e98bb69edbcae8553bf14f50fa23cbc61bc8c9511815510be55062740bb6cbdf988d04f65020b4a40c0d0dee5c695163bf57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3a3ef485757ebfb143058200d0c054f3

SHA1
31421cd4ec10c245a01e63e83ee0b13dc6fb47db

SHA256
67d43ec29599d68581e9c5206bd5d7a3e99212ac18c2aac1abc52b3c2076c2f0

SHA512
a3da591542d1d549cdc16d57330c7606701285c7237d6a93a9f38d654073ab6858d05166ee6e8b042fa94eda210102f78c12b0e5af01cb8df8e6c808b612d5aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7a96354ff8ce46c6796f70f6fbb532d6

SHA1
b728d2bdb6bbdafbee18bd2eda39ae3c877ef63f

SHA256
ea80a3682438782aa7c4460ba41dd04f08d7756f7c2bd8112e317596b28a47b0

SHA512
8cba77f7ce83ebb75955decedb42431ebda4843ed9ce6b7ae47ac1668ab60bf0d1a05e57d78be3c1c79d531d9823ebee7b8c6c80aa909e18b75969965fd725a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
72ecb42ced89d5b18081970346c5ba5c

SHA1
32fd9ac44442a4c514d4b57bce87451fb1ee7482

SHA256
51e4bbc46b7bcc45b82f35a184e3a4e694fbdcbd29abc8456b90e0db1e74520e

SHA512
d0218680e324e83ae291b4636161a8d23c11cdf848c87ea9abf9770f97087feef06a8533fced5ea7907530794d7aa98b18c64a29d4c8fd610cbe5e572af29e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
951f4ce6dd1d4db0f4bc5a230d8da41f

SHA1
c7ecf6a0da873c38bec43eceedc5596513125294

SHA256
e19dffdbf8e564e52045b17fe2672cb2ee600238acc282f8a960ed2e5599314a

SHA512
75023cfb7eee99b115810fe958b5d8a948bf7ef0c7a3ac3d83643f083d327c144a297ab09dce97d697e262bf703047bd7d60de66205778215bf00cd0654c6342

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3842\_tcl_data\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3842\attrs-24.3.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_asyncio.pyd

Filesize
38KB

MD5
1c7e301d8d26d01b37617b2684e46820

SHA1
65578da01212105a77cd12d0dcae4be068a143af

SHA256
a6910f94f6b97e8dbd264b6560c550583b3c19672a2d04969135b4e3c3de1a0f

SHA512
7a7feb3df4543e6f98c8d006d1c4860564458de0ac1773dd7665c807d88d0ee3e171bbc10384ef4058f058139322d9378976e5850881cc8b882ef181de98b023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_bz2.pyd

Filesize
48KB

MD5
adaa3e7ab77129bbc4ed3d9c4adee584

SHA1
21aabd32b9cbfe0161539454138a43d5dbc73b65

SHA256
a1d8ce2c1efaa854bb0f9df43ebccf861ded6f8afb83c9a8b881904906359f55

SHA512
b73d3aba135fb5e0d907d430266754da2f02e714264cd4a33c1bfdeda4740bbe82d43056f1a7a85f4a8ed28cb7798693512b6d4cdb899ce65b6d271cf5e5e264

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
c7f92cfef4af07b6c38ab2cb186f4682

SHA1
b6d112dafbcc6693eda269de115236033ecb992d

SHA256
326547bdcfc759f83070de22433b8f5460b1563bfef2f375218cc31c814f7cae

SHA512
6e321e85778f48e96602e2e502367c5c44ac45c098eed217d19eddc3b3e203ded4012cab85bcad0b42562df1f64076a14598b94257069d53783b572f1f35ae5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_ctypes.pyd

Filesize
59KB

MD5
0f090d4159937400db90f1512fda50c8

SHA1
01cbcb413e50f3c204901dff7171998792133583

SHA256
ae6512a770673e268554363f2d1d2a202d0a337baf233c3e63335026d223be31

SHA512
151156a28d023cf68fd38cbecbe1484fc3f6bf525e7354fcced294f8e479e07453fd3fc22a6b8d049ddf0ad6306d2c7051ece4e7de1137578541a9aabefe3f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_decimal.pyd

Filesize
107KB

MD5
a592ba2bb04f53b47d87b4f7b0c8b328

SHA1
ca8c65ab0aab0f98af8cc1c1cf31c9744e56a33c

SHA256
19fe4a08b0b321ff9413da88e519f4a4a4510481605b250f2906a32e8bb14938

SHA512
1576fdc90d8678da0dab8253fdd8ec8b3ce924fa392f35d8c62207a85c31c26dae5524e983e97872933538551cbef9cd4ba9206bcd16f2ae0858ab11574d09e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_elementtree.pyd

Filesize
59KB

MD5
ba964d542b9670251580f7391c6aec03

SHA1
ccdcc81034e06c6c892657b84f3e7501a1784f24

SHA256
3938d7eba76c2be7c1b781eca90019d0b1b5a7282a7f0ff265993418986b003b

SHA512
65334d1f835458e48fa55d365e0083b3dedfa58042c004f239571456fd6bbffc1d58837ad2492d4a850d2e9c577c9ecd13514ea404227a2578b5986508218fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_hashlib.pyd

Filesize
35KB

MD5
4dd4c7d3a7b954a337607b8b8c4a21d1

SHA1
b6318b830d73cbf9fa45be2915f852b5a5d81906

SHA256
926692fcecdb7e65a14ac0786e1f58e880ea8dae7f7bb3aa7f2c758c23f2af70

SHA512
dab02496c066a70a98334e841a0164df1a6e72e890ce66be440b10fdeecdfe7b8d0ec39d1af402ae72c8aa19763c92dd7404f3a829c9fdcf871c01b1aed122e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_lzma.pyd

Filesize
86KB

MD5
17082c94b383bca187eb13487425ec2c

SHA1
517df08af5c283ca08b7545b446c6c2309f45b8b

SHA256
ddbfef8da4a0d8c1c8c24d171de65b9f4069e2edb8f33ef5dfecf93cb2643bd4

SHA512
2b565d595e9a95aefae396fc7d66ee0aeb9bfe3c23d64540ba080ba39a484ab1c50f040161896cca6620c182f0b02a9db677dab099dca3cae863e6e2542bb12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_multiprocessing.pyd

Filesize
27KB

MD5
fdc2f7fd61f977d756e99c2f61fd4605

SHA1
17702b50fe3866e7921bfa85478ac3f65065ed6d

SHA256
768e3d69ee50e786f8a4d94927a61dc2306134fb5d8d4c00fa767b346e1d4cc7

SHA512
c48ff8dd7e8d3e6c864e9ee0ab8e2920cebd171ee1c81f3df133d985bfae88f7e17d3488885a9efefac2b1f9934000d5196634d563bf3e987b3dc4acea8bd4bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_overlapped.pyd

Filesize
33KB

MD5
b282def432c192ddb778c3b0b9f6e3c4

SHA1
68503436a323ff0bbfe05308c69bfdf8691e45ab

SHA256
5e6c9f923f9ab715a7f434990ee8e54a7df39d3de3142ac9002c9bc12e7422e8

SHA512
2b05f3cf72eae5ce3825bf6bbbb1e04b1543f561ea51f87d0e09e623a10f2e31c7c254cfa91037a5309c5be950e99b8161e95d8a1f8022f8ea6d2069aa1378af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_queue.pyd

Filesize
26KB

MD5
97cc5797405f90b20927e29867bc3c4f

SHA1
a2e7d2399cca252cc54fc1609621d441dff1ace5

SHA256
fb304ca68b41e573713abb012196ef1ae2d5b5e659d846bbf46b1f13946c2a39

SHA512
77780fe0951473762990cbef056b3bba36cda9299b1a7d31d9059a792f13b1a072ce3ab26d312c59805a7a2e9773b7300b406fd3af5e2d1270676a7862b9ca48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_socket.pyd

Filesize
44KB

MD5
f52c1c015fb147729a7caab03b2f64f4

SHA1
8aebc2b18a02f1c6c7494271f7f9e779014bee31

SHA256
06d91ac02b00a29180f4520521de2f7de2593dd9c52e1c2b294e717c826a1b7d

SHA512
8ab076c551f0a6ffe02c26b4f0fbb2ea7756d4650fe39f53d7bd61f4cb6ae81460d46d8535c89c6d626e7c605882b39843f7f70dd50e9daf27af0f8cadd49c0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_sqlite3.pyd

Filesize
57KB

MD5
37a88a19bb1de9cf33141872c2c534cb

SHA1
a9209ec10af81913d9fd1d0dd6f1890d275617e8

SHA256
cca0fbe5268ab181bf8afbdc4af258d0fbd819317a78ddd1f58bef7d2f197350

SHA512
3a22064505b80b51ebaa0d534f17431f9449c8f2b155ec794f9c4f5508470576366ed3ba5d2de7ddf1836c6e638f26cad8cb0cc496daf30ee38ca97557238733

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_ssl.pyd

Filesize
66KB

MD5
34402efc9a34b91768cf1280cc846c77

SHA1
20553a06fe807c274b0228ec6a6a49a11ec8b7c1

SHA256
fe52c34028c5d62430ea7a9be034557ccfecdddda9c57874f2832f584fedb031

SHA512
2b8a50f67b5d29db3e300bc0dd670dad0ba069afa9acf566cad03b8a993a0e49f1e28059737d3b21cef2321a13eff12249c80fa46832939d2bf6d8555490e99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_tkinter.pyd

Filesize
38KB

MD5
4cfac34f2599f5ac9357b65362e348cb

SHA1
a980f014fd066e42fbc84b880ab5e76044d44c13

SHA256
f37c9dd6c145c3ba1794cf3f2ebf175284b4b316bda335301c0653afefb401e1

SHA512
20628a72fb9e0f44780c3baa8a51ffc877561a9b42e62def36a4229daa0bb46e6e3d195596844decb75c881fbd29f08f04aacb4afa504bb7eef2e8595383ce0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_uuid.pyd

Filesize
25KB

MD5
d8c6d60ea44694015ba6123ff75bd38d

SHA1
813deb632f3f3747fe39c5b8ef67bada91184f62

SHA256
8ae23bfa84ce64c3240c61bedb06172bfd76be2ad30788d4499cb24047fce09f

SHA512
d3d408c79e291ed56ca3135b5043e555e53b70dff45964c8c8d7ffa92b27c6cdea1e717087b79159181f1258f9613fe6d05e3867d9c944f43a980b5bf27a75ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\_wmi.pyd

Filesize
28KB

MD5
83a339d52dac4ba7a119317665440baa

SHA1
4657f0ac1e8cb823f0972ff665d49b6974bfa9c9

SHA256
63ecdf4708b284ba1425053ff71f8565c425a1760142bf6e4cc7fb838bb26190

SHA512
c94051b4732bed5ec6c2edef0028b14244940bffd5dc28149969b53c086a0934fabce638e5ee8ae66279944c33fb1f1ba421de0324318b1788ce8dc94d07992f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\base_library.zip

Filesize
1.3MB

MD5
21bf7b131747990a41b9f8759c119302

SHA1
70d4da24b4c5a12763864bf06ebd4295c16092d9

SHA256
f36454a982f5665d4e7fcc69ee81146965358fcb7f5d59f2cd8861ca89c66efa

SHA512
4cb45e9c48d4544c1a171d88581f857d8c5cf74e273bb2acf40a50a35c5148fe7d6e9afcf5e1046a7d7ae77f9196f7308ae3869c18d813fcd48021b4d112deb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
9KB

MD5
733c0bad07becb4ce1272fe2c7784030

SHA1
d3b0795b4c32637b5fc84a8a7b901c979db51eca

SHA256
9149ea2172164e7ee19cb22e16e152cc8fd5dc4422921a072fb98a5b8401e085

SHA512
d39ade78d97948c80d6763511bfb9b11d15a3ddd1563040d4a7c4c57c2db5490c1f0a6c22e03cdb6d3762793f4bf8727f010268e9fae75af6ba943e06b533b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libcrypto-3.dll

Filesize
1.6MB

MD5
8377fe5949527dd7be7b827cb1ffd324

SHA1
aa483a875cb06a86a371829372980d772fda2bf9

SHA256
88e8aa1c816e9f03a3b589c7028319ef456f72adb86c9ddca346258b6b30402d

SHA512
c59d0cbe8a1c64f2c18b5e2b1f49705d079a2259378a1f95f7a368415a2dc3116e0c3c731e9abfa626d12c02b9e0d72c98c1f91a359f5486133478144fa7f5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libssl-3.dll

Filesize
221KB

MD5
b2e766f5cf6f9d4dcbe8537bc5bded2f

SHA1
331269521ce1ab76799e69e9ae1c3b565a838574

SHA256
3cc6828e7047c6a7eff517aa434403ea42128c8595bf44126765b38200b87ce4

SHA512
5233c8230497aadb9393c3ee5049e4ab99766a68f82091fe32393ee980887ebd4503bf88847c462c40c3fc786f8d179dac5cb343b980944ade43bc6646f5ad5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\pyexpat.pyd

Filesize
88KB

MD5
273b7e06191d59c4d45e42a124385573

SHA1
efb6e512fe502c18faa8d5888c5976beaf1d0c04

SHA256
edb0bdc928ed2f577571fb65a526cea8a817272f4b3383a248a3ef59402a0b74

SHA512
87de09ae95d42714fadfdde9f9d1065f8e708cb73fedf8c20a199ceec71a6edf8ce12d9fa373ff02f48ad8950b06044ef66650006ec9e6bc5bdbd1d9011eb465

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\python3.dll

Filesize
66KB

MD5
5eace36402143b0205635818363d8e57

SHA1
ae7b03251a0bac083dec3b1802b5ca9c10132b4c

SHA256
25a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2

SHA512
7cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\select.pyd

Filesize
25KB

MD5
9a59688220e54fec39a6f81da8d0bfb0

SHA1
07a3454b21a831916e3906e7944232512cf65bc1

SHA256
50e969e062a80917f575af0fe47c458586ebce003cf50231c4c3708da8b5f105

SHA512
7cb7a039a0a1a7111c709d22f6e83ab4cb8714448daddb4d938c0d4692fa8589baa1f80a6a0eb626424b84212da59275a39e314a0e6ccaae8f0be1de4b7b994e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\sqlite3.dll

Filesize
644KB

MD5
de562be5de5b7f3a441264d4f0833694

SHA1
b55717b5cd59f5f34965bc92731a6cea8a65fd20

SHA256
b8273963f55e7bf516f129ac7cf7b41790dffa0f4a16b81b5b6e300aa0142f7e

SHA512
baf1fbdd51d66ea473b56c82e181582bf288129c7698fc058f043ccfbcec1a28f69d89d3cfbfee77a16d3a3fd880b3b18fd46f98744190d5b229b06cf07c975a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\tcl86t.dll

Filesize
652KB

MD5
58e6de475c640dfdc11c56bc9a38c0ea

SHA1
23328a953c2136c67397c296ee75754e29bd8efa

SHA256
28867333d4aa9df7c5b37675e52065e0ae77119dbe826d8d546d79b9900685d5

SHA512
a6ecd11fdc8b028204df3e96b447aa542a14b6b4de87c4fd8e9ffa14ae0a93277e4880329253b7d74f7ef3ec966c02cab4380923893d4d560d8c14bfdc404e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\tk86t.dll

Filesize
626KB

MD5
4758174d9ebc8f98cf9edcd6a5cb5273

SHA1
f918d59ba988f8d3e861accf617ff31692ae033b

SHA256
efabbc899725f97e59a0c6e2e5a9224f45bbf4b0cc2a768383382a3760e5f5db

SHA512
592ce66b46a7418a676840b161532a2c1e5846e10fdbef573dded9a1e9c1245a3576842811e586eaddae9f669bf3bd33b691973074b1f6f3149dbcfcae7da9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\unicodedata.pyd

Filesize
296KB

MD5
2730c614d83b6a018005778d32f4faca

SHA1
611735e993c3cc73ecccb03603e329d513d5678a

SHA256
baa76f6fd87d7a79148e32d3ae38f1d1fe5a98804b86e636902559e87b316e48

SHA512
9b391a62429cd4c40a34740ddb04fa4d8130f69f970bb94fa815485b9da788bca28681ec7d19e493af7c99a2f3bf92c3b53339ef43ad815032d4991f99cc8c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49562\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rb5u4x03.qpa.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3552_2055807030\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3552_2055807030\ebfbaba1-e2e0-492d-91cb-5e1e9274efaa.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 697857.crdownload

Filesize
35.5MB

MD5
c685da925e0d4cd81253fc2a862bcacd

SHA1
524fb7ceb23455fba9a1178227df36c63649cd17

SHA256
f33f4b5d2ec9e421f0d5b2b9f70b2caef04f24f3188e5198933cbbd3c487daa6

SHA512
5cd7381fb350037ed0b2fddd6dfc90dfcbb6129fc9ca38435301ecf886b240b61b4f75f48e5f7821c111ce698052eff937a24ec40dd34764a7f68d91e70919ff

Download Submit
memory/1500-1280-0x00007FFB118F0000-0x00007FFB1194D000-memory.dmp

Filesize
372KB

Download
memory/1500-1312-0x00007FFB116B0000-0x00007FFB116BD000-memory.dmp

Filesize
52KB

Download
memory/1500-1265-0x00007FFB1F390000-0x00007FFB1F3A6000-memory.dmp

Filesize
88KB

Download
memory/1500-1262-0x00007FFB1F3B0000-0x00007FFB1F3BC000-memory.dmp

Filesize
48KB

Download
memory/1500-1261-0x00007FFB1F3C0000-0x00007FFB1F3D2000-memory.dmp

Filesize
72KB

Download
memory/1500-1260-0x00007FFB1F3E0000-0x00007FFB1F3ED000-memory.dmp

Filesize
52KB

Download
memory/1500-1259-0x00007FFB1F3F0000-0x00007FFB1F3FB000-memory.dmp

Filesize
44KB

Download
memory/1500-1258-0x00007FFB1F400000-0x00007FFB1F40C000-memory.dmp

Filesize
48KB

Download
memory/1500-1257-0x00007FFB1F450000-0x00007FFB1F45B000-memory.dmp

Filesize
44KB

Download
memory/1500-1256-0x00007FFB1F460000-0x00007FFB1F46B000-memory.dmp

Filesize
44KB

Download
memory/1500-1255-0x00007FFB1F470000-0x00007FFB1F47C000-memory.dmp

Filesize
48KB

Download
memory/1500-1254-0x00007FFB1FAD0000-0x00007FFB1FADE000-memory.dmp

Filesize
56KB

Download
memory/1500-1253-0x00007FFB1FAE0000-0x00007FFB1FAED000-memory.dmp

Filesize
52KB

Download
memory/1500-1252-0x00007FFB1FAF0000-0x00007FFB1FAFC000-memory.dmp

Filesize
48KB

Download
memory/1500-1251-0x00007FFB1FB00000-0x00007FFB1FB0B000-memory.dmp

Filesize
44KB

Download
memory/1500-1250-0x00007FFB1FB10000-0x00007FFB1FB1C000-memory.dmp

Filesize
48KB

Download
memory/1500-1249-0x00007FFB1FB20000-0x00007FFB1FB2B000-memory.dmp

Filesize
44KB

Download
memory/1500-1248-0x00007FFB209D0000-0x00007FFB209DB000-memory.dmp

Filesize
44KB

Download
memory/1500-1247-0x00007FFB10A80000-0x00007FFB10FB3000-memory.dmp

Filesize
5.2MB

Download
memory/1500-1268-0x00007FFB1D9A0000-0x00007FFB1D9B4000-memory.dmp

Filesize
80KB

Download
memory/1500-1266-0x00007FFB1F660000-0x00007FFB1F72E000-memory.dmp

Filesize
824KB

Download
memory/1500-1267-0x00007FFB1F020000-0x00007FFB1F032000-memory.dmp

Filesize
72KB

Download
memory/1500-1269-0x00007FFB1C740000-0x00007FFB1C762000-memory.dmp

Filesize
136KB

Download
memory/1500-1270-0x00007FFB1D020000-0x00007FFB1D03B000-memory.dmp

Filesize
108KB

Download
memory/1500-1272-0x00007FFB1FD70000-0x00007FFB1FD89000-memory.dmp

Filesize
100KB

Download
memory/1500-1271-0x00007FFB20040000-0x00007FFB20068000-memory.dmp

Filesize
160KB

Download
memory/1500-1274-0x00007FFB1F4E0000-0x00007FFB1F52D000-memory.dmp

Filesize
308KB

Download
memory/1500-1273-0x00007FFB1F540000-0x00007FFB1F65A000-memory.dmp

Filesize
1.1MB

Download
memory/1500-1276-0x00007FFB1F4C0000-0x00007FFB1F4D1000-memory.dmp

Filesize
68KB

Download
memory/1500-1275-0x00007FFB24570000-0x00007FFB2457F000-memory.dmp

Filesize
60KB

Download
memory/1500-1277-0x00007FFB1F480000-0x00007FFB1F4B2000-memory.dmp

Filesize
200KB

Download
memory/1500-1278-0x00007FFB1C710000-0x00007FFB1C72E000-memory.dmp

Filesize
120KB

Download
memory/1500-1264-0x00007FFB20210000-0x00007FFB2021C000-memory.dmp

Filesize
48KB

Download
memory/1500-1279-0x00007FFB1F390000-0x00007FFB1F3A6000-memory.dmp

Filesize
88KB

Download
memory/1500-1281-0x00007FFB118B0000-0x00007FFB118E8000-memory.dmp

Filesize
224KB

Download
memory/1500-1282-0x00007FFB11880000-0x00007FFB118AA000-memory.dmp

Filesize
168KB

Download
memory/1500-1283-0x00007FFB1C740000-0x00007FFB1C762000-memory.dmp

Filesize
136KB

Download
memory/1500-1284-0x00007FFB11850000-0x00007FFB1187F000-memory.dmp

Filesize
188KB

Download
memory/1500-1286-0x00007FFB11820000-0x00007FFB11844000-memory.dmp

Filesize
144KB

Download
memory/1500-1285-0x00007FFB1D020000-0x00007FFB1D03B000-memory.dmp

Filesize
108KB

Download
memory/1500-1288-0x00007FFB10140000-0x00007FFB102BF000-memory.dmp

Filesize
1.5MB

Download
memory/1500-1287-0x00007FFB1FD70000-0x00007FFB1FD89000-memory.dmp

Filesize
100KB

Download
memory/1500-1290-0x00007FFB1C6F0000-0x00007FFB1C708000-memory.dmp

Filesize
96KB

Download
memory/1500-1289-0x00007FFB1F4E0000-0x00007FFB1F52D000-memory.dmp

Filesize
308KB

Download
memory/1500-1302-0x00007FFB118B0000-0x00007FFB118E8000-memory.dmp

Filesize
224KB

Download
memory/1500-1308-0x00007FFB11790000-0x00007FFB1179B000-memory.dmp

Filesize
44KB

Download
memory/1500-1307-0x00007FFB11820000-0x00007FFB11844000-memory.dmp

Filesize
144KB

Download
memory/1500-1306-0x00007FFB117A0000-0x00007FFB117AC000-memory.dmp

Filesize
48KB

Download
memory/1500-1305-0x00007FFB11850000-0x00007FFB1187F000-memory.dmp

Filesize
188KB

Download
memory/1500-1304-0x00007FFB11880000-0x00007FFB118AA000-memory.dmp

Filesize
168KB

Download
memory/1500-1303-0x00007FFB117B0000-0x00007FFB117BE000-memory.dmp

Filesize
56KB

Download
memory/1500-1301-0x00007FFB117C0000-0x00007FFB117CD000-memory.dmp

Filesize
52KB

Download
memory/1500-1300-0x00007FFB118F0000-0x00007FFB1194D000-memory.dmp

Filesize
372KB

Download
memory/1500-1299-0x00007FFB117D0000-0x00007FFB117DC000-memory.dmp

Filesize
48KB

Download
memory/1500-1298-0x00007FFB1C710000-0x00007FFB1C72E000-memory.dmp

Filesize
120KB

Download
memory/1500-1297-0x00007FFB117E0000-0x00007FFB117EB000-memory.dmp

Filesize
44KB

Download
memory/1500-1296-0x00007FFB117F0000-0x00007FFB117FC000-memory.dmp

Filesize
48KB

Download
memory/1500-1295-0x00007FFB1F480000-0x00007FFB1F4B2000-memory.dmp

Filesize
200KB

Download
memory/1500-1294-0x00007FFB11800000-0x00007FFB1180B000-memory.dmp

Filesize
44KB

Download
memory/1500-1293-0x00007FFB11810000-0x00007FFB1181C000-memory.dmp

Filesize
48KB

Download
memory/1500-1292-0x00007FFB11C30000-0x00007FFB11C3B000-memory.dmp

Filesize
44KB

Download
memory/1500-1291-0x00007FFB1F530000-0x00007FFB1F53B000-memory.dmp

Filesize
44KB

Download
memory/1500-1309-0x00007FFB10140000-0x00007FFB102BF000-memory.dmp

Filesize
1.5MB

Download
memory/1500-1316-0x00007FFB1C6F0000-0x00007FFB1C708000-memory.dmp

Filesize
96KB

Download
memory/1500-1315-0x00007FFB11770000-0x00007FFB1177C000-memory.dmp

Filesize
48KB

Download
memory/1500-1314-0x00007FFB10130000-0x00007FFB1013C000-memory.dmp

Filesize
48KB

Download
memory/1500-1313-0x00007FFB11690000-0x00007FFB116A2000-memory.dmp

Filesize
72KB

Download
memory/1500-1263-0x00007FFB202C0000-0x00007FFB202CB000-memory.dmp

Filesize
44KB

Download
memory/1500-1311-0x00007FFB11760000-0x00007FFB1176B000-memory.dmp

Filesize
44KB

Download
memory/1500-1310-0x00007FFB11780000-0x00007FFB1178B000-memory.dmp

Filesize
44KB

Download
memory/1500-1317-0x00007FFB100F0000-0x00007FFB10126000-memory.dmp

Filesize
216KB

Download
memory/1500-1318-0x00007FFB0FE80000-0x00007FFB100E5000-memory.dmp

Filesize
2.4MB

Download
memory/1500-1319-0x00007FFB0F640000-0x00007FFB0FE3B000-memory.dmp

Filesize
8.0MB

Download
memory/1500-1320-0x00007FFB0F2E0000-0x00007FFB0F335000-memory.dmp

Filesize
340KB

Download
memory/1500-1321-0x00007FFB117C0000-0x00007FFB117CD000-memory.dmp

Filesize
52KB

Download
memory/1500-1322-0x00007FFB0F2C0000-0x00007FFB0F2D6000-memory.dmp

Filesize
88KB

Download
memory/1500-1246-0x00007FFB24570000-0x00007FFB2457F000-memory.dmp

Filesize
60KB

Download
memory/1500-1421-0x00007FFB1F540000-0x00007FFB1F65A000-memory.dmp

Filesize
1.1MB

Download
memory/1500-1423-0x00007FFB209D0000-0x00007FFB209DB000-memory.dmp

Filesize
44KB

Download
memory/1500-1447-0x00007FFB1F4C0000-0x00007FFB1F4D1000-memory.dmp

Filesize
68KB

Download
memory/1500-1446-0x00007FFB1F4E0000-0x00007FFB1F52D000-memory.dmp

Filesize
308KB

Download
memory/1500-1445-0x00007FFB1FD70000-0x00007FFB1FD89000-memory.dmp

Filesize
100KB

Download
memory/1500-1444-0x00007FFB1D020000-0x00007FFB1D03B000-memory.dmp

Filesize
108KB

Download
memory/1500-1443-0x00007FFB1C740000-0x00007FFB1C762000-memory.dmp

Filesize
136KB

Download
memory/1500-1442-0x00007FFB1D9A0000-0x00007FFB1D9B4000-memory.dmp

Filesize
80KB

Download
memory/1500-1441-0x00007FFB1F020000-0x00007FFB1F032000-memory.dmp

Filesize
72KB

Download
memory/1500-1440-0x00007FFB1F390000-0x00007FFB1F3A6000-memory.dmp

Filesize
88KB

Download
memory/1500-1439-0x00007FFB1F3B0000-0x00007FFB1F3BC000-memory.dmp

Filesize
48KB

Download
memory/1500-1438-0x00007FFB1F3C0000-0x00007FFB1F3D2000-memory.dmp

Filesize
72KB

Download
memory/1500-1437-0x00007FFB1F3E0000-0x00007FFB1F3ED000-memory.dmp

Filesize
52KB

Download
memory/1500-1436-0x00007FFB1F3F0000-0x00007FFB1F3FB000-memory.dmp

Filesize
44KB

Download
memory/1500-1435-0x00007FFB1F400000-0x00007FFB1F40C000-memory.dmp

Filesize
48KB

Download
memory/1500-1434-0x00007FFB1F450000-0x00007FFB1F45B000-memory.dmp

Filesize
44KB

Download
memory/1500-1433-0x00007FFB1F460000-0x00007FFB1F46B000-memory.dmp

Filesize
44KB

Download
memory/1500-1432-0x00007FFB1F470000-0x00007FFB1F47C000-memory.dmp

Filesize
48KB

Download
memory/1500-1431-0x00007FFB1FAD0000-0x00007FFB1FADE000-memory.dmp

Filesize
56KB

Download
memory/1500-1430-0x00007FFB1FAE0000-0x00007FFB1FAED000-memory.dmp

Filesize
52KB

Download
memory/1500-1429-0x00007FFB1FAF0000-0x00007FFB1FAFC000-memory.dmp

Filesize
48KB

Download
memory/1500-1428-0x00007FFB1FB00000-0x00007FFB1FB0B000-memory.dmp

Filesize
44KB

Download
memory/1500-1427-0x00007FFB1FB10000-0x00007FFB1FB1C000-memory.dmp

Filesize
48KB

Download
memory/1500-1426-0x00007FFB1FB20000-0x00007FFB1FB2B000-memory.dmp

Filesize
44KB

Download
memory/1500-1422-0x00007FFB24570000-0x00007FFB2457F000-memory.dmp

Filesize
60KB

Download
memory/1500-1413-0x00007FFB10A80000-0x00007FFB10FB3000-memory.dmp

Filesize
5.2MB

Download
memory/1500-1420-0x00007FFB20040000-0x00007FFB20068000-memory.dmp

Filesize
160KB

Download
memory/1500-1419-0x00007FFB24D70000-0x00007FFB24D7B000-memory.dmp

Filesize
44KB

Download
memory/1500-1417-0x00007FFB1F660000-0x00007FFB1F72E000-memory.dmp

Filesize
824KB

Download
memory/1500-1407-0x00007FFB10FC0000-0x00007FFB11685000-memory.dmp

Filesize
6.8MB

Download
memory/1500-1448-0x00007FFB1F480000-0x00007FFB1F4B2000-memory.dmp

Filesize
200KB

Download
memory/1500-1418-0x00007FFB282A0000-0x00007FFB282AD000-memory.dmp

Filesize
52KB

Download
memory/1500-1245-0x00007FFB26330000-0x00007FFB26344000-memory.dmp

Filesize
80KB

Download
memory/1500-1243-0x00007FFB202D0000-0x00007FFB202FD000-memory.dmp

Filesize
180KB

Download
memory/1500-1244-0x00007FFB1F540000-0x00007FFB1F65A000-memory.dmp

Filesize
1.1MB

Download
memory/1500-1242-0x00007FFB20040000-0x00007FFB20068000-memory.dmp

Filesize
160KB

Download
memory/1500-1241-0x00007FFB24D70000-0x00007FFB24D7B000-memory.dmp

Filesize
44KB

Download
memory/1500-1237-0x00007FFB20300000-0x00007FFB20325000-memory.dmp

Filesize
148KB

Download
memory/1500-1238-0x00007FFB282A0000-0x00007FFB282AD000-memory.dmp

Filesize
52KB

Download
memory/1500-1228-0x00007FFB20070000-0x00007FFB20089000-memory.dmp

Filesize
100KB

Download
memory/1500-1230-0x00007FFB24D90000-0x00007FFB24D9D000-memory.dmp

Filesize
52KB

Download
memory/1500-1233-0x00007FFB10FC0000-0x00007FFB11685000-memory.dmp

Filesize
6.8MB

Download
memory/1500-1234-0x00007FFB1FDE0000-0x00007FFB1FE13000-memory.dmp

Filesize
204KB

Download
memory/1500-1235-0x00007FFB1F660000-0x00007FFB1F72E000-memory.dmp

Filesize
824KB

Download
memory/1500-1226-0x00007FFB10A80000-0x00007FFB10FB3000-memory.dmp

Filesize
5.2MB

Download
memory/1500-1224-0x00007FFB26330000-0x00007FFB26344000-memory.dmp

Filesize
80KB

Download
memory/1500-1182-0x00007FFB26410000-0x00007FFB2642A000-memory.dmp

Filesize
104KB

Download
memory/1500-1183-0x00007FFB202D0000-0x00007FFB202FD000-memory.dmp

Filesize
180KB

Download
memory/1500-1175-0x00007FFB20300000-0x00007FFB20325000-memory.dmp

Filesize
148KB

Download
memory/1500-1177-0x00007FFB29230000-0x00007FFB2923F000-memory.dmp

Filesize
60KB

Download
memory/1500-1167-0x00007FFB10FC0000-0x00007FFB11685000-memory.dmp

Filesize
6.8MB

Download
memory/4880-4021-0x00007FFB24570000-0x00007FFB2457F000-memory.dmp

Filesize
60KB

Download
memory/4880-4007-0x00007FFB11770000-0x00007FFB11795000-memory.dmp

Filesize
148KB

Download
memory/4880-4017-0x00007FFB24D90000-0x00007FFB24D9D000-memory.dmp

Filesize
52KB

Download
memory/4880-4015-0x00007FFB10F50000-0x00007FFB10F83000-memory.dmp

Filesize
204KB

Download
memory/4880-4006-0x00007FFB0B7D0000-0x00007FFB0BE95000-memory.dmp

Filesize
6.8MB

Download