58134b4d729cdb7b4ee16f7d565acba38c1bed3559a2e5b9d72a975c51509fb2

Analysis

max time kernel
48s
max time network
49s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
22/03/2025, 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsdesktop-runtime-8.0.13-win-x64.exe
Size

51.8MB
MD5

11fb74010f9b3bfdd6f1d5ede3c59299
SHA1

e0bac395ecc713041227bd40b2c88976dbadf58d
SHA256

58134b4d729cdb7b4ee16f7d565acba38c1bed3559a2e5b9d72a975c51509fb2
SHA512

d0ae4c64acdce8fc3b64df331243a5f07c1b7e4974d61172cffe58927924c245d138c060f0f799fab4d20d379322926ff2e7aafdcb9d960d9a08068f803e987a
SSDEEP

786432:v6Vjl6g6eO19nP6SDRVWkv5lXRXeGDnffHv+Eku2DfLMoTWopqEmKHqt0ZraLncy:CVjlIegJDThlhuWnf0fLvpj7k0ZInc

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 11 IoCs

pid	Process
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe
1208	windowsdesktop-runtime-8.0.13-win-x64.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x001900000002b207-356.dat	upx
behavioral2/memory/1208-360-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp	upx
behavioral2/files/0x001900000002b138-362.dat	upx
behavioral2/files/0x001900000002b18d-367.dat	upx
behavioral2/memory/1208-370-0x00007FFC8B140000-0x00007FFC8B14F000-memory.dmp	upx
behavioral2/memory/1208-368-0x00007FFC81810000-0x00007FFC81835000-memory.dmp	upx
behavioral2/files/0x001900000002b137-371.dat	upx
behavioral2/memory/1208-374-0x00007FFC87900000-0x00007FFC87919000-memory.dmp	upx
behavioral2/files/0x001900000002b13d-373.dat	upx
behavioral2/memory/1208-422-0x00007FFC817E0000-0x00007FFC8180C000-memory.dmp	upx
behavioral2/files/0x001900000002b190-421.dat	upx
behavioral2/files/0x001900000002b18f-420.dat	upx
behavioral2/files/0x001900000002b18e-419.dat	upx
behavioral2/files/0x001900000002b18c-418.dat	upx
behavioral2/files/0x001900000002b18b-417.dat	upx
behavioral2/memory/1208-423-0x00007FFC85700000-0x00007FFC85714000-memory.dmp	upx
behavioral2/memory/1208-424-0x00007FFC6F3D0000-0x00007FFC6F903000-memory.dmp	upx
behavioral2/memory/1208-425-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp	upx
behavioral2/memory/1208-439-0x00007FFC6F3D0000-0x00007FFC6F903000-memory.dmp	upx
behavioral2/memory/1208-438-0x00007FFC85700000-0x00007FFC85714000-memory.dmp	upx
behavioral2/memory/1208-437-0x00007FFC817E0000-0x00007FFC8180C000-memory.dmp	upx
behavioral2/memory/1208-436-0x00007FFC87900000-0x00007FFC87919000-memory.dmp	upx
behavioral2/memory/1208-435-0x00007FFC8B140000-0x00007FFC8B14F000-memory.dmp	upx
behavioral2/memory/1208-434-0x00007FFC81810000-0x00007FFC81835000-memory.dmp	upx
behavioral2/memory/1208-433-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871439072126730"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 1208	2764	windowsdesktop-runtime-8.0.13-win-x64.exe	80
PID 2764 wrote to memory of 1208	2764	windowsdesktop-runtime-8.0.13-win-x64.exe	80
PID 2244 wrote to memory of 1968	2244	chrome.exe	85
PID 2244 wrote to memory of 1968	2244	chrome.exe	85
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 2856	2244	chrome.exe	87
PID 2244 wrote to memory of 2856	2244	chrome.exe	87
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 4264	2244	chrome.exe	86
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88
PID 2244 wrote to memory of 3220	2244	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-8.0.13-win-x64.exe"
  2⤵
  - Loads dropped DLL
  PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8124dcf8,0x7ffc8124dd04,0x7ffc8124dd10
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2044,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1428,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2220 /prefetch:11
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2372 /prefetch:13
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4152,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4168 /prefetch:9
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4588,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5292 /prefetch:14
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5408 /prefetch:14
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5320,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5800,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3448,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3576,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5732 /prefetch:14
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5988,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5648 /prefetch:14
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5788,i,4145591758049988509,872456288767356093,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5720 /prefetch:14
  2⤵
  PID:2660

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\572dd435-3bef-49c6-a1c4-a334e655fa30.tmp

Filesize
155KB

MD5
5a92b9a6583413ebfb4daa568eed1c5e

SHA1
afad03c8a91cda144cddd07587339f7dd117dcb5

SHA256
6a2662293f091f13153d7f7f01b0734c5483922d27aa4b17bb0b1fc5b64f9b57

SHA512
d327206d2d67125406f286ab090c55a149bf67adc8616f1f672f23a05ad9b2edbf8dbd9be0913bb62d1eb537d013f8c1a713f6bf3f3b095671c6ba3958af4a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
56eb9604fe3268ed96eb8fe68d768505

SHA1
0f9574fac6a26d2ecc9804853cc7738d367a1831

SHA256
384d2b7914f1a6550cbc9d2c6d138a3831d1163cdf887833841ed8bbc4cdb68e

SHA512
5990b74a6919be986606e1aba4cf556d72d2c8f66cdfdd8f717ad7eff9d45f5a4c7cec7db70fcd35685b9d0d97508d1b74e7d998553b6f1cf0576f4b38d0f4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cec245ed5e643b05505e044bbbc33abc

SHA1
1589192386f3043c3ec75e50bff57c408ef1451a

SHA256
9f746823aafd0b5ebf04a26e32dd6bd317244ffe1a9d0273be3ecb5fcedd9ef5

SHA512
910e7487059e7b7ce7987eb2b0281cd39304d9548bd0c1f45adbb914099549ac6686927889575366b1ec18c3ace80e9c03656bb749e90aeee7d86b889db64756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
35757f4133766aa8823a203f0d1126c8

SHA1
00b8737fd3523697161540f7a07901f78abb9432

SHA256
0eacc4426f8d7b1b2291df569450e4ae5b137d1f3ad481b474ca6d5f477339bf

SHA512
39c8d9c3c95a425768c6ffb3621f02e72e0b2fc0d4d4e277c180b70e778bea98213160caee4bb9325934ff30d092594b418398c2914bd48b5373265246556531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec953f19c72d6b3370425603a25820df

SHA1
18a4944e38b50089ddb5ebf168e4923c65dc0f5b

SHA256
391e6f683823988440c780f5e1e05edb8c9499fd519e1bb9413e69b2c5dd89f0

SHA512
ab50fa5a590e4bfc4b751cd76b23462d78f5c9d4488d55d245481f6f919558645eac756fc468c3d0a33974f619ca8864d009db56a138ff119885e1276c6b915e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
0872ef0fa5f8b4a0d2af98794e7d525e

SHA1
2be19fed4063f9312a92b7dc2fc5a160d88e01d1

SHA256
eb886289193273592360682f94b3141619fbe2a42baafdc12ac5cde7c83fab66

SHA512
f2644d2c03df27f5c0b91210ee399ddd44e88fdf6a9ed51388917bb6a7df89373fd5aa45a83aa94b88275f8999c4ac55f639d28da0d43e6defe51ebeb29e913e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595385.TMP

Filesize
48B

MD5
86865c5f2aa5c475d059861ff01faad5

SHA1
907accbb4f0588789428e204427e67f5860707ed

SHA256
14c136827c524c35e44cda8d3493e1e7d7a49f7ce5494895894d8788a4164398

SHA512
03e29dcdada0190683db27b6979eab94fbf4bc0cff531eb6f7b9011242ba370b153417da177f8ac116897c503f6040402445b5bb063613e1d254d7c5cbe41088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c3eed2622e2c5cec0196042e5a86bd5b

SHA1
972b4cb27f88175f7e2de0820772ad9a988ee3e2

SHA256
8df96049a4ad6cf272fe6bc4a91c821035b8330a831a93bc9b16c517bc28622d

SHA512
ab02dec12b236ee95fac491dd59e8cbcdfabd826eab9cd3dce6f1260e936879a12f74ccdf136fef3457f232fd50bb757dfc6a7ebdee08d8e206a517d860027c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\_bz2.pyd

Filesize
50KB

MD5
a283d59df78061995eee15feddfefd34

SHA1
c93fa17801b48bc7af2d77c88071100ff7babdbd

SHA256
4c56bd1b037afdf04d6542d76dccbe1593b654ae07f27add65a8108ce4ef8f38

SHA512
d2c3c30735701f9b469f50abf864dbcb99deea7717b92e83098fe55b0a57a8e810e52a6b0b27899ff1ec8919ca440e783d45b311ed762f036b75022a2ac54204

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\_ctypes.pyd

Filesize
61KB

MD5
1e66891ee2d467cce189e4dfc97d7d54

SHA1
bf91928e7ad2924b5546016e22c5f23a24925db9

SHA256
2294459c245c256ebcd1bb94ae71a0885df4ef4622287a0041fac4180eeb93d1

SHA512
2e71e734ce24cbbd24c8097c398eeb8c534c24545fe05e18abf6b22e39c7f0f3519ae3556d6a7effcec79088847a4c6aa837294637cd37593fd469ad44469fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\_lzma.pyd

Filesize
88KB

MD5
b218ec73a4132867d2897177fbe68954

SHA1
86c37c87bd0169a49f917db4403b963f40ddcf28

SHA256
fc0dd5b4f466be3f2dfc9976763b72f13ae6e3727a5c4e812087bc5828b31859

SHA512
b2784944890f8f14dcc08c3c9966ac174a45cf620ca97d4520a72bed555a7375de5e14003b1eb88aea58c872c1c3cdaf6a3331daa835a56909f0da6379aa2c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
ab7e867e9c1e8af927bcf316daf1bd5d

SHA1
40bfcc3fe4ee11b4ab5002b14ffdb03eb7834b91

SHA256
095966b6f75a1f664d86b26a719cae56b5184ff34baebce9e6e7b10aa25f7302

SHA512
ea4e982f312029ac072b4f37dac143bc851e49eb81c9025fd112d1f5d82d63d6244217fbd3d3d13d3487a2b46c96dc4641641882c54884531269773212bfcbcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
ea5ddff4e3e001826fd9aa96fe2102ae

SHA1
608224ccc8284559682bb88d5d2dc110179c17c9

SHA256
aef4d600d3985755406749abd0c9efd57cc106b191e5fd83782a0d91c6dcb5aa

SHA512
4a0d0443b1a8d3c806e4944e3d2af4520efad9af155363e02e2aaaf80f593e4f3fdc100b4c3cfb078866fd8c16d71db53b7a74f31bbf29baa20a421610823544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
067935e239f90ba8262d1d083603eebd

SHA1
b4c48e5ddf68a3e1fbed8944a370f4b80624c687

SHA256
918486fbf4e0d0cc2a93e4d28106957a3b081fec78cbdb4268bdc2062d34b2dd

SHA512
ab39e7eeb652ea2650911d600eabe951f0e5cbf1590d7157a4cd369cdbec0537c8843415dae8f7c941d878226981e124421caa3e33fcadf7009f02818d8cb877

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
d755d3165174669240cf8b4673bf13eb

SHA1
acb78e87da0ed6e5b3952b2b78facea0433bd06f

SHA256
d6efafa56298b3556d2926b265c446e7d5f88423cf3e078315a7048e07eed2f4

SHA512
efa7983156553b0d294ef12ff566359210ab73d7fb4408337a5af1a9654b6841db8d99ea059e451002abff8df5bf1a62c373745785fce2dda202705dbbb69c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-fibers-l1-1-0.dll

Filesize
21KB

MD5
18e1bf7360fe2740549a29b1af769488

SHA1
c090cedc3705a86f737c85df6629606f9ddc5fb9

SHA256
30e7aebec3e5e1298cf3353fd6a5cf1b84eec361bd35b2e42a9ec327e9383087

SHA512
4c0146b1a4f2dceca762cf5efd8501838f4b8b8ed9b3baccc0a4c848469f1124b4aa2d2193ba8216526077255b9894cae2c35f7e75558780c67f45837d5bf770

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
6ed40f8a43116b9b685f9d22561f8d8b

SHA1
1a25ce098e48c3149d863518a1ae03a0a365c5cf

SHA256
f1452f1d9dc57a2983f64f0116714153ab5e75108ad3ce60d2218137fd8f86ab

SHA512
1b60f88ee0758c7085c4d14faf1cce03b2d7d7d63f13e08457a21908bd482702dc42092d7984172766161d9cd70452b625aa3c052cae883c2ac54da2fd09f795

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
399a356813bc768093f851bdf1066b9b

SHA1
08551b7477de120b86d5a8f74b77702bb9ff5a71

SHA256
26a3ae0c9d5456107c1e429be59993e40d7f765a9cb409ccb13547063590a786

SHA512
7bd83dfb8b582fd375cb5ae90c871fc5b3b34d534d657eda76655f4e3de6fe0fa4f86c7369f8819c7f34e343f86797da83848063e5f7f5aad2c2f131478d4792

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-file-l2-1-0.dll

Filesize
20KB

MD5
50abf0a7ee67f00f247bada185a7661c

SHA1
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

SHA256
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

SHA512
c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
0b59c198420019e61acf6ab8ac519d44

SHA1
54becae1ef112895e881577c4d633ea430191f04

SHA256
9cbc5d46b202048678431ab776df0d3ca2e3eedc487f38d15638d7f27da68fb1

SHA512
f92b7229f2b6c3d439ceb82bbd12b3ebfb000e719c650a969b5b717e812dab526fe889b5c09c3c722929428aa413af15f0cf8e163da9002509e6443ff80c42ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
e8bcd292fed33fe4f7477eaeba0b9232

SHA1
76ccd2b602926d92f17de03f43f9c6750f486169

SHA256
b2dee2f3beaf6e7559b9ecd4da2af297a12ca95089915f0d60aca3bf9f3aa0ec

SHA512
b14c5be098d5353a11371813b508a54ccb36fb017db831a010850f9e9b6841a200e5092aa1fae9188b6931730273adcaf7ed4ac3775313be304d39dbf13633a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
7f802028f07c01bab5d5f17ac70c2d94

SHA1
cfd684c1fb6b5740355d28db99fc2ca914addef0

SHA256
c1543a16730ab3eebe1b648943700f6901d463efc311637f326a66ab7252cd1b

SHA512
97ec5a13fe3054a0a99112ac033d4a95b81af72f3b7a5cc623169293afc12ab94c9818a1624cf9dbe5bb81b6b8c20a4ad6d2c7f49516c2a8f58669dc858edb4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
e324ce8b5ee8351bf68fc9bbcc0f7f4b

SHA1
d9971b7811e5a52b614cffdcc20fb37cb80235e0

SHA256
cbdc28e8371e47a0c8629aad99dc6dc44f89602da3c82ae7005bcf93db53c033

SHA512
4315f7e71d2121d2c5a9c92143ebef861f822c2cdd76d657308d772b9bc15ab0df79ead2f65dcae649f41f8337202cd1e4c6f4f858849cf65a046a0b90399625

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
746f9a90329ddab557bdf9b6ec75fecf

SHA1
fe58289ab2f75fe2cf7b4a1beab69505d7e999aa

SHA256
86fbcfa212113ec68111d3ee2d0a527335937e6cc4703322f2b6fe230e63e713

SHA512
20438a5da734b02bd717fcf49e58715e19fa25410191d36c14a0c49a78a19ed8d0c65d016ecdfca716488294e31311b4e648f5b55bea016e55c3c469bdf74641

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
46be5b31e5c6de7b193692c6be283521

SHA1
5cc60212ad567ee4812fae059c6b3ae5f2f70c33

SHA256
6fc16d5f3046ccb705d08139963287645c801868517ee133a24f1fff9eddb8b1

SHA512
bf85c2a07828bb3a59d5ccb249b7aab94e73316dc048a26b9865ae88e2855534604a50a7bab1b41a2e1b8dc32e0e5a964302bb12a5e80ed5a23d45bc80caf582

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
c94c82c2d25db3dcdb82ab33c4ec0dab

SHA1
b82adb729547e33cfaafc8e32c752661af431eef

SHA256
c872b988ec47228a5edefc0a53c11ac5982221104d5fe2800df905c5398d3345

SHA512
3b2f4b78653bb76be47409c1137533d35a1cffc3cc92268048859ad53d0810b46503a3b735c177423c0c4d15224ed41f60daa3e270011d3b7fb9dca27ec0967c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
a4344448fdf10dc90341705286e50d51

SHA1
31e58a51a9521001b40316789aa20ac143eb46ce

SHA256
036bd147d7dd2e96fbf88b77ff525a70f97816a2402720909e7f928729a19b38

SHA512
a41585242b1c40186106bc6837956375d1770388b6427a474d3c91ff65bb9c9d3d2e7a8603b2bf39a6cc7ea2755590e246683be1d90af6578b7f698043f8447e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
4074c6db1a8bd9801170062618715b94

SHA1
9939488841785ae5f33df6f20b9b9a4e6622cab2

SHA256
e877ca388a100d4ba2e13626fd1b9646de35ae1d9ce81d3671e44a2bb15e917a

SHA512
cdee9bd17b6c2c073160762fdc14d2ea11e6d78e5f1cf54755f16db687698977ff3e98b629d366f79b1e8c3949559a4f5963b2c774c92fca79b78501e549e03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
8fd4019ccb7912c94073b9343d18c734

SHA1
85e6628f63962598e25d7708eceff0712d9695cb

SHA256
9db8cb5da274f5a28806f7c388db660448d0c557116e2b523daf09fb598262ad

SHA512
ba3a02a54309aa835d0262ca16374326673d411781c8ea70769fe7bc2aea166a427bb240fffe009d8d445979de033345bf71e9f31737d440337b97ca440ededf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
a2b9fbd064f11ff68bbbe0da387c7f70

SHA1
ff999109c23349faaa4a25b97703f2a842721c88

SHA256
1a68a71820179cff69f9760eb6d03a21b6aa25d9b2178c3a53ff530bd731d60f

SHA512
417b132b997889e027d0e988ec387e90538e171bf96f8b0a463be7986a6790c7a264d47dfd9c0ab1de53dc015dcc2eb7f8cd4e3215581645605252ba049a445b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
4d274ab800bc11d38b392744b022b9e7

SHA1
36f366c6be4b700a489455e60f6e6152712c5ecc

SHA256
d72ef17c877c914364ab1c7985bbf01b81bbbdf6e50753eeca58f73b00f95e0f

SHA512
056988fd0de42b77d4a511627fa7ed52237cb00da5607f6214a0d2d94954f2ddcd6b2916a81826d95c329f6921e16f8cd671948b9ddc28e9af4c01bfbe1b0deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
5df5ecb02ce7da0e742191f2108f5e19

SHA1
d79348cd63d96876f5601a9cb3a102eeb2558e2e

SHA256
cfae072315c3715fce1938094ebdbc95d417e6aa397d40e2fb5d95976c99f291

SHA512
59894e30ccad4cae9ad297418996d012e5e398ab7bb92233d0aac5127b4ade3455b21e2fed6dfce1752d858e990da8bf155592ea3dc4115bb425c06d194447d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
29d68c0a56d8932d06553c12380fedd3

SHA1
e4856785cc64589df194941d967c12afeb4a8a8c

SHA256
0d79c51e5c26a058c236648eed05b7538c3936ff2f7d6f5da6bc0dd16cc221df

SHA512
30f5c0869562d7ac20f44b62ed90789110c39d4983b54e2ee70644ef976ccc320e37cad70709b27004ba7372c5b1bb3f8c70d27edf14eae955035457ea6fd86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
113d45738f20603325e452f6c35e0356

SHA1
ebffc183973f542af5e71d5e24d69be20295530b

SHA256
8ae9ef3876499dbae8b9abd0c7fffac4befec5d2059e9aa85b39a0347ad862a9

SHA512
c4ab3fce078917bc14d0eff5062806cbf2ec2c92dd710ae21205715bf88700da8bf04f2af4c272fc028c4c00b38c3ba84e32448d840d6fa12a004cd9b6e964ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
a261b275403fcfa498e7402cce506328

SHA1
1ffd144d7c918baadc27af71e077e27da2e04cc7

SHA256
c996e3965f5646d8966fa3685e140308ac3c5280d1be5d45443ba17f8dfa19e7

SHA512
e7f50e6e759c02ed87a3a92c0578223bf4902ae76dd026bc074d8dd0bc085b0941183a9fda864d91d1fa447fdc66cf554b86c66c9979a4a6316cd3a5a7638e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
94a737edf77cb717d36e00f60834bde9

SHA1
b3a2b28bef94327d1d6b2916b9bbed037805ae16

SHA256
32acb6628a4aa24f5c92e9c205bebc878b11de31373062504063f6092eb5c9a3

SHA512
4a8c8e1f97c3018135bf7f0a770bf373e3483fbf12e840fe632af0946bfb9e9e267579013b5e3ee7d8f507fefc78dacef5794f3980072a09ad704e22afeec7a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
1337c176ac362320e4bce5d95ddee654

SHA1
64ae720a91f966d736d3274b01b5336fa4fdbf10

SHA256
3788504939aa6aebf4c3267f75b8e669f87cda21d0f0978d8e987cd3bf02cf22

SHA512
0d081ff2ed8cd36ae4783cbc0f1ec21563a06cadb7f56109b730cdb64ec6696aa74e57f6b45ee338417f9540961992b9517dfe709c2a8967c6c55b3b7d974cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
a738a3d6edfd77dd7e8c29ab209d8c87

SHA1
68c9187dcc6c7f775dec6b10d6a6810eed6d92c7

SHA256
6efd615b341167471cdeeaab7d73fbfd111e6ec9618bc07fd9204c96e2cc7740

SHA512
b7e725d669d5a8550312ed46ca193462a210eb3047f57f0b1775d960b83266c8fa51bd35673b932c14d478b3ca4262187f407da04208b9cbbac8a9e08718bdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
026185fe443ef4a76caf34004afad1d2

SHA1
d0684be4957e5e78d92fba992e24ac3efad634f4

SHA256
4871972e9991706972b078b8fd5e187a04742bc990376ca317dc23a0eb8c7aa8

SHA512
fe476394bbff0bf1833f6188722cc89eb5185d1c7077e50b6fdff8053b4a8ae2a5186acff6a9e4f1bdc2aa79d6258b1bde81deec348e8165b74e7b4dfc2001d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
40c041701ba44a66bfb25d376d1a45f7

SHA1
c5cfb056900a031d547bc0e6c27aaec9fb8d3420

SHA256
a08c9e07c7065493548d8949a6fd0c752b0cdffd0e8ebd592c8d5b804e27ed00

SHA512
aa592cc31c408ebf17db518b644a5e31def93fd1b9870fe89ad6020f050e0a6f5c0147e833001cd3ab670b7fe085ce9768fe81b393a106fc35e823c8580c7b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
34dafa1e9361e90d121fa83e550c0567

SHA1
4ac81dfaee6ccc125ba89144dc1e401d395da040

SHA256
65ac8bd273b1b4a83d93a11cc9f830b4a6bbcf428832d48df81c14134c5e6290

SHA512
50509f04f68a0bff157434ec49332cf83a7367b264f0d678d193bd9b0358ffe80179eddd8b9d1efdae5189466cfdb5eb5d5a24b93005197cd25d0f89ef9c0c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
32adb3d97d38be6f0dc9a23e5cc9e4c7

SHA1
befa06bf84880f3c9603ac4e6e8d8d050a1b52eb

SHA256
00cf5e7bc0ac7d9407c8c340d60bafdd165b358d8a124958d9322d7c65d3e931

SHA512
323160ae255f7c5c80c6670b891afa503fe2367df682ac9ae52a83a1b91e3b12c4dc278cc65292895ed091a304fd13152fb181b9f62f4cd34c2e29389e414e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
d66ab115b802bb287090557088d3115a

SHA1
9923f03f173c154166e4fc35d7491b627983e570

SHA256
b7624d8a6142c72351b30bd75a29d68974e894e72511ec55fefd066da8ba64db

SHA512
c5f25e8d3a81ca90a3474f2c5293539beed91ebdb15760601ce4ddf68be6ddceafb4cc2c8e6640ac0615bfbd72f3b50b6fea2ff9f713fe14c91a841a0966bb2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
929e01855774098c5bd3369fd1dd2e63

SHA1
8f4c5b1c51154e16410e573727d0a2e9d38e8391

SHA256
b3d8055ca1ec4a716994052e70c1ca8d5e6bd761c0cdf3b583e091cd1e456a8b

SHA512
533fb6c99899788ffd95e21203a79be84a0960e66c891e9c76e695bd43f3c4f34adde4f3fc3bf2e8b29de4d1ea9ebd42fa7a6a51efbe7434a2270387afbcd7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-private-l1-1-0.dll

Filesize
73KB

MD5
a94de25c50a9a41190c791a2e9b3b0b6

SHA1
fc8e950b7cbe79027c6910a5c136695089583964

SHA256
6b62800e71987a5676a99747833cfcfe567585465163fd4ae92c3d79c8190eef

SHA512
9a67c0998002752b6d6c30abfade5c8357ae627767c1b56b11af166d612ea9e6991c3151af2270e6bca650f356c1cfaebfdfbfe4d97043d57817c22c711f19e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
47900d26dce0bb963f94ab875c591bde

SHA1
0c6b11a1d1731f9479af504707d824e7ef7d4d9b

SHA256
9b0b6e39bc2f8280dbce7ba3d09e0985092bacc2a6ba05494de913f8a2119e2f

SHA512
eaf3a86b4ac462219aa92b38c0767a28ff744fce12287ae54cf1ee0fdfc655c81902c23180bd236b29e7a5fd7033e3b5a81ef7f380092d4be35cefe3ef972333

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
5a5d1eb011dcf93bbcf3561be84a9cb1

SHA1
d52c391c656443859b65a7be530529fc6a5f0090

SHA256
577c647ee57bd9137f441484f018caee6126b4fa0d0fa48ed64a0f9aab578b69

SHA512
e62e6b9e02788a34a36e0fb9871318c9c54c6b389c6373084693fc575347518d796316036519a2ff556b50b1ece489128daaa0b3eb6e146ddecd2aa4207dce89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
5f2b03b1bcb8d6c9e51b0c48c1fcb6c5

SHA1
202c50b055328051f0a2e7bdb0c8bedc1fcce66e

SHA256
7432ab2203054b2b2b0f25b971fd7c956a289e35eee14bf264407292cd3c6490

SHA512
97352f04fa02184221974e8ff19b2ac1c3c8b07417e45da06c71d9851fb5db9308cf110cc8de8549cd758e6b6b1c8c161072e7e8eab5d8d72d7b4b64cdc40aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
43ade4f6f38405560205a3cd91d32538

SHA1
879a338e22e87a82d5fa8fd26a670f567a8b7b16

SHA256
9843f7eddb4ddcd5406ad8a022d990c4d5337bc30a51c581ac1aa621a96cfd61

SHA512
423c8220d2b1f47175fa332c6e5264de26e283f156fd87424cddf86b33ea80fee49cc394d92fac77ee58be7e4ccf0360e593aeb101befb42300f456ed41365f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
da5850aff326acdedb358922382e2531

SHA1
b3db6fd76fbebe0c4664651aa841af9446e3b4e0

SHA256
6673dc8181fc88f1befcafcf079bd1d47b2c220129e7755f9db238a9dbfb8b7f

SHA512
b9386db0f139fc22d6384db3cfad83dc5a613a5640926d82780fe7ddb494f67ef1183fc6812a539b5b3361e882381b2847183353030b4001f2a022a436021cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
530f56397912d4b520f1c472f7ab6df5

SHA1
0572ecee45608754d14c8f999ed5deb2bf55e18f

SHA256
fcb2e964f87639fc219b9058772bb5afba97db84ba516593c0aa5f929233202c

SHA512
58d652ad56ea30c5e0c3f94999280bcfb6e5f92bbd408d80782b81af492ade0159a163e527b828c71a41bbe77b90303e8ca6d0e14e37f06b423f12c63dd616c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\base_library.zip

Filesize
1.3MB

MD5
31c05165007d613196c281a4fba11388

SHA1
300296461e59a6bfd0b514dd8ead4c3428f5c292

SHA256
926e08fa59a818f3d39aa4fdf3494d9c30fb4be16e522d52faef3c43ef47410f

SHA512
2f2a3aa51d20244918add6e731b8577cbae7fa45e6b7bfe6beb5958771df2b7b0a29a8df91e3319c1b5ecc3509634642006f1385a405dc4f52ebc2ddc39880eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\libcrypto-3.dll

Filesize
1.6MB

MD5
ecf92d1e849c1a4b89ed9dac0c2d732d

SHA1
bd2dbf194e9c891f27ef5b4521318d3804f76425

SHA256
afc166f8f1906cd75b4de9f7c72e92e36e4282437a02fedadb5ec3145c33c3a1

SHA512
44e3d6b37a11b715efb77c28c1c4fca4c25ba7f663183bcef4ba52e9c5271715f43f7b22b6307c6d8788c1ea4e8b709060b0a711aeae249164ba7bfd1d571f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\python3.DLL

Filesize
68KB

MD5
3887abd76341942acef5eaf8999fd3d1

SHA1
cdcbff88d88d542887669065ad0371fc16d9675e

SHA256
e6811bc64d0cc2a8525098b691db364679602c7456894c2f69e1837214a8a705

SHA512
83c0e83f5a6455c3cefeff9102027e55465f4507446391c8fe22910ed97627459dcdedf080dc1a74442fe3eb7aafcd51b3fc02a355cb7577bffeb0c87f61e463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\python312.dll

Filesize
1.7MB

MD5
c3a3610611bd5e8a08e7e8ef91279b52

SHA1
0f67e44bf20287f3e4ee0563a6fd6af7d3dd18df

SHA256
95b1567ac76d344f4a8baa62b4d33f85473b9a2592a6f0550a0a397700f6540a

SHA512
11c2abdaadfd3256c306f2fcfa4b871be02353848b4a6bb566ae587353e9de275b812407e048be4101dd8902cfe817411c57e11912170b4e53c9c152ebf2c175

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27642\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
memory/1208-368-0x00007FFC81810000-0x00007FFC81835000-memory.dmp

Filesize
148KB

Download
memory/1208-423-0x00007FFC85700000-0x00007FFC85714000-memory.dmp

Filesize
80KB

Download
memory/1208-436-0x00007FFC87900000-0x00007FFC87919000-memory.dmp

Filesize
100KB

Download
memory/1208-374-0x00007FFC87900000-0x00007FFC87919000-memory.dmp

Filesize
100KB

Download
memory/1208-435-0x00007FFC8B140000-0x00007FFC8B14F000-memory.dmp

Filesize
60KB

Download
memory/1208-425-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp

Filesize
6.8MB

Download
memory/1208-370-0x00007FFC8B140000-0x00007FFC8B14F000-memory.dmp

Filesize
60KB

Download
memory/1208-422-0x00007FFC817E0000-0x00007FFC8180C000-memory.dmp

Filesize
176KB

Download
memory/1208-424-0x00007FFC6F3D0000-0x00007FFC6F903000-memory.dmp

Filesize
5.2MB

Download
memory/1208-434-0x00007FFC81810000-0x00007FFC81835000-memory.dmp

Filesize
148KB

Download
memory/1208-437-0x00007FFC817E0000-0x00007FFC8180C000-memory.dmp

Filesize
176KB

Download
memory/1208-360-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp

Filesize
6.8MB

Download
memory/1208-433-0x00007FFC6FD30000-0x00007FFC703F2000-memory.dmp

Filesize
6.8MB

Download
memory/1208-438-0x00007FFC85700000-0x00007FFC85714000-memory.dmp

Filesize
80KB

Download
memory/1208-439-0x00007FFC6F3D0000-0x00007FFC6F903000-memory.dmp

Filesize
5.2MB

Download