b779246a9a6066b74a78b1d471c4cb87446a039a58032b5bc56656bf32c76e61

Analysis

max time kernel
114s
max time network
109s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stellaris-DLC-Unlocker.exe
Size

49.6MB
MD5

3f4e61ddc066987f9440ca400051ea2f
SHA1

5f9327271877632c90c69b39555d677858b30929
SHA256

b779246a9a6066b74a78b1d471c4cb87446a039a58032b5bc56656bf32c76e61
SHA512

972569c19df87a94cfb5ca3510e6e43bf11032d127fd0be7e254bf75622cb40578421438d98df7ab207c24c457a032952a16535f6e44ea33fc8699190f389a84
SSDEEP

1572864:MXGMK4XR3bLSCU/+6yPlhvh4y/LX60MG2WA2g/7:MgYRPSC++6y9J+y0dv2I

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 50 IoCs

pid	Process
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
4576	taskkill.exe
6092	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000007c5a747e100054656d7000003a0009000400efbe6e5a89717c5a747e2e0000005857020000000100000000000000000000000000000063edb800540065006d007000000014000000	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000006e5ac87310004c6f63616c003c0009000400efbe6e5a89717c5a757e2e00000057570200000001000000000000000000000000000000b2bc36004c006f00630061006c00000014000000	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "7"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Stellaris-DLC-Unlocker.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Stellaris-DLC-Unlocker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	Stellaris-DLC-Unlocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Stellaris-DLC-Unlocker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "4"	Stellaris-DLC-Unlocker.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6116	Stellaris-DLC-Unlocker.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6116	Stellaris-DLC-Unlocker.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4576	taskkill.exe
Token: SeDebugPrivilege	6092	taskkill.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe
6116	Stellaris-DLC-Unlocker.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 6116	4184	Stellaris-DLC-Unlocker.exe	84
PID 4184 wrote to memory of 6116	4184	Stellaris-DLC-Unlocker.exe	84
PID 6116 wrote to memory of 932	6116	Stellaris-DLC-Unlocker.exe	85
PID 6116 wrote to memory of 932	6116	Stellaris-DLC-Unlocker.exe	85
PID 6116 wrote to memory of 4576	6116	Stellaris-DLC-Unlocker.exe	87
PID 6116 wrote to memory of 4576	6116	Stellaris-DLC-Unlocker.exe	87
PID 6116 wrote to memory of 6092	6116	Stellaris-DLC-Unlocker.exe	90
PID 6116 wrote to memory of 6092	6116	Stellaris-DLC-Unlocker.exe	90

C:\Users\Admin\AppData\Local\Temp\Stellaris-DLC-Unlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Stellaris-DLC-Unlocker.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Users\Admin\AppData\Local\Temp\Stellaris-DLC-Unlocker.exe
  "C:\Users\Admin\AppData\Local\Temp\Stellaris-DLC-Unlocker.exe"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:6116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:932
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /F /IM "Paradox Launcher.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4576
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /F /IM stellaris.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:6092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41842\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-console-l1-1-0.dll

Filesize
12KB

MD5
dac566c1f660c7f5aaffcdc88eafb95e

SHA1
6dbd44ab2bf6b32f4ae9391d14bfaefd316bc600

SHA256
5f9d789e5231847a10431a29b89ebb2fe18ebe2f2a77c103211fc14c55657b25

SHA512
e6b73f0041bb016d72282849b25d09b5b9ed5017756759be77ad0bbbf17bce53d7a84f6c6025c0d4b467852b251913987392a2b336269b3182bd4954bbdb766d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
22ecf4b0f69958775ea932cc500e947d

SHA1
ef9646a777f43210f89e5fcc351a89dd4def7c0d

SHA256
c6064975ed1d3ff436e6b3cc4779ba9c1a61c5f670b24fcc5264371c73b97bce

SHA512
a516a8b1f35e2b3adb9486f4079ff5cb078f6b7d6cf027122d984b79337aa3d5bc97ea30c6c7ecbbf7898f4a7761e17f214453a32b8da56ac47d72e0ed007fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
ec59aac4b726124e93cb05fa8bd60e8f

SHA1
f581c104cb14b678ebd4939b567ebdaa3568995a

SHA256
18d756a725b6d4ad34f6b2886b727a5895d7c65900a6c74b485331e8931fd9ff

SHA512
5bcb9292e1c4b2e81e11178b813ce5f6bb888f0b69dfdd25c35bca15c60405080bebb5151fad02d62c14bb8e5b5f396ae5b1faefcb83f52fecb59fc546dc23b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
6dda0dadb8ab57e1dcfff4f91dcc629e

SHA1
71603109a25e46dbc02180878a8d9ecc187dfadd

SHA256
0e3f2cc438cfe4e8a7ccacb2ff2e2b8f4a8db4f2ef4633bb70fec72bb122d90a

SHA512
21a8bc4b95e1a425d911f78ab49deafcc48a8c6a5a08a38f42431d1291aba6b55f81d7cc0160f2603b8b3ff38b3f24103c11064c786fdaede6556f5ea6476ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-file-l1-1-0.dll

Filesize
15KB

MD5
7c2172d7a4a5373f848d37b0b3892594

SHA1
fad88dc4d478eaf5088693ba602bcb2bbdf63f58

SHA256
a332bba4c788c15461c7d702a308546d8eed41a1f997e0bb784719a935be3997

SHA512
8aec4073068cc4debf801497999b4cccf2f540885c10ce15468c379206380fe34a5fd5be9b556ad9c118ce9762d9a61651bb05d3c4820fa209f75b5bb5b4124b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5e2a9b9d83d943c4af82b6dc829bfe97

SHA1
22654769e7c79f1aa0e96a4c16dcb9ef865737aa

SHA256
902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef

SHA512
d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
17468cdcf52d507d7d1a740323bad663

SHA1
c647494e52d5dde86bde8d850b1a49cd17024ade

SHA256
ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1

SHA512
fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
681ed6ef86b6504618ac1cbdc072a16f

SHA1
5b82157b61bbdbad2eb744c57d4263ac327e7ae0

SHA256
ca1b62f01363fbe818996592d8564a510f4bbd8e62694c24811633491ea20b3d

SHA512
b31dc6f10e3cca61880559fcb4033ca5311fa7c22157a3e02242dd38ef77592510c3a9c35ba30902bf99122ce3373b212bf56c8a0f8acff420c8acb2ae29129f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-heap-l1-1-0.dll

Filesize
12KB

MD5
3ecc10f8bafc46f55d1b61d3fdd6d88e

SHA1
c17b33dabe18459715ccd5dea5fc1c5b47417f25

SHA256
65e090598b9c3993ae6b13fc4c44946fa5a19dfb85bc66401a5dabfb5647ca9e

SHA512
bc383a677d72ea408da796399da1be5e8ec2dcbf8d80488ae5852a68ca69923092d0850a9ef389374518c365fde267ffc0647ecc8d493587af698ee3c320ed4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
7f35b7bde9a9f810ff8a3fe63f86b86f

SHA1
277fca2f7b45d978891b5612d0d86e2981f78595

SHA256
fb0600267c2ea0e6436ebf2dc46edb3aee2696e5d2164500fac60d394e21d8fd

SHA512
e53b020f1bc8f3aa825a8980f7c1e9b07bf4a5f7b3fbf9784ede4369b6540af24e0b75550e2742f782684afdb024e2bf4082e730d4f05f2c8bdcb91eedbf6374

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
12KB

MD5
b663a5ee87030b06525b95c0ce8efa4a

SHA1
44dd3d69d6fa37712fdbb04175bbc17c382cac54

SHA256
2eebdb5eae5cb88c329b8dacb80e782ba7c789038e8ba8123a47c3a571677776

SHA512
1fffabeb721ddcf70978c9628eb559f7d2d581d367fef8bfb225fa51441ab7916b0962805eb4efbf11f503720dbe5759200d1edaa16824afef5b2897a3ffb934

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
3991a12b40096a59d48a95b54ad1c812

SHA1
464da16182fd1053f4633b29e83d9afdfc39f1e1

SHA256
2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481

SHA512
5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-memory-l1-1-0.dll

Filesize
12KB

MD5
73f8a915dde46ee5d0d3f4de394a2182

SHA1
fecf150be80cdb980949b991314a83d27853a760

SHA256
14d30d55506e8a44326d03abc46294abc1511409213196e0dd4ddefccf60bdee

SHA512
b8596eba4e7b8b72a007d7ba55c947538dd4ce0ad1857005ddd9095839ff99a0fa892121f7fad5ed5d33380802038560f8e3b729430a3100901682de2309767c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
a7665679024a45c11cd0e8cb1f8e43fd

SHA1
a161df5ab2c0ec429f715cb319812911a5885518

SHA256
17577789eab28202cd1bf06178b9911083849ab0351fe06b46a8c0f58d93c83a

SHA512
e3f5e6ebd0e9f388734b020c3ec25cf167ef626e8c2160d46e65e641c8e82f99117ca738e9b926a0a4feec3f1bbaf8688e89ae788dcdd9aff26ef9bc315205ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
e6776d7372de02cddad35b49c15e8f2f

SHA1
cb4da00768a881b6d8353403b22b30a77d14649a

SHA256
1f1e0577ac1e1c757be525d8e36057a22388519964b1e2d79ffbd3e8fc0d00cf

SHA512
f65fb51639df0804a7b4bfbc70063c5408ab512252f7ef42a5a2646dcda7d63b7f774f6255b961e32d22e91c1ca5ce4a5863db43907d1ccfc2b8a9364adac169

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
6c68c4fe70361213fe891e1ab01c1272

SHA1
8aa952184d263257ca6119c64882c77124425547

SHA256
d80ecc44b211c19c6021b033085229c6f592c0c091c41eb9c177df833dc0a70f

SHA512
689dbe9f45bc290081380daccabb3e57e912bc7b750fea272c7cd7ed6e0f0358f89c8e543286e3d55da6501b161df224ee977632944e14abc8827fccdb5f8812

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
7922c25a9a206110d298eb1adb747dd7

SHA1
c4431817fbc6d39b6504c121a8775f174f6cb9d3

SHA256
0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a

SHA512
f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-profile-l1-1-0.dll

Filesize
11KB

MD5
b33555a6c26229a52068683af95b8763

SHA1
fdf3a773227f7f966756cd95a5167d883ba5f2be

SHA256
b0d8f37eac0997bb41952bd8dc12d25a3db6013c2146dbcab9ed84b6697eedbc

SHA512
1bcbb5684815882300c17509853638a69b6f338b46ead3fbde46fea3a04c5ff5caf4bb58f8484478ba76f018c3e386e03e93d1caf4da1204832bd13e27019c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
12KB

MD5
8a5b4ed32eea9ad27bbb7d71424a38e3

SHA1
a525cf3cb8a7fb6bb9267cc089d0c0b4fee83401

SHA256
fcede796e1271f2564f4a0ffdf13dc79ba5f5d2fc2093146dae334fd707fa146

SHA512
b4b8c83ff7b293124f52c351d970d38a59f9209f779cf39935ed191aabbb222c8787c45ae35b0040c81f6475157c9575150a0ea5a91994bff3bbf3f025835178

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
c5ee363f9ad28b1ac097294483443fcd

SHA1
0eb056c55dae609a5d96d8825c2cbc62402bc409

SHA256
23b8515d4d94bbabb77059a2536c2c1241ac261a58ad6192c79cceb1dca38f14

SHA512
50112fd26a0760b53790cd5a97c20629cd8c728f45de3742cece07b7efb98973eef79520824c41f99a959610879607c7f9c6993817d3dc28d44c2bf75e8dd362

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
5d71ceae6ada819d4b93687fc2365136

SHA1
3ce280308d024ff6cda585b972770e8964cf8d76

SHA256
fcc4728a8f0c8ec7d36aad45f24b5036a444afd75072137694ab87c76b8347cd

SHA512
d01a03cf82d2b103b656c33ea9821d2997ddc010d756690b6aeb6e122cc4a18cf73dcff63af459ace5b4d04edc42a6a4a9193e1f30cb34dc527faa1027458be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-synch-l1-2-0.dll

Filesize
12KB

MD5
0c687747ea311eb5f7ed146b83310410

SHA1
ed735cc089fc901a7bc45878a35da89d27761f11

SHA256
a333e073bcf199b7872decd9ea911cbcf4f1b426a400c2ce5e07f0462fddd70a

SHA512
344028a8656796f8b9e72ebc8b62d7e2fc90c5c791ebe1bf16b94b891dcfe22389e28e40a94d06e173a8a572340d641e2b758280b107429fe9e7895448c9a12f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
5629243e6a15f7ba4c36c9944bc66210

SHA1
b9401bc0e393cea75445b6c89be5f19f1fba0899

SHA256
b38c9e1608ae64b51a774e93752d549f72daa868f88e3f78631f5600543cb825

SHA512
659d1a219769e2010b04533a76e60129cffd06cca8e550163b0ab6b9cf76a40478a286325e78856e56ae0025e7d1da971929ae0beed27490ff2ac3b37c8e1a7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
8e0be9b6baceb5babc308039618870e5

SHA1
515d98afb7d0c17861bc87b83d553d4e80ecf8fb

SHA256
83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c

SHA512
b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
0b032312ed46688ac723fb71c5bc9da5

SHA1
57d6a9d6b012a8fb9686a4187d2e6422c7df5a76

SHA256
3ea53b2236eb6a920c473121980e071640d04a34af902525f64461e5003bc9ee

SHA512
fc3b5b46c6d1039fecd83f0cb529fbd7041cc923d3ea33978354c32a0c257cccbff5a68530612b70fff01d5bb3719133574b286982cf562f5a79b243fbc9e614

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
0d3e5fd53351d4c4d717014f596b4e52

SHA1
56f4ad1f107cffe564b03e7131ca7702ddbfd71e

SHA256
6984e9aab9c4f6f4d1f1c9daef72d1e636a4505b39384c3a0c6401a3d0a3cebb

SHA512
96426d99bb385514d7943be35d9938dd6b4ac459d8dcbcb0566d1f2e3ad4ee28690f33c9dc24c8530aafea336c4b83d7dff70a17f419d7db5f67eeec2fe0800b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
1927eb5e2276e6c9c3a738ee8b6cedd3

SHA1
7b2ca15ecadf34ac6e439c873cf8d6853f34b408

SHA256
672bea99f951983cabb697a3086705a121f668de5b98b3982c9bf25963bb5a41

SHA512
005728c4de3d2971478325388d87f1ea2aa79d29a6c30263aebe287e1bc9807c8b5504d10c8522bc3115cde0645331e338e51d19e06d9917cb4294aba930e596

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-environment-l1-1-0.dll

Filesize
12KB

MD5
310eff908b91acc5f35acaa310c1ac75

SHA1
137a7b8bc2aefb3fd64e3bfac13c79255ba3989a

SHA256
c7295e2521a696e4dc47ce9f00b6bf380bf9b85726ebe3475419e80cb94571ec

SHA512
39f281189c547648e4029749fc75bf1c8013f57a7a8c3115196b6abd5cfbdad4d2b6f2efea3fa1bd20150f72d75bf236d052df2d526dc27b2b1ebf850b3de565

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
bc7de1c7b07e9157b4717c2ec89c99e5

SHA1
fd9bc3eb1f3432c3084053b411858fc8d0685216

SHA256
b529d797f5c55158bdd80b1eff6024bcf80ced29f3a27272d1dcca1f998e0af6

SHA512
588ddffca22f800f9503a5f133d9ab384dc9893ed50da931317d1ea1ca81e71efa897037aa7e74bddecdede7d1f2481102549d841a50a3dda7f96fd3f9430759

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
c12491ec89b39f6878179e499e14b428

SHA1
fba174a1bf48e4853b2748a36b7bb80740dfc685

SHA256
15ce011ea8f0eaf4ec7dd67306f14b3d1ce4b2942674108e9880cb7f306eff60

SHA512
23145eea6ee96d7534a4be979774366f2ef8b35a52d0afb0f0481b2d95a0e979180771f3bd66e972aea671bcd226e5848a04d9f2a8d419f6c38eba0aed4ce14d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-locale-l1-1-0.dll

Filesize
12KB

MD5
5dd41de64aae686e7e766f2078d287a4

SHA1
0583385934fc182d42d8e5ebb07e2ec6b4ba21b7

SHA256
e4b625697aabfc995a2085a7393963d9547f5492c6603f29383cb39b0d6e6a16

SHA512
69806fbaa9f6c28ae1fdd520e92edaf6bb921c1b22111e49a1794fc1c1c9ee9bc64b99f12e8868570b5c4d52c07aface8b4c0d0541d2c6e6b8612c2cac04069c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
08bfd1b200bdb9c85572c8bfceb0c499

SHA1
8b42a9fb1e90417df70a25b794cf427e323ee42a

SHA256
1114ad9f3a0a34b2c215814483ea0d1b70dab9e486b8fc75cf560ac4175d5a72

SHA512
6eec64da5b2a82f02edccc1bd7d70c546c9ab772c82946ea1803d41e43809481ed56c581f168b2fb762e22a826173b52f1401a279f82b32fe201bde9e72a02d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
ad18909e012a7c4c00b03112a38210f3

SHA1
ae73109e65eda5e570fdc46fa1823574d3df2aff

SHA256
29b4b2feb379aa97fa713667b1c2ef1f60342eb29907777f0ddf3508be62b49e

SHA512
bf7a9f7e88e4a0f7eefbb5675880d65a79b35b8769204fd1c66da1a653a16ebcff4d2b4ee951844c5296d2f4cd433ea3c2cfeb2aa4f8ea289ea9c701ed163181

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
16KB

MD5
a409966b786a430fd966642acccca577

SHA1
0ae71b5a6eb1b6e2e8a138cd6eae5bcfe4f4debc

SHA256
dd2658bcddb580c7913489a12d2e626061a92a948163bc6a9fdbea6966c5c8f0

SHA512
8607487c3ac03b2787cc41fd7f19ccb73aafc1a92eca165df337ad9000a18b95ec6b52d1c0676bfd872290ee15f44db52809180314566762ce8472613b971712

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
f2a35575d7fde96c8bb33f9eebe1e5d2

SHA1
189b37079444d10084a14467c9838e5e6aacaef8

SHA256
44baab81179483a4fbc5371725c3c6d49dc38c5a5853fccd2090efc17178a887

SHA512
78465980d9a8ce0022d6b52a6f8b25df4a4e7fcdab7c3bef4d2a0c8d17edb250ede806822442e7c0add07bcc4caae89e2b1cd76119a7ed4e1ad5ba2d45e9d507

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
062be32496661a3e652b4411840c43c8

SHA1
e0793d0cb5c5d9d00dbba1bd17e3545399d13be0

SHA256
1c0af055267a9b7492038f7936277e707c04d49570e7d2e54fa2d3787ece664f

SHA512
ebe027ec4bdfcde4d561c70cd08e6017c84cc85edd6755159fc86905b70fa6275ceaeff641d8404bf810bc1384ab1aab8824c0844907fdcb9f531e374a30fef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-time-l1-1-0.dll

Filesize
14KB

MD5
f6fb8348e655afb8faec69b9bf941543

SHA1
79cfd09bf000e1d113b4654091490001a9e299a5

SHA256
e16dbb880a89be46e71a7b498ff3758b188d46851db15709a7898f60449d2c21

SHA512
858d89d57558366ea1ebd2d353f3bf02ed4e917f873c69ff6ebc7d373acbd1e8b3022dc80a5ed97ab31a90699d102a59cc25f3a720561b1dd43f263a0c9cd432

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\api-ms-win-crt-utility-l1-1-0.dll

Filesize
12KB

MD5
759f1a8735f56c795c603578e2ee5b71

SHA1
3fd9804e8442622b2c1940753ec082f834d3ca01

SHA256
bf9770586528c2dededb462cbe627bbfc11e33e87bf9cf8ccf0dcd8ab0eab22c

SHA512
2904afb9b9ab0d308e15b426b6da5f7d9ae2331f5e05fc9a63b7d124e0a89e493868ac88e338cbf3fbc6883c4147cc00f46a9db0f3f615b3699158db1216026e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\base_library.zip

Filesize
1.4MB

MD5
5df90fafa8c94d76db67a82fb2fbfac6

SHA1
1bf084589f5120b21d5bc37c9f648295fdfb103a

SHA256
758be47b2cb7b3e3c5fa443e8d71b18dedfc3b8defcb1714c41b9456cb151b6f

SHA512
f3d4d92e791a681e31b39ba9401ca0c20181eed449a3c7240c528abaddad548c11167987304db3b77fc2cd4efe7f0d98fa12e56e00d0cbd61f021e5457b80f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\ucrtbase.dll

Filesize
986KB

MD5
1268674e0227fba666728f77e9ba01bd

SHA1
bfb0c3b94319d2e524a0b9246b45edbd3f90c3da

SHA256
6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4

SHA512
82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41842\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
memory/6116-1314-0x00000139212A0000-0x00000139212B0000-memory.dmp

Filesize
64KB

Download
memory/6116-1313-0x00000139212A0000-0x00000139212B0000-memory.dmp

Filesize
64KB

Download
memory/6116-1312-0x00007FFF8FE40000-0x00007FFF900A5000-memory.dmp

Filesize
2.4MB

Download
memory/6116-1311-0x00007FFF90770000-0x00007FFF90CB1000-memory.dmp

Filesize
5.3MB

Download
memory/6116-1310-0x00007FFF90CC0000-0x00007FFF911B0000-memory.dmp

Filesize
4.9MB

Download
memory/6116-1309-0x00007FFF91820000-0x00007FFF91A83000-memory.dmp

Filesize
2.4MB

Download