05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6

Analysis

max time kernel
590s
max time network
595s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mul-tor-windows(1).zip
Size

15.6MB
MD5

1e0c9ee20b8ad284fe91a8416080c756
SHA1

1430e5704860c508db9f1179f720550fcc24d2f7
SHA256

05ec4b3a9c4a2228f10871cfc979c1e0780b1a500aa1679b682b1061ec0e3ac6
SHA512

52b5c048c04f3eabd5caca4697b37ec3d9595c44659dadbeca63c055a69239c61850dbd70afd35cef5bc4f1e37d2ac7d6c0739e56147bf35b7c0c15264c94e57
SSDEEP

196608:G+aYsY58OV2iOSgw/TL3l/gXrpp+pPEIF3aKCgOQz9vimJGnt9uRwLgB28g/7CBW:COuSr/lYXlp+pPEuQ4pQ26LgwMB9h8P

Score

7^/10

pyinstaller

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

Mul-Tor.exeMul-Tor.exeMul-Tor.exeMul-Tor.exe

pid process

2600 Mul-Tor.exe
964 Mul-Tor.exe
5424 Mul-Tor.exe
5396 Mul-Tor.exe

pid	process
2600	Mul-Tor.exe
964	Mul-Tor.exe
5424	Mul-Tor.exe
5396	Mul-Tor.exe

Loads dropped DLL 51 IoCs

Processes:

Mul-Tor.exeMul-Tor.exe

pid	process
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
964	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe

Detects Pyinstaller 1 IoCs
pyinstaller

Processes:

resource yara_rule

C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe pyinstaller
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643040499080372"	chrome.exe

Modifies registry class 64 IoCs

Processes:

Mul-Tor.exeOpenWith.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\open	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\.json	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\鰀䆟縀䆁	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "12"	Mul-Tor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e8005398e082303024b98265d99428e115f0000	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\json_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\鰀䆟縀䆁\ = "json_auto_file"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Documents"	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "13"	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Downloads"	Mul-Tor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Mul-Tor.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	Mul-Tor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Mul-Tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\.json\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Mul-Tor.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2640 chrome.exe
2640 chrome.exe
6088 chrome.exe
6088 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

OpenWith.exeMul-Tor.exe

pid process

2672 OpenWith.exe
5396 Mul-Tor.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

chrome.exe

pid	process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zG.exechrome.exe

description	pid	process
Token: SeRestorePrivilege	2532	7zG.exe
Token: 35	2532	7zG.exe
Token: SeSecurityPrivilege	2532	7zG.exe
Token: SeSecurityPrivilege	2532	7zG.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeCreatePagefilePrivilege	2640	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

7zG.exechrome.exe

pid	process
2532	7zG.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SetWindowsHookEx 28 IoCs

Processes:

OpenWith.exeMul-Tor.exe

pid	process
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
2672	OpenWith.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe
5396	Mul-Tor.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Mul-Tor.exeMul-Tor.exeOpenWith.exechrome.exe

description	pid	process	target process
PID 2600 wrote to memory of 964	2600	Mul-Tor.exe	Mul-Tor.exe
PID 2600 wrote to memory of 964	2600	Mul-Tor.exe	Mul-Tor.exe
PID 964 wrote to memory of 2288	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 2288	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 3296	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 3296	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 4444	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 4444	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 4268	964	Mul-Tor.exe	cmd.exe
PID 964 wrote to memory of 4268	964	Mul-Tor.exe	cmd.exe
PID 2672 wrote to memory of 1628	2672	OpenWith.exe	NOTEPAD.EXE
PID 2672 wrote to memory of 1628	2672	OpenWith.exe	NOTEPAD.EXE
PID 2640 wrote to memory of 2656	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2656	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2336	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 4400	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 4400	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe
PID 2640 wrote to memory of 2284	2640	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mul-tor-windows(1).zip
1⤵
PID:4544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5000

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\mul-tor-windows(1)\" -spe -an -ai#7zMap19398:94:7zEvent9809
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2532

C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe
"C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe
"C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
3⤵
PID:2288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:4444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:4268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\mul-tor-windows(1)\config.json
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd15a6ab58,0x7ffd15a6ab68,0x7ffd15a6ab78
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:2
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4324 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2404 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3404 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3204 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4372 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5284 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5264 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5168 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5696 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5408 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5652 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6088 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6244 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6392 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6604 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6304 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5016 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6332 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6108 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6940 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6944 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7064 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7076 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:6092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7388 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6432 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6840 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6328 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7440 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6896 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7156 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7176 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7140 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6880 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7400 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7920 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3980 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4048 --field-trial-handle=1972,i,503431593238066616,5601961647469007,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1556

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2340

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
1⤵
PID:1304

C:\Windows\System32\FodHelper.exe
C:\Windows\System32\FodHelper.exe -Embedding
1⤵
PID:4504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:3948

C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe
"C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe"
1⤵
- Executes dropped EXE
PID:5424

C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe
"C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
3⤵
PID:5956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:1356

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
51KB

MD5
e061e27b90d80e89c6d239ace4d7b1fe

SHA1
b1a51c8586b1853beec8a933f4ef2b26c7023283

SHA256
d693ad2d678db4a7d273cd45b66f40b134d1f0403107bb94446a10993a51285e

SHA512
a50055329f0cd9cff4605235bc654b0afe3f191c689e069fdcde102f288e0b31655186e64325d808414f0c4b6d1e7e1f550f9bca1dc0f208a11ea8a257a4b092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
32212343312ac745a9c881d80764f531

SHA1
e4b6291d138797c4443710e285afd45466c873b7

SHA256
2d2bf6bb7fe9f13f877f51d5a37aba1261d198cbc8a26d763fbb6f5d0ac2f57f

SHA512
ab26a2c26df35f50bb166a22b9039c4c9b6d05c155fc36ed265ac3ab02faefd4632cce2802ef5c502cf278fc8bf2cca1535025f93dc22e837e16a352d08988c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b44c7a2712b7b8dc9ac5b099820da3a1

SHA1
c436ef9f3e4a1a7d714f3b9ca5096749a61949da

SHA256
564fa56a16680dcee42d28d237dbea5e91b258362021665374c6e226fba4035d

SHA512
3cdf8039b835ddbc98b4fb676a282cb6c9f87c1dc89b8b9213456d0d1e2b0ae0cb90cfecc7890a5437e69c7ddc9f461cb4d54a7c5850898d0f960469cd2bdf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e26af831c2f0cff5d65e26ee40daa451

SHA1
ca97bfc3b0ffebcfa300577ed3a100aaa769d940

SHA256
6e42f897f36874f84379e08b1fceb1dcc5f97bb76fc7b75f116c23ef0684cc8a

SHA512
17c50d1acf4c125805f1145285fb424e9aea7c2fbf6a15d51a50b0ac377e71ebb966dc6a419914e97c495e1e9ebd01afaa4f4b1316012c0cf002a3f6de148cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
8a8849f01070ef3593462f232a9ee8ba

SHA1
1077456af322eba65ab94826bb39252a508083b7

SHA256
a4044001e6ee395340e6ad28122234c7eef61fa56f0e3931cc367b2e4368f6ac

SHA512
265c28e86059f70f7271fa7f903993f7e9f275847d06b404ca50c6af5ba2e316c8045d3ff60ea7d5e65bc3058841c20c2d05e90184691ae179dda099a794d750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c21752566c1193227421f5defa77a7a1

SHA1
b287a4532823c9156f31ed762199697439edfd0d

SHA256
fa9553b9c76a8c227e24cb985b5b5d731eb5c7daf124fd0e1e13c8efa05d98d0

SHA512
582132ca5767b46aa7e84bdeea9ab9ccb4b27f101d8e420bcfc7d685e97ff2737858b528c50c0209518066bcc1f40dd875390329436274336751990da54b63a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3d2b55dc-7099-4011-8bc1-abe95d39fc02.tmp
Filesize
690B

MD5
79ca4452174507b6ad1e3574c558808d

SHA1
731ec1228e9f205d449ee332ba9f7aeb961f58a5

SHA256
eee5c94121885db458cb416460a109cdf7aaf488b614a571670fec09d9ffe493

SHA512
7965e3321dfb0c95e088fc05f0fef78148ec3ba0ad37bd65d9a18a493ca12fd6d666c94f190eb952ff1249e8f05579c596a3b659a485ff76c89d7e1aac06037c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
4c03c47ef92c3bfb1ef354409020c326

SHA1
58c186517c5e6d4dbc8fb01231c6fa06ba10bad1

SHA256
fb03589998eb5c774c6d2e74413c962bd569d71c664e85e6f6f46b9783c5f308

SHA512
1307db9837ff1f0f0640587e9e5fe4d85e592ff265d077cc2364bf7bf4ebc48d50e8abc5bf51cb79442ec7d920d9adf38a34c432107aaf7d6fce08e093c01036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
649a3878acadf34627273f916481098c

SHA1
2a6969096193efa62ad3cc5a780cfd973263b239

SHA256
7bc0097f89bb4aa0bec301eb253da9797f8302082090ffb769e87e735342840f

SHA512
6d548ea4d5787771e88b4a8e138e4022e3a5df938eb00d6d89f085c69f9dfc77a4d5253a6edeae2671978cb209e92f5ccca0ad3e0b11da011adb2eac452d9d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
11KB

MD5
c0af768b40461eafe51161c0ef830240

SHA1
89650d5322d21a3d01e823f27b8eb2995b25f44a

SHA256
85ea89691c16248116687f2bf226198c8ad116b98e2d30bd968c64f45f7f5052

SHA512
6caf0845ba03acb51af85f7577675bfa0b98c46970d616cc90bdf22ac0107ce2a4c5dc5d44b348a47a48102cdc9676ae88c4adc32272fa18b4aaabfa1ccff588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
a61ebc6adb98eb1b7ebf6b593cc69a20

SHA1
5d16fd846a5e12e61d7643896d8c2d75f3d247e2

SHA256
25dacb6584cd0eacf17a5298914302f8264bb6851779dee3cac765622ed8d59f

SHA512
70e63699fe49d95c6ed72e4a873c03d284ab754cd7f5e6cf3251e044a7637391b849a2aad47e2af90360bd31c818d9323380d8a0df32a7ab6609007e3b512c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
de29e6d4d835fc9a1684d20a19230427

SHA1
d3e2adfec6afd28c0fb3094126157a1dcbff3eef

SHA256
346b13b22d19cfb6d8d2466da4f07800824394c88ef579aa0b5e0f3e6eec9c7b

SHA512
0e8908cafcf9c4969a2a55072d69dfe3dfeb726df21d0bae36df577380db3c1b3559451bf0205254db266e9f3554b30a82fd4e608aabb2cc850ff99e437b9ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
2a4b26f6501373f9deee976b0de21b96

SHA1
badb514787348a51ab1c22911599a86c8d6a4486

SHA256
e6928dd05c79f6c915a979ecbfa739454987bb34b1b2a1c98cf9253abe8bb31e

SHA512
8df101879c368bd7e768de375b53afa796d2e26957286c3d15a038bfbb0b2acf6662ef31c494843cd2a69c1e70e0c47da0b3c27c67e935b2a5bc108110fdd541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
4814063d6190c551ec910be4c1e8ac86

SHA1
fe344d196e8d252635afedab6de7d4b1a27648fb

SHA256
f47baa35b8d2df1557550629e7a0c7c432fe4d006a5581c946dfb2f46350406e

SHA512
d0a45ce4fea74849fb1fe6d6be5b8412e0ad0fd2cc8738b9eed7bef89d069945883104298cf81dd3260661e751007482b57bf2d55ad68679f09684a38362cbe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
329cdb29f445fd8d8c37dccd7bfb6b7a

SHA1
cebd548198c0ebf2557e3e36730ac22f2cf55891

SHA256
b206ef234cfd3badcc2e09c4c4493ed3cb0f5a30962f85399c6ca5ecd828cb83

SHA512
7b7438f5a89dde22d87b68994cacdeffa4ee8f8e9620781c26948b0480f0b6006deb7d9eae0a8ebc145ff938949daf50a82ac0d8ce120762d34d202fa3e3a5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a0dde5ae42155d341916d1469b1b540a

SHA1
de173368e2da4d3f71ff2f8704166d6311fab9a1

SHA256
d4313940fd9350c6cf57f87d1b21f9ed743f364ddc569057ccc46167dffc0216

SHA512
ad660518c56e4c08c36cbae86cf69b01cbfb990a2a0ac042f79c32efb746cd7ca62255755c281e5e89f05c56b51c57f7964fed7dc6cf44acf9cca09a15806054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2b088177f35efa455ca5029f15088fe1

SHA1
21951f209543aeb9197bf50f11edc9aa77c2c435

SHA256
48eee326f6096072394e06d26585857ba739eabd3f4d00860dbfa25cc30fbc1d

SHA512
3120c55c87ba150892ffc5d21662d9335441a717be8f2acf6c8ce3eb5ef18142de45dbf7c9852a7e92efcac0d92d315acd4bb5f9890d327dcd7430772b1ff9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6f83e4fea58bd9c39ba23fe35407c318

SHA1
4386c34e9805ab8c2589ed450ed4b3e6e3514e03

SHA256
5ce0d546cd8ad81e67c0ab2b764f5cb6dc24633e9b0a282f51528a5c4e7af7bc

SHA512
db114f03232be9088033239ef40a77ca5c90bd7349d70c7001d40781f9f1bbbf42ad18ebc55c3865a74549f564e44f805fdb2ba4902c664ff881e4d82e5a272c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
773b2d1c24ec8726db17a99fae49c55b

SHA1
0c4bb96e08df66480c2dff5e1d0a7378485d7dbd

SHA256
baf3e734dc0c768693fcc16d4df05d0acadf57c9db75ac2e2c595fe8050d4922

SHA512
081097b00830d8e88364552ad4ecceb1792a658077819723f59618f3020d8130de8741196a041d25fbe652762ba8c5cc5b9fcf8e4c482e2a775306fb36f510fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
278KB

MD5
32ce06bcbee93b9ca0d19bf4a6053e32

SHA1
967a36d9e88777cb543a42862314b8c13496c182

SHA256
163ae8274325db60b91144d8bdbb9f564ee28a3a0fffe86da7199265eb2a01ea

SHA512
66c18e8b26ad008b417821b825453a6ffc1e9bc61510cdfb53046ebb9701a50373e824c1927865ebbaf66d8e402fd0acdc4dd40c7b36f5caeea4f2694ae1d8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
278KB

MD5
4feb48c974183aacef4e5ea55c6d2390

SHA1
66da629e1e675eb4c5aa47a73a580549c328cc15

SHA256
27dd80ec0ab2f313b133801ae9dbd95c7b786e3684ed1de45e8daf56f8b21b6f

SHA512
2370acef1a1b39caf358ad5623ffb93f48ecaed32e60c9c36ec8fd488eb7f84b622f818b2f210c14360d54d59dd5b38ab2bd64a375a9155b212a4fbf67e9c808

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\VCRUNTIME140.dll
Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\VCRUNTIME140_1.dll
Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_asyncio.pyd
Filesize
69KB

MD5
477dba4d6e059ea3d61fad7b6a7da10e

SHA1
1f23549e60016eeed508a30479886331b22f7a8b

SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6

SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_bz2.pyd
Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_ctypes.pyd
Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_decimal.pyd
Filesize
251KB

MD5
492c0c36d8ed1b6ca2117869a09214da

SHA1
b741cae3e2c9954e726890292fa35034509ef0f6

SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1

SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_hashlib.pyd
Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\_lzma.pyd
Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-console-l1-1-0.dll
Filesize
13KB

MD5
feb41d426bf3cdfcc7d21464c26aed53

SHA1
97a56392ec04e202d59978dc6670d5e76a2be6c1

SHA256
299bf8705f61598548975e0b122debedf5dc928fc874801d8988d64b7d623da1

SHA512
2b962112bad1a754e2cbd3f3f29538dcf1132fa59e298bfa18d1b706d967735e02c524c3a993a2040a9ae94e387ede394c7f67d348e50e0ef40815ce67630866

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-datetime-l1-1-0.dll
Filesize
13KB

MD5
faecbfdacc6dc01b0455ea7b4576de99

SHA1
62fe4962a5900ffb94a05e6577dc5d63d90b3000

SHA256
2b2ed0fe1be4713b33d150828ec0813fd4ecdcac8021a39e37fd8fe64bd21157

SHA512
68dca96b1cf711e5fa283c355183a3f8f2db84081f07fd534d36dc68b4ea6e32e58b9be38fd51d743212d2d698ae656474b30c85a86321d58d1c0947911602e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-debug-l1-1-0.dll
Filesize
13KB

MD5
9936abac26b97057e61a5a8346bc26c9

SHA1
16f37a510ecc2a9119e99797e99c4d2468eb39f6

SHA256
d4de4b05b001028456087425ff66044b62bfda3076bff084f9be7843f517c584

SHA512
7404c4a2f884c952a9d0bca9dde757d05db9a74892823d239e70afa40360220896e22853dad19f6d3e8a130ef6a936ded1d53af99d0afd7fd23babd2e0b0842a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-errorhandling-l1-1-0.dll
Filesize
13KB

MD5
da9189023a6b7872de881052f3b990f9

SHA1
55bcebcfd6805ee5bdad78a425ac5e123ab7e807

SHA256
f38193429c05622df65bfa1428895197b851d981875737c55f1cfe04a88664ef

SHA512
b9d60a5588d835fd7eea7b9bec6564377505b53169db281bf80fc994657e5a3dc506d58fdcdec5b6f79346fd7c172546b59315d276fa691d2b7b495ecc23c2e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l1-1-0.dll
Filesize
16KB

MD5
8b03d7c248a3b8d5a3ad1029af37c889

SHA1
868a0dde330fdcbf6d0d23900f2c65720ddf9a90

SHA256
4358b538205e9637e8ded05e8490dc0b673e0f756803da451e933411b0e0cb9e

SHA512
76d7e1ea0762a51cd5597e06e98dbd6af17124af57d1729e71ac994ffe7bbbf8be02e57dde31f76a5ea5e7194cceb24185d14fe378780dd1f1afd228fc012d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l1-2-0.dll
Filesize
13KB

MD5
fa6953700659b11c2d82fb521d2e8664

SHA1
07c7d14fdfd1686a424820f77733d1d4f3c75e31

SHA256
4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e

SHA512
1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l2-1-0.dll
Filesize
13KB

MD5
621a34a36c202e4c4e59a6077c22cb5e

SHA1
ec696fd4e8e5935a722e88a551593593a12e882e

SHA256
746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079

SHA512
04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-handle-l1-1-0.dll
Filesize
13KB

MD5
7141a2a1640ac67e686778130ad8dd7d

SHA1
8f4ba743bc5df04b3075535507983cede7ed249d

SHA256
4a2265e71cd5c9b85f5c705755c23323c1c33aecd9ff72b6ba1b425b8170cf08

SHA512
6906bcdf8474e1fc9f69457cbae6635b18ddda69e3e42ac3b2eaa26aadd717e11b4fcd14e6ed6b5c4e318705c203498d77af8717becf94fd159075093f431440

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-heap-l1-1-0.dll
Filesize
13KB

MD5
df603cd6cb0fe53fd77c065f2766b5e8

SHA1
0698b7b97a6f5174cdca0849bec001127f9f0b16

SHA256
e488e688b75b9f95451ad9c65586783e37c32b9952cb48286572c90b150ebbdd

SHA512
929f4868015306e5b84a1e2f341c12a792fe98d82cbcfabbbe79f932f80d81b98f1b6543da7d23e9153a68b00a3768fa9cd112382092104bd4810e3071723933

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-interlocked-l1-1-0.dll
Filesize
13KB

MD5
f438ac3307c0de580adf6fb3d4ef57f8

SHA1
5d10ea60e004e583940a082b9157e801aa3c4674

SHA256
03ccd250ed3ef09013114094068dd08c96f0763778e94523e020241f7b16312b

SHA512
c323aae5bb8ce58f92fb8beceb5c60f1bec12f5aaac0c1a435e38de9a10226bdb92808bb2f4e7bf069aec435cb4aade6182d541de2174b8007f8a69a8aa0d264

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-libraryloader-l1-1-0.dll
Filesize
14KB

MD5
06ec6d562b0609529e615e795f093512

SHA1
db7c78e4b3f8a0eb4b392c9eef5774a571719f15

SHA256
b120d94a585170f84230d2a6826e3f02d0eb7bde37f965c1fdaf2ba52c5d82bc

SHA512
10773d831d4096130305ee10d611fb28caec213dfe5dd109115c86f7c26df34d7daaea0e6b2eb9eac8f4d59421485e90d6e722c78a55132c25d7b3c7c7222ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-localization-l1-2-0.dll
Filesize
15KB

MD5
2395f675152f25bdc501c1b698b3f70a

SHA1
829eb4dee9604330072c124b9bddf4a4e96a7c98

SHA256
4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563

SHA512
7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-memory-l1-1-0.dll
Filesize
13KB

MD5
a241d82577b25ed4aa54ab02da7d82c9

SHA1
6cbc888c22a104109af2f084678b15576edbe465

SHA256
1b72a9b95e7d62c923f6b791c4251b63e6331660caf0f44385e6eb1901a9933e

SHA512
e51c246b80b56ea3912e849e18dbe7ff40a4a3e189475c96c570e71e05acdf89e97ffc533810a65172fc05f742b39ee9ef90e3fa0e4c9488f839c4c82fbc8560

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-namedpipe-l1-1-0.dll
Filesize
13KB

MD5
83d560d0c8844cd047ea818414ee43ab

SHA1
11fd30a76f3e0a0af294a4da15890a55a0de3528

SHA256
93d08d10dc60968fe6df4257ad79911045aabce0d6babd9d0714abb104ac1309

SHA512
06a293264dca9bf12309fbc56c3d5a0f62c3bc7a04986e55c8553b778c491d78f27f9bfbd22ad2ee6317bc985b41066db6e9cbc25b93d5137ae5da012afb55c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-processenvironment-l1-1-0.dll
Filesize
14KB

MD5
cb39b789091823bbe8ea7c9a84343dcb

SHA1
4d0f56a3833abb4a52e9af6d8631ea443a407b3e

SHA256
3f5a60c6772417f286c89cc45fe97eeae69d1705fa65445230b71b53a0a1eee8

SHA512
23d393de9f9d7092f7eb79dd4aa45bca386b454caa9e91d1f09699a79b3382adc0a7b7d972fb9dc41e1e082adde8640edcef7cf444f50e4f14df93b89c823ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-processthreads-l1-1-0.dll
Filesize
15KB

MD5
4039d2c04c32fa423cc6ce766f0532d9

SHA1
a8d0cac1bcfdc94289b2073c2a14422d929df62f

SHA256
979c28aab88b3a45eed546e2a857e1e9eb41cb035d78446ee668feb918227238

SHA512
c1a0f9920ce28d4a15e5543458f68cc64125dd1b24e7c9caad3eed2b13b8c903ca9f76c0ab82f5a688843626150d321c4353fab81697eae604acbfb920b464e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
13KB

MD5
81a255549e9b3467276810f94a67512d

SHA1
c3bf694f5d030d5a29ebb9ae70010be4571cec17

SHA256
8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2

SHA512
05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-profile-l1-1-0.dll
Filesize
12KB

MD5
d3291c9be1092f7d29018e7e45eb41c8

SHA1
8140fa723f59675ea8292b273edbc8892cb4b5bb

SHA256
edf1d0a1c9175c0392be3f15a6ed0be753b6df2b303876117becf47563db6f7f

SHA512
bc4626df89df4aad7e2524bf515934ab3b8bd7bba50853b8c6faec65967222feadce56a2f333758cea1b7b3a93eddde2865feab453c5f3bb9bdcc5a0cd3105f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-rtlsupport-l1-1-0.dll
Filesize
13KB

MD5
d3167bbc7d02d30bf9e5d60abd7bb05f

SHA1
33a5e59103d2049140f35945b377e6ee07e06b64

SHA256
2c2851d20158b0023eda056c477a57853b6d648053d4d57cad49e5ed574843b4

SHA512
243c55b57eab36bb468a187a973e1cbbc430ad29f5ed627d3f127817885704df57a3e9865b5e28c3811bada14e1942e5293b4ff8b382ea2ba242aec82c6c51c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-string-l1-1-0.dll
Filesize
13KB

MD5
d5cc0ab1fe05976d71ae09911cef5a67

SHA1
16c7af053e6b6d128a5d9c14479b398537e1e1b0

SHA256
689c682fc9030ce9e228c8dea5fc981956bf78229ee8f30c5f63b2b9df813766

SHA512
843634364539a861eb38c5516c8c18ee00173cff5f24ad567a17430b1b53132db06a4ccd18f041972b11956a85dbdefc18ad11c9a9b3a2954e2c93113099877b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-synch-l1-1-0.dll
Filesize
15KB

MD5
de86a7505497ecf1be8c7aa6e8b1cb8d

SHA1
66220266ccf36a03b36f57b1f63f2e446349fbbd

SHA256
493072a7a15b11c5382394e98fa0007004f90aa533373e64f109273808d5251c

SHA512
07e323ad892304e4052fc46f2384c94dab4bb462ac9a5a2a7b6f8a411d98639324bd06146338d66cb295e4afd30942b5bd138bcb225496774b920d51572117dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-synch-l1-2-0.dll
Filesize
13KB

MD5
c64289ca3db488fd15f25a8762221633

SHA1
b61c550bbe975b3841d8f201a967c8c227512ce4

SHA256
726155c1d1e1f1778bca4d3952f54ab50035b65750d69e3bdf73cf9c52213c22

SHA512
81f7866185b3a7971ef4cf7c98dc6326c17191c36df753b57174c6766fe0b4a49d7ab7954f08d472d0bc9dcbb3329b6309475ec092cf4a174f0b8958847aaf3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-sysinfo-l1-1-0.dll
Filesize
14KB

MD5
c7368f2e472ca3e428ce9793d69fa3cd

SHA1
8064438a9d36f6b4bae2931ffaacb512c9e52e82

SHA256
c5a070567d238a43818fcabe6f0a99c470f03ec54042b3c95e91a548be20bf38

SHA512
0303c632b61b2b51950a45df7c0de6c215e950f7845dde6b58cb0f6a9af2b74cc77d49bcf79615e9a4a15ee2b2a4fa43a4a3a0adb2005b89ab16ab00e3717e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-timezone-l1-1-0.dll
Filesize
13KB

MD5
59f3aeb2eda80ffc000b99f27ec99d14

SHA1
2961c514b480424b3512d424dcd7d295477b243a

SHA256
e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab

SHA512
ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-util-l1-1-0.dll
Filesize
13KB

MD5
fa11fa74380735a5b8d4b309de4854be

SHA1
328959db39043cf7591cb18faec351957695f788

SHA256
167e6e08e570e1ce34854781463c218bf14124a4112216b5f93d38d3c204e62a

SHA512
a82f457868374c92322f7508f2ed98504e62b670621ba17ad636044a8198f5be56be46b25426bec1b85dd79b3de7c2a00bec33bd9246bc136a208a6d6e5f335f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-conio-l1-1-0.dll
Filesize
14KB

MD5
218334da1ed369d2b694d3dff42da6ce

SHA1
afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a

SHA256
b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff

SHA512
9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-convert-l1-1-0.dll
Filesize
17KB

MD5
d360a829d5376ff0961f62bbe5ac9e06

SHA1
7965077b47bf9949570656df5160f55d27eed1a4

SHA256
6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe

SHA512
aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-environment-l1-1-0.dll
Filesize
13KB

MD5
0ed33abfad3cedf07f538e2152443683

SHA1
78eed147eb33efd14f03d8e2fbe0ec0f41ae4056

SHA256
f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a

SHA512
42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
15KB

MD5
442a686b00c22cc9affcecb15a569267

SHA1
10f02b15493737d30aacebad19ecadb8bab81817

SHA256
cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05

SHA512
3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-heap-l1-1-0.dll
Filesize
14KB

MD5
dd79fe03815d8d96a70955257b85d025

SHA1
d98f5a2d2d52fc361064427fdecffbe1620b1d68

SHA256
505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638

SHA512
3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-locale-l1-1-0.dll
Filesize
13KB

MD5
ed7e63157d241abb713998265b3987d1

SHA1
00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f

SHA256
3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657

SHA512
3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-math-l1-1-0.dll
Filesize
22KB

MD5
0d517e23b98b6e465214a25b0e73a49b

SHA1
8900d523d919a42ef4750eee7ce87cfb835fa455

SHA256
90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a

SHA512
d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
21KB

MD5
f1c80066d73f0cb78492a6abe0bc043f

SHA1
a4af3e8ccc2e85aad1ea86aa73ce31c5d4bf535a

SHA256
9c11038158785970abd628d807ce49dd1d5045863655c99e0da3f3b9c3a3ede0

SHA512
d8a2388ce2a4e8b659902ad890815a290435ba23faed3fa960133c4a892b0d9ce07a6670753e5850af5fbb0a6ad21e312b5275e323796bdb80dfb295b4525a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-process-l1-1-0.dll
Filesize
14KB

MD5
e9208bf204cc2f705533328fa24f3a8b

SHA1
d2d6549d7a85dfb4d5877c59f3ba110985a202c9

SHA256
c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86

SHA512
fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
17KB

MD5
9206d6bb749266ac31da559029003fbb

SHA1
496d3051b66d93951253686b73023b64350b521b

SHA256
19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814

SHA512
cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
19KB

MD5
7f21f2ae857b6ed53ba086feca60e4d9

SHA1
abf957cf28b85c48a86ae255c36a978b4f1e0744

SHA256
479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2

SHA512
1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-string-l1-1-0.dll
Filesize
19KB

MD5
017cd4317c9ff229fe723b4cef459e06

SHA1
d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75

SHA256
9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf

SHA512
513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-time-l1-1-0.dll
Filesize
15KB

MD5
7e767ac571d63bcaeb64e243b2600b8d

SHA1
995ce687f655ff937fdf80c1ac7bae043e23e45a

SHA256
c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab

SHA512
10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-crt-utility-l1-1-0.dll
Filesize
13KB

MD5
3138b144c99759b77dbd488dc91134ae

SHA1
664718852f84ad49623ffd401fac7959eda57704

SHA256
3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835

SHA512
4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\base_library.zip
Filesize
1.3MB

MD5
43935f81d0c08e8ab1dfe88d65af86d8

SHA1
abb6eae98264ee4209b81996c956a010ecf9159b

SHA256
c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0

SHA512
06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\libcrypto-3.dll
Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\libffi-8.dll
Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\libssl-3.dll
Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\pyexpat.pyd
Filesize
197KB

MD5
958231414cc697b3c59a491cc79404a7

SHA1
3dec86b90543ea439e145d7426a91a7aca1eaab6

SHA256
efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f

SHA512
fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\python312.dll
Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\select.pyd
Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\ucrtbase.dll
Filesize
987KB

MD5
637c17ad8bccc838b0cf83ffb8e2c7fd

SHA1
b2dd2890668e589badb2ba61a27c1da503d73c39

SHA256
be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

SHA512
f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26002\unicodedata.pyd
Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Users\Admin\Desktop\mul-tor-windows(1)\Mul-Tor.exe
Filesize
15.8MB

MD5
906405caf04d8130b73619988590a8bd

SHA1
cf081ea62aa9f4a473b5a286166fe3583173313b

SHA256
3eb6559dac0227eeabb18d0a8c7954f197853079fbc2013074d4296cd8c2a7d2

SHA512
17b7d9076ea88306f094292d8166331873939fccbe7a1b1fb4f1b8986f20632dfda43170b85c3b7152e84a5df1d17f6fc6a5e91d5755bbc501399dd48b8c3ef8

Download Submit