Analysis Overview
SHA256
94b6363119bc21be8c03fef56fc5b49570d1ec4191d76557bd94bb06c08d0aae
Threat Level: Known bad
The file Silicone_Builder.exe was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates VirtualBox DLL files
UPX packed file
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Detects Pyinstaller
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-12 11:53
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-12 11:52
Reported
2023-10-15 18:08
Platform
win10v2004-20230915-en
Max time kernel
176s
Max time network
177s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Silicone\Silicone.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Silicone\Silicone.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Silicone\Silicone.exe | N/A |
| N/A | N/A | C:\Users\Admin\Silicone\Silicone.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ccycle = "C:\\Users\\Admin\\Silicone\\Silicone.exe" | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Silicone\Silicone.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Silicone\Silicone.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Silicone\Silicone.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe"
C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x304
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Silicone\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\Silicone\activate.bat
C:\Users\Admin\Silicone\Silicone.exe
"Silicone.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "Silicone_Builder.exe"
C:\Users\Admin\Silicone\Silicone.exe
"Silicone.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Silicone\""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:52423 | tcp | |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python311.dll
| MD5 | 5f6fd64ec2d7d73ae49c34dd12cedb23 |
| SHA1 | c6e0385a868f3153a6e8879527749db52dce4125 |
| SHA256 | ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967 |
| SHA512 | c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python311.dll
| MD5 | 5f6fd64ec2d7d73ae49c34dd12cedb23 |
| SHA1 | c6e0385a868f3153a6e8879527749db52dce4125 |
| SHA256 | ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967 |
| SHA512 | c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
memory/3736-1245-0x00007FFDCA390000-0x00007FFDCA979000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\base_library.zip
| MD5 | bbbf46529c77f766ef219f4c146e6ef5 |
| SHA1 | de07c922c7f4ba08bc1a62cf3fabddecc64f877e |
| SHA256 | 734e277712e823fca86ca75bf5d4f85a21893208e683c4ab407be10c3b9052dc |
| SHA512 | 3371a3a806dac2cfec59cc42937b348af67e190a8d575efc6a81ec3d8b215f8a0cb94010142f9d02c8881040a2d6b8364d124f85285d9b3b04f36226fb4fae66 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ctypes.pyd
| MD5 | 00f75daaa7f8a897f2a330e00fad78ac |
| SHA1 | 44aec43e5f8f1282989b14c4e3bd238c45d6e334 |
| SHA256 | 9ffadcb2c40ae6b67ab611acc09e050bbe544672cf05e8402a7aa3936326de1f |
| SHA512 | f222f0ebf16a5c6d16aa2fba933034e692e26e81fea4d8b008259aff4102fe8acf3807f3b016c24002daa15bb8778d7fef20f4ae1206d5a6e226f7336d4da5d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python3.DLL
| MD5 | 0e105f62fdd1ff4157560fe38512220b |
| SHA1 | 99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c |
| SHA256 | 803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423 |
| SHA512 | 59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python3.dll
| MD5 | 0e105f62fdd1ff4157560fe38512220b |
| SHA1 | 99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c |
| SHA256 | 803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423 |
| SHA512 | 59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\python3.dll
| MD5 | 0e105f62fdd1ff4157560fe38512220b |
| SHA1 | 99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c |
| SHA256 | 803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423 |
| SHA512 | 59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ctypes.pyd
| MD5 | 00f75daaa7f8a897f2a330e00fad78ac |
| SHA1 | 44aec43e5f8f1282989b14c4e3bd238c45d6e334 |
| SHA256 | 9ffadcb2c40ae6b67ab611acc09e050bbe544672cf05e8402a7aa3936326de1f |
| SHA512 | f222f0ebf16a5c6d16aa2fba933034e692e26e81fea4d8b008259aff4102fe8acf3807f3b016c24002daa15bb8778d7fef20f4ae1206d5a6e226f7336d4da5d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_lzma.pyd
| MD5 | 542eab18252d569c8abef7c58d303547 |
| SHA1 | 05eff580466553f4687ae43acba8db3757c08151 |
| SHA256 | d2a7111feeaacac8b3a71727482565c46141cc7a5a3d837d8349166bea5054c9 |
| SHA512 | b7897b82f1aa9d5aa895c3de810dab1aa335fdf7223e4ff29b32340ad350d9be6b145f95a71c7bc7c88c8df77c3f04853ae4d6f0d5a289721fc1468ecba3f958 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_lzma.pyd
| MD5 | 542eab18252d569c8abef7c58d303547 |
| SHA1 | 05eff580466553f4687ae43acba8db3757c08151 |
| SHA256 | d2a7111feeaacac8b3a71727482565c46141cc7a5a3d837d8349166bea5054c9 |
| SHA512 | b7897b82f1aa9d5aa895c3de810dab1aa335fdf7223e4ff29b32340ad350d9be6b145f95a71c7bc7c88c8df77c3f04853ae4d6f0d5a289721fc1468ecba3f958 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_bz2.pyd
| MD5 | c413931b63def8c71374d7826fbf3ab4 |
| SHA1 | 8b93087be080734db3399dc415cc5c875de857e2 |
| SHA256 | 17bfa656cabf7ef75741003497a1c315b10237805ff171d44625a04c16532293 |
| SHA512 | 7dc45e7e5ed35cc182de11a1b08c066918920a6879ff8e37b6bfbdd7d40bffa39ea4aca778aa8afb99c81a365c51187db046bceb938ce9ace0596f1cf746474f |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_bz2.pyd
| MD5 | c413931b63def8c71374d7826fbf3ab4 |
| SHA1 | 8b93087be080734db3399dc415cc5c875de857e2 |
| SHA256 | 17bfa656cabf7ef75741003497a1c315b10237805ff171d44625a04c16532293 |
| SHA512 | 7dc45e7e5ed35cc182de11a1b08c066918920a6879ff8e37b6bfbdd7d40bffa39ea4aca778aa8afb99c81a365c51187db046bceb938ce9ace0596f1cf746474f |
memory/3736-1254-0x00007FFDD9A70000-0x00007FFDD9A93000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_hashlib.pyd
| MD5 | b227bf5d9fec25e2b36d416ccd943ca3 |
| SHA1 | 4fae06f24a1b61e6594747ec934cbf06e7ec3773 |
| SHA256 | d42c3550e58b9aa34d58f709dc65dc4ee6eea83b651740822e10b0aa051df1d7 |
| SHA512 | c6d7c5a966c229c4c7042ef60015e3333dab86f83c230c97b8b1042231fdb2a581285a5a08c33ad0864c6bd82f5a3298964ab317736af8a43e7caa7669298c3e |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libcrypto-3.dll
| MD5 | 78ebd9cb6709d939e4e0f2a6bbb80da9 |
| SHA1 | ea5d7307e781bc1fa0a2d098472e6ea639d87b73 |
| SHA256 | 6a8c458e3d96f8dd3bf6d3cacc035e38edf7f127eee5563b51f8c8790ced0b3e |
| SHA512 | b752769b3de4b78905b0326b5270091642ac89ff204e9e4d78670791a1fa211a54d777aeef59776c21f854c263add163adaef6a81b166190518cfaaf4e2e4122 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libcrypto-3.dll
| MD5 | 78ebd9cb6709d939e4e0f2a6bbb80da9 |
| SHA1 | ea5d7307e781bc1fa0a2d098472e6ea639d87b73 |
| SHA256 | 6a8c458e3d96f8dd3bf6d3cacc035e38edf7f127eee5563b51f8c8790ced0b3e |
| SHA512 | b752769b3de4b78905b0326b5270091642ac89ff204e9e4d78670791a1fa211a54d777aeef59776c21f854c263add163adaef6a81b166190518cfaaf4e2e4122 |
memory/3736-1264-0x00007FFDD9A40000-0x00007FFDD9A6D000-memory.dmp
memory/3736-1265-0x00007FFDD9D00000-0x00007FFDD9D14000-memory.dmp
memory/3736-1266-0x00007FFDC94A0000-0x00007FFDC99C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\select.pyd
| MD5 | 45d5a749e3cd3c2de26a855b582373f6 |
| SHA1 | 90bb8ac4495f239c07ec2090b935628a320b31fc |
| SHA256 | 2d15c2f311528440aa29934920fb0b015eaf8cbe3b3c9ad08a282a2d6ba68876 |
| SHA512 | c7a641d475a26712652a84b8423155ca347e0ec0155bd257c200225a64752453e4763b8885d8fb043b30e92ae023a501fff04777ba5cfe54da9a68071f25fbea |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libssl-3.dll
| MD5 | bf4a722ae2eae985bacc9d2117d90a6f |
| SHA1 | 3e29de32176d695d49c6b227ffd19b54abb521ef |
| SHA256 | 827fdb184fdcde9223d09274be780fe4fe8518c15c8fc217748ad5fd5ea0f147 |
| SHA512 | dd83b95967582152c7b5581121e6b69a07073e7a76fe87975742bb0fd7ecef7494ec940dba914364034cc4e3f623be98cc887677b65c208f14a2a9fc7497ca73 |
memory/3736-1277-0x00007FFDCA2C0000-0x00007FFDCA38D000-memory.dmp
memory/3736-1279-0x00007FFDD99E0000-0x00007FFDD9A13000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_queue.pyd
| MD5 | 347d6a8c2d48003301032546c140c145 |
| SHA1 | 1a3eb60ad4f3da882a3fd1e4248662f21bd34193 |
| SHA256 | e71803913b57c49f4ce3416ec15dc8a9e5c14f8675209624e76cd71b0319b192 |
| SHA512 | b1fdb46b80bb4a39513685781d563a7d55377e43e071901930a13c3e852d0042a5302cd238ddf6ea4d35ceee5a613c96996bffad2da3862673a0d27e60ff2c06 |
memory/3736-1288-0x00007FFDD99C0000-0x00007FFDD99CB000-memory.dmp
memory/3736-1290-0x00007FFDC9380000-0x00007FFDC949C000-memory.dmp
memory/3736-1289-0x00007FFDD9990000-0x00007FFDD99B3000-memory.dmp
memory/3736-1293-0x00007FFDD99D0000-0x00007FFDD99DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_cffi_backend.cp311-win_amd64.pyd
| MD5 | e03be7a642e18ac11d8242980348ed08 |
| SHA1 | c6e5cd49932c4e5504a0bd319f4db4f6219b3f9c |
| SHA256 | 5fffc897e5f102aaf3db5b54b19b7e928ff7a3b2e14ea6accad27d49e35bb3b5 |
| SHA512 | 9f160004d973482a46ee3a5aa91a7648553f3d5f68c197c4feb6012c1f0a4a93c4df1588a4627d181469b31d9fbb12b8169509152dbbd14126a8f316bf1ad55d |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ofb.pyd
| MD5 | a847b624a8a2b4f35e38356176e949de |
| SHA1 | 61840715dac4ec292690519f190a2bb03995ecb9 |
| SHA256 | ab314a6aea695d772d21d65a36251efe44fb73f66d749a63628ac5ccdd65e058 |
| SHA512 | 4746541d10f8588ed7b79d2c7c118196b7c55c1dc0f8314eb836dc9001c1b3fa07c23929b68b52a3334b5f67e48cea66715fcb6e2fcd3285263ea212e0356fdb |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Util\_strxor.pyd
| MD5 | d1d4727a31717e40a01210bb42f10955 |
| SHA1 | 48624e39aec80f4164120e0197fde230c8460dfa |
| SHA256 | b10e76057d8814aa0a3a6ca70fda6e512d8f633f8d83fbbcde46d334585b01c6 |
| SHA512 | 88176b776854d793b001096adb0f3fb94f35cb6d7cdd9a1fc30ecfdf2f24487e93895a579d76fc87da7adac4f509e3571597fb297333495af9602fef6180a76e |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_SHA1.pyd
| MD5 | cc5d90ecfdb7d3a1458ba415f7f375c4 |
| SHA1 | 278b6cb8fc5bcced0178a07fe7a71bc2a67a9ad8 |
| SHA256 | b2f47e7ab1d60142eb5f33fbc01c2e57d8c5e76f361837179eb5ba35c7e61235 |
| SHA512 | ad8b2535885fe145524ba985501d5b4abdde00abddca48884f314a75e06dcbcdfa9ae568507640a7119643e89ee341b5ec76b11ead215fbe0a7c1b2a50d37097 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_MD5.pyd
| MD5 | 94ad11b09fdf8814f9b17bbb8d1897b1 |
| SHA1 | 87e40b9413fd12739089f9067369fa829e21d47a |
| SHA256 | 16b15ef81a9bb189494adafe0b041c8eca691210673bc9edd0b2cbfd7e98f420 |
| SHA512 | 7f43383f8950927261ced42c564441d223d8e3d071bcf0c965430971afeb4444591079bf5dabfcfaf807651353973807b8b78770994485ee33ebbab0292dbc31 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_Salsa20.pyd
| MD5 | 678b38b3f4616d78c9d00e736e169e5b |
| SHA1 | b626c2c173e896a354dc36881b2a69fcd9aa989a |
| SHA256 | ead1aca04f81d50cd71c6b44b8463b89212bb910cc3a40fc773a43f4d1505f2a |
| SHA512 | 7f460e6ef571aab69b5e73d243bd51ba94aff304e2a4c29c218ad2b72a4eb1a5fb222acce3e4020d78583e9c6205ee29d7ddd93da9f42e0e22d036dd69425d5f |
memory/3736-1325-0x00007FFDD1400000-0x00007FFDD140C000-memory.dmp
memory/3736-1326-0x00007FFDD0E10000-0x00007FFDD0E1B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Util\_cpuid_c.pyd
| MD5 | 9d75e75144459d7d32f575a21f6dff95 |
| SHA1 | b4396a51a3d603966a3cf84a3080b84e9ab16adb |
| SHA256 | c3f141619cde0934f0aa6e6646ab2d45c2ac8811257ec6c6b04fc87612cc462d |
| SHA512 | 589e566c72fd75be1e1ac043e77963b3fcef7aebfff91ab7651603dd65d03bcb33404da8f42e0dcc2fc56ec9fbc8d9f5dfe6e0fdd8fbac417b3a0ffe94d2e37b |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Util\_cpuid_c.pyd
| MD5 | 9d75e75144459d7d32f575a21f6dff95 |
| SHA1 | b4396a51a3d603966a3cf84a3080b84e9ab16adb |
| SHA256 | c3f141619cde0934f0aa6e6646ab2d45c2ac8811257ec6c6b04fc87612cc462d |
| SHA512 | 589e566c72fd75be1e1ac043e77963b3fcef7aebfff91ab7651603dd65d03bcb33404da8f42e0dcc2fc56ec9fbc8d9f5dfe6e0fdd8fbac417b3a0ffe94d2e37b |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Protocol\_scrypt.pyd
| MD5 | 3887def5e4ed57d20dd409b17a9c7644 |
| SHA1 | ce0edbdb17a6b1ad2e3ae1459355752a55f21824 |
| SHA256 | 7331929054178ffb0f4091422c561cc70b9b3777a88b455c4a331e4a70c56c91 |
| SHA512 | 222b33cd1e2589e2cfc6ec68a1da443c5d27d556ae25684fe42f58dae2baa2c500184bb12202bc54e8e6dbf145041750598360f9aef445659f558b047c1b1622 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Protocol\_scrypt.pyd
| MD5 | 3887def5e4ed57d20dd409b17a9c7644 |
| SHA1 | ce0edbdb17a6b1ad2e3ae1459355752a55f21824 |
| SHA256 | 7331929054178ffb0f4091422c561cc70b9b3777a88b455c4a331e4a70c56c91 |
| SHA512 | 222b33cd1e2589e2cfc6ec68a1da443c5d27d556ae25684fe42f58dae2baa2c500184bb12202bc54e8e6dbf145041750598360f9aef445659f558b047c1b1622 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_Salsa20.pyd
| MD5 | 678b38b3f4616d78c9d00e736e169e5b |
| SHA1 | b626c2c173e896a354dc36881b2a69fcd9aa989a |
| SHA256 | ead1aca04f81d50cd71c6b44b8463b89212bb910cc3a40fc773a43f4d1505f2a |
| SHA512 | 7f460e6ef571aab69b5e73d243bd51ba94aff304e2a4c29c218ad2b72a4eb1a5fb222acce3e4020d78583e9c6205ee29d7ddd93da9f42e0e22d036dd69425d5f |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_MD5.pyd
| MD5 | 94ad11b09fdf8814f9b17bbb8d1897b1 |
| SHA1 | 87e40b9413fd12739089f9067369fa829e21d47a |
| SHA256 | 16b15ef81a9bb189494adafe0b041c8eca691210673bc9edd0b2cbfd7e98f420 |
| SHA512 | 7f43383f8950927261ced42c564441d223d8e3d071bcf0c965430971afeb4444591079bf5dabfcfaf807651353973807b8b78770994485ee33ebbab0292dbc31 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_SHA256.pyd
| MD5 | 1e14bc627e618c922328ca6bc06da281 |
| SHA1 | 69811e06277d5b6ca7678566b3f12de9086fca7b |
| SHA256 | c1724815300ba8bb2d448d482ae3bd630bc4b6a74f879387b7bd2d04440375c0 |
| SHA512 | 2b0868bb27c24afb0355f8f312a6144b49748f8b7beb22c328e357c3966d38f1415e72b84a33d4cf74bf86ae3df554a2896242284b9193f8c1482e33a7688656 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_SHA256.pyd
| MD5 | 1e14bc627e618c922328ca6bc06da281 |
| SHA1 | 69811e06277d5b6ca7678566b3f12de9086fca7b |
| SHA256 | c1724815300ba8bb2d448d482ae3bd630bc4b6a74f879387b7bd2d04440375c0 |
| SHA512 | 2b0868bb27c24afb0355f8f312a6144b49748f8b7beb22c328e357c3966d38f1415e72b84a33d4cf74bf86ae3df554a2896242284b9193f8c1482e33a7688656 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_SHA1.pyd
| MD5 | cc5d90ecfdb7d3a1458ba415f7f375c4 |
| SHA1 | 278b6cb8fc5bcced0178a07fe7a71bc2a67a9ad8 |
| SHA256 | b2f47e7ab1d60142eb5f33fbc01c2e57d8c5e76f361837179eb5ba35c7e61235 |
| SHA512 | ad8b2535885fe145524ba985501d5b4abdde00abddca48884f314a75e06dcbcdfa9ae568507640a7119643e89ee341b5ec76b11ead215fbe0a7c1b2a50d37097 |
memory/3736-1319-0x00007FFDD35A0000-0x00007FFDD35AE000-memory.dmp
memory/3736-1312-0x00007FFDD5500000-0x00007FFDD550C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_BLAKE2s.pyd
| MD5 | caefe84fc5925471312f64a799323170 |
| SHA1 | a525cdc3b96ff5e440902d7fd770fa096303f958 |
| SHA256 | 0cc6ad840b2002b018d4e4338bb48703bfb62ee38e795abea27788e293cc8c20 |
| SHA512 | 97a886a2a15a17a7c11b09386b9ffb763a7e904bee716c3862b2403fd048945c41894d4882971bf5b149ecd539fc3e8e5188034f8155ec9c41d44949c6e0a868 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Hash\_BLAKE2s.pyd
| MD5 | caefe84fc5925471312f64a799323170 |
| SHA1 | a525cdc3b96ff5e440902d7fd770fa096303f958 |
| SHA256 | 0cc6ad840b2002b018d4e4338bb48703bfb62ee38e795abea27788e293cc8c20 |
| SHA512 | 97a886a2a15a17a7c11b09386b9ffb763a7e904bee716c3862b2403fd048945c41894d4882971bf5b149ecd539fc3e8e5188034f8155ec9c41d44949c6e0a868 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Util\_strxor.pyd
| MD5 | d1d4727a31717e40a01210bb42f10955 |
| SHA1 | 48624e39aec80f4164120e0197fde230c8460dfa |
| SHA256 | b10e76057d8814aa0a3a6ca70fda6e512d8f633f8d83fbbcde46d334585b01c6 |
| SHA512 | 88176b776854d793b001096adb0f3fb94f35cb6d7cdd9a1fc30ecfdf2f24487e93895a579d76fc87da7adac4f509e3571597fb297333495af9602fef6180a76e |
memory/3736-1307-0x00007FFDD58F0000-0x00007FFDD58FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ctr.pyd
| MD5 | f448b28158ef0145552dbf1ccc34bbe7 |
| SHA1 | eed0efa0527e53af1c5f27eef5c5efc738f8c03b |
| SHA256 | c187f3c04ab22da3eee573033e4b7fe3605c5a4083ddf05f456c2b510fed82e8 |
| SHA512 | 1c999b8cc35748dab775b0ca768b4826c8a26ec335b5fb97548298c3b91327b8b4e621a05c0539583492e108c6c79f93d5e9eebe0b4d54a1b3b2a49e1892c757 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ctr.pyd
| MD5 | f448b28158ef0145552dbf1ccc34bbe7 |
| SHA1 | eed0efa0527e53af1c5f27eef5c5efc738f8c03b |
| SHA256 | c187f3c04ab22da3eee573033e4b7fe3605c5a4083ddf05f456c2b510fed82e8 |
| SHA512 | 1c999b8cc35748dab775b0ca768b4826c8a26ec335b5fb97548298c3b91327b8b4e621a05c0539583492e108c6c79f93d5e9eebe0b4d54a1b3b2a49e1892c757 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ofb.pyd
| MD5 | a847b624a8a2b4f35e38356176e949de |
| SHA1 | 61840715dac4ec292690519f190a2bb03995ecb9 |
| SHA256 | ab314a6aea695d772d21d65a36251efe44fb73f66d749a63628ac5ccdd65e058 |
| SHA512 | 4746541d10f8588ed7b79d2c7c118196b7c55c1dc0f8314eb836dc9001c1b3fa07c23929b68b52a3334b5f67e48cea66715fcb6e2fcd3285263ea212e0356fdb |
memory/3736-1302-0x00007FFDD9690000-0x00007FFDD969C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_cfb.pyd
| MD5 | c20ae71d9a80fb304640dea21d197799 |
| SHA1 | 50c77847a14056f6d1647c0a7853d1e456dec96f |
| SHA256 | 404324a7b20392def8bf4cca2801e65964d0ed7a506be83affd4f117f3d142cd |
| SHA512 | f2e870ee7559a786674ee1f681a513e0994dc2e6db652477ee7b7909b0c53a098f4a1f90188b095eaa8e36a9ee5f0bd535c200f5288e78c0fb034c66ef98effb |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_cfb.pyd
| MD5 | c20ae71d9a80fb304640dea21d197799 |
| SHA1 | 50c77847a14056f6d1647c0a7853d1e456dec96f |
| SHA256 | 404324a7b20392def8bf4cca2801e65964d0ed7a506be83affd4f117f3d142cd |
| SHA512 | f2e870ee7559a786674ee1f681a513e0994dc2e6db652477ee7b7909b0c53a098f4a1f90188b095eaa8e36a9ee5f0bd535c200f5288e78c0fb034c66ef98effb |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_cbc.pyd
| MD5 | b7950c294e9385f1c5d5560b7c09b905 |
| SHA1 | 33041c8657dcfadb66e8fe8685dda4215611ae78 |
| SHA256 | 974823e9336f986b0991b4a5fccd11eb562d3860302ddd224c33ad223f40e4f4 |
| SHA512 | d676e6acb97e9aa467fc910dbaeb7e023af4229004dc331bbfae96dbff7a9e7cc18157cee5d3c7f6d511fd5db0dc689c3a25f8cf3ed0ca8fff93b328f17079c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_cbc.pyd
| MD5 | b7950c294e9385f1c5d5560b7c09b905 |
| SHA1 | 33041c8657dcfadb66e8fe8685dda4215611ae78 |
| SHA256 | 974823e9336f986b0991b4a5fccd11eb562d3860302ddd224c33ad223f40e4f4 |
| SHA512 | d676e6acb97e9aa467fc910dbaeb7e023af4229004dc331bbfae96dbff7a9e7cc18157cee5d3c7f6d511fd5db0dc689c3a25f8cf3ed0ca8fff93b328f17079c8 |
memory/3736-1296-0x00007FFDD35B0000-0x00007FFDD35E8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ecb.pyd
| MD5 | b5829c91a64e1c73a98ceaeb5d20157d |
| SHA1 | 9fff2a371d238c656455e6f8c61d6b8228e73da3 |
| SHA256 | 885b694abab85f2b5d34b04aa3cebd256e4f47e4dcb6a31a0c8ad99ee9215699 |
| SHA512 | e7d2415d1d2ffe7bd1366c79960220479033cb0581187470be72175dccb6236c57c4ae2e0eaf1cbca8715df3559f57508b551840a0114b8025ed1002fd17b20b |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\Crypto\Cipher\_raw_ecb.pyd
| MD5 | b5829c91a64e1c73a98ceaeb5d20157d |
| SHA1 | 9fff2a371d238c656455e6f8c61d6b8228e73da3 |
| SHA256 | 885b694abab85f2b5d34b04aa3cebd256e4f47e4dcb6a31a0c8ad99ee9215699 |
| SHA512 | e7d2415d1d2ffe7bd1366c79960220479033cb0581187470be72175dccb6236c57c4ae2e0eaf1cbca8715df3559f57508b551840a0114b8025ed1002fd17b20b |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_cffi_backend.cp311-win_amd64.pyd
| MD5 | e03be7a642e18ac11d8242980348ed08 |
| SHA1 | c6e5cd49932c4e5504a0bd319f4db4f6219b3f9c |
| SHA256 | 5fffc897e5f102aaf3db5b54b19b7e928ff7a3b2e14ea6accad27d49e35bb3b5 |
| SHA512 | 9f160004d973482a46ee3a5aa91a7648553f3d5f68c197c4feb6012c1f0a4a93c4df1588a4627d181469b31d9fbb12b8169509152dbbd14126a8f316bf1ad55d |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\unicodedata.pyd
| MD5 | 8c42fcc013a1820f82667188e77be22d |
| SHA1 | fba7e4e0f86619aaf2868cedd72149e56a5a87d4 |
| SHA256 | 0e00b0e896457ecdc6ef85a8989888ccfbf05ebd8d8a1c493946a2f224b880c2 |
| SHA512 | 3a028443747d04d05fdd3982bb18c52d1afee2915a90275264bf5db201bd4612090914c7568f870f0af7dfee850c554b3fec9d387334d53d03da6426601942b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\unicodedata.pyd
| MD5 | 8c42fcc013a1820f82667188e77be22d |
| SHA1 | fba7e4e0f86619aaf2868cedd72149e56a5a87d4 |
| SHA256 | 0e00b0e896457ecdc6ef85a8989888ccfbf05ebd8d8a1c493946a2f224b880c2 |
| SHA512 | 3a028443747d04d05fdd3982bb18c52d1afee2915a90275264bf5db201bd4612090914c7568f870f0af7dfee850c554b3fec9d387334d53d03da6426601942b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 504be6f1b8621b48e2ed12184532132b |
| SHA1 | 5aa2382dd378bfe257b3881030c096dcf6a97d21 |
| SHA256 | 7a2e9a1e22feaac28c9b8951fa4682055cd88b295f91c1065bf89e7702faf102 |
| SHA512 | 003e8570122f07b783121c7551774604213e22797fef4dcf49117a6a9eb7e44e343b79f504c8473495a971a9390fbba0bd20f2e890db1b11228b298d386d3120 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 504be6f1b8621b48e2ed12184532132b |
| SHA1 | 5aa2382dd378bfe257b3881030c096dcf6a97d21 |
| SHA256 | 7a2e9a1e22feaac28c9b8951fa4682055cd88b295f91c1065bf89e7702faf102 |
| SHA512 | 003e8570122f07b783121c7551774604213e22797fef4dcf49117a6a9eb7e44e343b79f504c8473495a971a9390fbba0bd20f2e890db1b11228b298d386d3120 |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 66a041a32ddaeb4180818f783d17f039 |
| SHA1 | caa458799b9648b78c645dc69dc1a5c80fd42139 |
| SHA256 | deb900b2aab13738073f803746e24453481c7ee6b7a699faa93280976b301faf |
| SHA512 | 0806070032eb245cdc8bdde8c64eff03c5430e9c46e72f39a2aca9726ad34fef2fdb394aa02072c3885034c6a3158ba500d07090372a4e7b6bc0228b756ef2fe |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 66a041a32ddaeb4180818f783d17f039 |
| SHA1 | caa458799b9648b78c645dc69dc1a5c80fd42139 |
| SHA256 | deb900b2aab13738073f803746e24453481c7ee6b7a699faa93280976b301faf |
| SHA512 | 0806070032eb245cdc8bdde8c64eff03c5430e9c46e72f39a2aca9726ad34fef2fdb394aa02072c3885034c6a3158ba500d07090372a4e7b6bc0228b756ef2fe |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_queue.pyd
| MD5 | 347d6a8c2d48003301032546c140c145 |
| SHA1 | 1a3eb60ad4f3da882a3fd1e4248662f21bd34193 |
| SHA256 | e71803913b57c49f4ce3416ec15dc8a9e5c14f8675209624e76cd71b0319b192 |
| SHA512 | b1fdb46b80bb4a39513685781d563a7d55377e43e071901930a13c3e852d0042a5302cd238ddf6ea4d35ceee5a613c96996bffad2da3862673a0d27e60ff2c06 |
memory/3736-1278-0x00007FFDD9A20000-0x00007FFDD9A39000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\libssl-3.dll
| MD5 | bf4a722ae2eae985bacc9d2117d90a6f |
| SHA1 | 3e29de32176d695d49c6b227ffd19b54abb521ef |
| SHA256 | 827fdb184fdcde9223d09274be780fe4fe8518c15c8fc217748ad5fd5ea0f147 |
| SHA512 | dd83b95967582152c7b5581121e6b69a07073e7a76fe87975742bb0fd7ecef7494ec940dba914364034cc4e3f623be98cc887677b65c208f14a2a9fc7497ca73 |
memory/3736-1328-0x00007FFDD0AA0000-0x00007FFDD0AAC000-memory.dmp
memory/3736-1327-0x00007FFDD0AB0000-0x00007FFDD0ABB000-memory.dmp
memory/3736-1330-0x00007FFDCB8B0000-0x00007FFDCB8BD000-memory.dmp
memory/3736-1329-0x00007FFDCB8C0000-0x00007FFDCB8CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ssl.pyd
| MD5 | f9cc7385b4617df1ddf030f594f37323 |
| SHA1 | ebceec12e43bee669f586919a928a1fd93e23a97 |
| SHA256 | b093aa2e84a30790abeee82cf32a7c2209978d862451f1e0b0786c4d22833cb6 |
| SHA512 | 3f362c8a7542212d455f1f187e24f63c6190e564ade0f24561e7e20375a1f15eb36bd8dce9fdaafdab1d6b348a1c6f7cddb9016e4f3535b49136550bc23454fb |
memory/3736-1273-0x00007FFDD9E50000-0x00007FFDD9E5D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_ssl.pyd
| MD5 | f9cc7385b4617df1ddf030f594f37323 |
| SHA1 | ebceec12e43bee669f586919a928a1fd93e23a97 |
| SHA256 | b093aa2e84a30790abeee82cf32a7c2209978d862451f1e0b0786c4d22833cb6 |
| SHA512 | 3f362c8a7542212d455f1f187e24f63c6190e564ade0f24561e7e20375a1f15eb36bd8dce9fdaafdab1d6b348a1c6f7cddb9016e4f3535b49136550bc23454fb |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\select.pyd
| MD5 | 45d5a749e3cd3c2de26a855b582373f6 |
| SHA1 | 90bb8ac4495f239c07ec2090b935628a320b31fc |
| SHA256 | 2d15c2f311528440aa29934920fb0b015eaf8cbe3b3c9ad08a282a2d6ba68876 |
| SHA512 | c7a641d475a26712652a84b8423155ca347e0ec0155bd257c200225a64752453e4763b8885d8fb043b30e92ae023a501fff04777ba5cfe54da9a68071f25fbea |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_socket.pyd
| MD5 | 1a34253aa7c77f9534561dc66ac5cf49 |
| SHA1 | fcd5e952f8038a16da6c3092183188d997e32fb9 |
| SHA256 | dc03d32f681634e682b02e9a60fdfce420db9f26754aefb9a58654a064dc0f9f |
| SHA512 | ff9eeb4ede4b4dd75c67fab30d0dec462b8af9ca6adc1dcae58f0d169c55a98d85bb610b157f17077b8854ec15af4dfab2f0d47fa9bc463e5b2449979a50293a |
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_socket.pyd
| MD5 | 1a34253aa7c77f9534561dc66ac5cf49 |
| SHA1 | fcd5e952f8038a16da6c3092183188d997e32fb9 |
| SHA256 | dc03d32f681634e682b02e9a60fdfce420db9f26754aefb9a58654a064dc0f9f |
| SHA512 | ff9eeb4ede4b4dd75c67fab30d0dec462b8af9ca6adc1dcae58f0d169c55a98d85bb610b157f17077b8854ec15af4dfab2f0d47fa9bc463e5b2449979a50293a |
memory/3736-1267-0x00007FFDDA300000-0x00007FFDDA319000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43482\_hashlib.pyd
| MD5 | b227bf5d9fec25e2b36d416ccd943ca3 |
| SHA1 | 4fae06f24a1b61e6594747ec934cbf06e7ec3773 |
| SHA256 | d42c3550e58b9aa34d58f709dc65dc4ee6eea83b651740822e10b0aa051df1d7 |
| SHA512 | c6d7c5a966c229c4c7042ef60015e3333dab86f83c230c97b8b1042231fdb2a581285a5a08c33ad0864c6bd82f5a3298964ab317736af8a43e7caa7669298c3e |
memory/3736-1331-0x00007FFDCB250000-0x00007FFDCB262000-memory.dmp
memory/3736-1263-0x00007FFDDDB80000-0x00007FFDDDB8F000-memory.dmp
memory/3736-1332-0x00007FFDCB8A0000-0x00007FFDCB8AC000-memory.dmp
memory/3736-1334-0x00007FFDD9920000-0x00007FFDD992B000-memory.dmp
memory/3736-1333-0x00007FFDCB1F0000-0x00007FFDCB204000-memory.dmp
memory/3736-1335-0x00007FFDD96A0000-0x00007FFDD96AB000-memory.dmp
memory/3736-1336-0x00007FFDD71F0000-0x00007FFDD71FB000-memory.dmp
memory/3736-1337-0x00007FFDD5800000-0x00007FFDD580B000-memory.dmp
memory/3736-1339-0x00007FFDD0E20000-0x00007FFDD0E2C000-memory.dmp
memory/3736-1338-0x00007FFDD3BF0000-0x00007FFDD3BFD000-memory.dmp
memory/3736-1340-0x00007FFDCB230000-0x00007FFDCB245000-memory.dmp
memory/3736-1341-0x00007FFDCB210000-0x00007FFDCB222000-memory.dmp
memory/3736-1342-0x00007FFDCA2A0000-0x00007FFDCA2BB000-memory.dmp
memory/3736-1343-0x00007FFDCA260000-0x00007FFDCA275000-memory.dmp
memory/3736-1344-0x00007FFDCA220000-0x00007FFDCA260000-memory.dmp
memory/3736-1347-0x00007FFDCA1F0000-0x00007FFDCA20C000-memory.dmp
memory/3736-1345-0x00007FFDCA280000-0x00007FFDCA292000-memory.dmp
memory/3736-1346-0x00007FFDCB1E0000-0x00007FFDCB1EE000-memory.dmp
memory/3736-1348-0x00007FFDC9320000-0x00007FFDC937D000-memory.dmp
memory/3736-1349-0x00007FFDC92F0000-0x00007FFDC9319000-memory.dmp
memory/3736-1351-0x00007FFDC9100000-0x00007FFDC9277000-memory.dmp
memory/3736-1350-0x00007FFDC92C0000-0x00007FFDC92EE000-memory.dmp
memory/3736-1352-0x00007FFDC9280000-0x00007FFDC92A3000-memory.dmp
memory/3736-1353-0x00007FFDC90E0000-0x00007FFDC90FC000-memory.dmp
memory/3736-1354-0x00007FFDC90C0000-0x00007FFDC90CB000-memory.dmp
memory/3736-1355-0x00007FFDC90B0000-0x00007FFDC90BC000-memory.dmp
memory/3736-1356-0x00007FFDC90A0000-0x00007FFDC90AB000-memory.dmp
memory/3736-1357-0x00007FFDC9090000-0x00007FFDC909C000-memory.dmp
memory/3736-1358-0x00007FFDC9080000-0x00007FFDC908B000-memory.dmp
memory/3736-1359-0x00007FFDC9070000-0x00007FFDC907C000-memory.dmp
memory/3736-1361-0x00007FFDC9050000-0x00007FFDC905E000-memory.dmp
memory/3736-1362-0x00007FFDC9030000-0x00007FFDC903C000-memory.dmp
memory/3736-1363-0x00007FFDC9020000-0x00007FFDC902B000-memory.dmp
memory/3736-1364-0x00007FFDC9010000-0x00007FFDC901B000-memory.dmp
memory/3736-1366-0x00007FFDC8FF0000-0x00007FFDC8FFC000-memory.dmp
memory/3736-1365-0x00007FFDC9000000-0x00007FFDC900C000-memory.dmp
memory/3736-1360-0x00007FFDC9060000-0x00007FFDC906D000-memory.dmp
memory/3736-1369-0x00007FFDC8FE0000-0x00007FFDC8FED000-memory.dmp
memory/3736-1370-0x00007FFDC8FB0000-0x00007FFDC8FBC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z3wabgyv.ssh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3736-1489-0x00007FFDCA390000-0x00007FFDCA979000-memory.dmp
memory/3736-1490-0x00007FFDD9A70000-0x00007FFDD9A93000-memory.dmp
memory/3736-1491-0x00007FFDDDB80000-0x00007FFDDDB8F000-memory.dmp
memory/3736-1492-0x00007FFDDA300000-0x00007FFDDA319000-memory.dmp
memory/3736-1493-0x00007FFDD9A40000-0x00007FFDD9A6D000-memory.dmp
memory/3736-1494-0x00007FFDD9D00000-0x00007FFDD9D14000-memory.dmp
memory/3736-1495-0x00007FFDC94A0000-0x00007FFDC99C0000-memory.dmp
memory/3736-1497-0x00007FFDD9E50000-0x00007FFDD9E5D000-memory.dmp
memory/3736-1496-0x00007FFDD9A20000-0x00007FFDD9A39000-memory.dmp
memory/3736-1498-0x00007FFDD99E0000-0x00007FFDD9A13000-memory.dmp
memory/3736-1501-0x00007FFDCA2C0000-0x00007FFDCA38D000-memory.dmp
memory/3736-1503-0x00007FFDD99C0000-0x00007FFDD99CB000-memory.dmp
memory/3736-1502-0x00007FFDD99D0000-0x00007FFDD99DD000-memory.dmp
memory/3736-1504-0x00007FFDD9990000-0x00007FFDD99B3000-memory.dmp
memory/3736-1508-0x00007FFDCB230000-0x00007FFDCB245000-memory.dmp
memory/3736-1507-0x00007FFDD35B0000-0x00007FFDD35E8000-memory.dmp
memory/3736-1509-0x00007FFDCB210000-0x00007FFDCB222000-memory.dmp
memory/3736-1510-0x00007FFDCB1F0000-0x00007FFDCB204000-memory.dmp
memory/3736-1506-0x00007FFDC9380000-0x00007FFDC949C000-memory.dmp
memory/3736-1550-0x00007FFDCA2A0000-0x00007FFDCA2BB000-memory.dmp
memory/3736-1586-0x00007FFDCA280000-0x00007FFDCA292000-memory.dmp
memory/3736-1601-0x00007FFDCA220000-0x00007FFDCA260000-memory.dmp
memory/3736-1588-0x00007FFDCA260000-0x00007FFDCA275000-memory.dmp
memory/3736-1602-0x00007FFDCB1E0000-0x00007FFDCB1EE000-memory.dmp
memory/3736-1603-0x00007FFDCA1F0000-0x00007FFDCA20C000-memory.dmp
memory/3736-1604-0x00007FFDC9320000-0x00007FFDC937D000-memory.dmp
memory/3736-1610-0x00007FFDC92C0000-0x00007FFDC92EE000-memory.dmp
memory/3736-1631-0x00007FFDC9280000-0x00007FFDC92A3000-memory.dmp
memory/3736-1609-0x00007FFDC92F0000-0x00007FFDC9319000-memory.dmp
memory/3736-1646-0x00007FFDC9100000-0x00007FFDC9277000-memory.dmp
memory/3736-1647-0x00007FFDC90E0000-0x00007FFDC90FC000-memory.dmp
memory/3736-1657-0x00007FFDC8F70000-0x00007FFDC8FA6000-memory.dmp
memory/3736-1661-0x00007FFDC8EB0000-0x00007FFDC8F6C000-memory.dmp
memory/3736-1686-0x00007FFDC8C20000-0x00007FFDC8E72000-memory.dmp
memory/3736-1677-0x00007FFDC8E80000-0x00007FFDC8EAB000-memory.dmp
memory/3736-1696-0x00007FFDC8BC0000-0x00007FFDC8C15000-memory.dmp
memory/3736-1712-0x00007FFDC8800000-0x00007FFDC8AE7000-memory.dmp
memory/3736-1801-0x00007FFDC6620000-0x00007FFDC6639000-memory.dmp
memory/3736-1716-0x00007FFDC6700000-0x00007FFDC87F2000-memory.dmp
memory/3736-1804-0x00007FFDC65F0000-0x00007FFDC6612000-memory.dmp
memory/3736-1846-0x00007FFDC6510000-0x00007FFDC65A5000-memory.dmp
memory/3736-1825-0x00007FFDC65B0000-0x00007FFDC65D4000-memory.dmp
memory/3736-1853-0x00007FFDC64E0000-0x00007FFDC650C000-memory.dmp
memory/3736-1855-0x00007FFDC64A0000-0x00007FFDC64D1000-memory.dmp
memory/3736-1857-0x00007FFDC6450000-0x00007FFDC6494000-memory.dmp
memory/3736-1861-0x00007FFDC6410000-0x00007FFDC6427000-memory.dmp
memory/3736-1862-0x00007FFDC63F0000-0x00007FFDC640A000-memory.dmp
memory/3736-1859-0x00007FFDC6430000-0x00007FFDC6448000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-12 11:52
Reported
2023-10-15 18:08
Platform
win7-20230831-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3004 wrote to memory of 2684 | N/A | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe |
| PID 3004 wrote to memory of 2684 | N/A | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe |
| PID 3004 wrote to memory of 2684 | N/A | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe | C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe"
C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Silicone_Builder.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI30042\python311.dll
| MD5 | 5f6fd64ec2d7d73ae49c34dd12cedb23 |
| SHA1 | c6e0385a868f3153a6e8879527749db52dce4125 |
| SHA256 | ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967 |
| SHA512 | c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab |
\Users\Admin\AppData\Local\Temp\_MEI30042\python311.dll
| MD5 | 5f6fd64ec2d7d73ae49c34dd12cedb23 |
| SHA1 | c6e0385a868f3153a6e8879527749db52dce4125 |
| SHA256 | ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967 |
| SHA512 | c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab |
memory/2684-1243-0x000007FEF5BE0000-0x000007FEF61C9000-memory.dmp