Malware Analysis Report

2024-11-15 07:33

Sample ID 231122-y9q9vafb7y
Target source_prepared.exe
SHA256 34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5
Tags
pyinstaller pysilon upx evasion persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx evasion persistence spyware stealer

Pysilon family

Detect Pysilon

Enumerates VirtualBox DLL files

Sets file to hidden

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious behavior: GetForegroundWindowSpam

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-22 20:29

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-22 20:29

Reported

2023-11-22 21:19

Platform

win7-20231020-en

Max time kernel

1561s

Max time network

1567s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

memory/2752-1261-0x000007FEF6190000-0x000007FEF65FE000-memory.dmp

memory/2752-1262-0x000007FEF6190000-0x000007FEF65FE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-22 20:29

Reported

2023-11-22 21:22

Platform

win10v2004-20231023-en

Max time kernel

482s

Max time network

521s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\folderppa\Setup.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\folderppa\Setup.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation C:\Users\Admin\folderppa\Setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\folderppa\Setup.exe N/A
N/A N/A C:\Users\Admin\folderppa\Setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startup = "C:\\Users\\Admin\\folderppa\\Setup.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings C:\Users\Admin\folderppa\Setup.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\folderppa\Setup.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\folderppa\Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4356 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4356 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 3216 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3216 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3216 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3216 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3216 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3216 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4048 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4048 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4048 wrote to memory of 3832 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\folderppa\Setup.exe
PID 4048 wrote to memory of 3832 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\folderppa\Setup.exe
PID 4048 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4048 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3832 wrote to memory of 2952 N/A C:\Users\Admin\folderppa\Setup.exe C:\Users\Admin\folderppa\Setup.exe
PID 3832 wrote to memory of 2952 N/A C:\Users\Admin\folderppa\Setup.exe C:\Users\Admin\folderppa\Setup.exe
PID 2952 wrote to memory of 3172 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3172 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3160 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2952 wrote to memory of 3160 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2952 wrote to memory of 4460 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 4460 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 4460 wrote to memory of 3560 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 4460 wrote to memory of 3560 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2952 wrote to memory of 3784 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3784 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 1044 N/A C:\Users\Admin\folderppa\Setup.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 2952 wrote to memory of 1044 N/A C:\Users\Admin\folderppa\Setup.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 2952 wrote to memory of 3556 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 3556 N/A C:\Users\Admin\folderppa\Setup.exe C:\Windows\system32\cmd.exe
PID 2952 wrote to memory of 2960 N/A C:\Users\Admin\folderppa\Setup.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2952 wrote to memory of 2960 N/A C:\Users\Admin\folderppa\Setup.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2960 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408 0x50c

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\folderppa\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\folderppa\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\folderppa\Setup.exe

"Setup.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\folderppa\Setup.exe

"Setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\folderppa\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --screenshot=C:\Users\Admin\folderppa\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff856669758,0x7ff856669768,0x7ff856669778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1380 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1656 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1888 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\image.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\22.11.2023_20.52.wav"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del rec_\22.11.2023_20.54.wav"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe

C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\folderppa\recording.mp4

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\wabbit.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff856669758,0x7ff856669768,0x7ff856669778

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:59692 tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 update.videolan.org udp
FR 213.36.253.119:80 update.videolan.org tcp
FR 213.36.253.119:80 update.videolan.org tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 119.253.36.213.in-addr.arpa udp
NL 66.22.199.91:50006 udp
US 162.159.135.232:443 discord.com tcp
US 162.159.137.234:443 tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 63.143.36.193:443 tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 204.110.191.235:443 tcp
US 162.159.130.234:443 gateway.discord.gg tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python310.dll

MD5 178a0f45fde7db40c238f1340a0c0ec0
SHA1 dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe
SHA256 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed
SHA512 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee

memory/3216-1263-0x00007FF846D40000-0x00007FF8471AE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\base_library.zip

MD5 ee93ce2f8261ba7510f041619bb2b6f2
SHA1 f1d5d2f4c0b10e862b4b0a5ea65c47645901f894
SHA256 41ce839465cf935b821cafc3a98afe1c411bf4655ad596442eb66d140ccd502e
SHA512 c410a0b9eb43b2d0b190f453ea3907cdc70bfcf190ecf80fb03ed906af381853153270fd824fe2e2ba703bceed79e973f330d5ec31dfabff0f5a9f0f162136e9

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ctypes.pyd

MD5 813fc3981cae89a4f93bf7336d3dc5ef
SHA1 daff28bcd155a84e55d2603be07ca57e3934a0de
SHA256 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06
SHA512 ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ctypes.pyd

MD5 813fc3981cae89a4f93bf7336d3dc5ef
SHA1 daff28bcd155a84e55d2603be07ca57e3934a0de
SHA256 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06
SHA512 ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.dll

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.dll

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_bz2.pyd

MD5 93fe6d3a67b46370565db12a9969d776
SHA1 ff520df8c24ed8aa6567dd0141ef65c4ea00903b
SHA256 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b
SHA512 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_hashlib.pyd

MD5 4ae75c47dbdebaa16a596f31b27abd9e
SHA1 a11f963139c715921dedd24bc957ab6d14788c34
SHA256 2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d
SHA512 e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_uuid.pyd

MD5 aa65dc954ce85134a8f5d8604fa543aa
SHA1 75a31d76c85b3a78c906c0564fa7763e74c2fc49
SHA256 d7b691db91a6bdad2256c8ef392b12126090c8f4d1b43bfd3ec5a020b7f6a7ab
SHA512 e40b03e6f0f405295b3cde5e7f5b3fdbb20de04e9715b4a31eebddf800918d86ac1b74431bb74ed94c4326d77699dd7b8bbe884d5718f0a95ca1d04f4690ea9b

memory/3216-1318-0x00007FF856E10000-0x00007FF856E24000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libcrypto-1_1.dll

MD5 daa2eed9dceafaef826557ff8a754204
SHA1 27d668af7015843104aa5c20ec6bbd30f673e901
SHA256 4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914
SHA512 7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-1_1.dll

MD5 eac369b3fde5c6e8955bd0b8e31d0830
SHA1 4bf77158c18fe3a290e44abd2ac1834675de66b4
SHA256 60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c
SHA512 c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

C:\Users\Admin\AppData\Local\Temp\_MEI43562\charset_normalizer\md.cp310-win_amd64.pyd

MD5 7568ff19fec3c28472dc2a86fc0df3a4
SHA1 ee85f762f30537b24e1ce3735ccff8fd833b3b2f
SHA256 32d3b38090be0e405089fbd173aa9b36c821fbd6b9b55a87c53491844d0de4f1
SHA512 9b68ae10bf803c446f244336dc7086bbcfba16264a8a7957e972beedb9dddecd862649948bb4a3d2857fd885ba972cefcef7880a79f6d534c4689950cb1c3d69

C:\Users\Admin\AppData\Local\Temp\_MEI43562\charset_normalizer\md.cp310-win_amd64.pyd

MD5 7568ff19fec3c28472dc2a86fc0df3a4
SHA1 ee85f762f30537b24e1ce3735ccff8fd833b3b2f
SHA256 32d3b38090be0e405089fbd173aa9b36c821fbd6b9b55a87c53491844d0de4f1
SHA512 9b68ae10bf803c446f244336dc7086bbcfba16264a8a7957e972beedb9dddecd862649948bb4a3d2857fd885ba972cefcef7880a79f6d534c4689950cb1c3d69

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd

MD5 0e7612fc1a1fad5a829d4e25cfa87c4f
SHA1 3db2d6274ce3dbe3dbb00d799963df8c3046a1d6
SHA256 9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8
SHA512 52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517

memory/3216-1327-0x00007FF856CE0000-0x00007FF856CF9000-memory.dmp

memory/3216-1328-0x00007FF8589C0000-0x00007FF8589CD000-memory.dmp

memory/3216-1329-0x00007FF856CB0000-0x00007FF856CDE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd

MD5 081c878324505d643a70efcc5a80a371
SHA1 8bef8336476d8b7c5c9ef71d7b7db4100de32348
SHA256 fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66
SHA512 c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32

C:\Users\Admin\AppData\Local\Temp\_MEI43562\select.pyd

MD5 666358e0d7752530fc4e074ed7e10e62
SHA1 b9c6215821f5122c5176ce3cf6658c28c22d46ba
SHA256 6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841
SHA512 1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_socket.pyd

MD5 7a31bc84c0385590e5a01c4cbe3865c3
SHA1 77c4121abe6e134660575d9015308e4b76c69d7c
SHA256 5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36
SHA512 b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_tkinter.pyd

MD5 28522a9d0fbcfd414d9c41d853b15665
SHA1 801a62e40b573bccf14ac362520cd8e23c48d4a4
SHA256 3898b004d31aec23cf12c61f27215a14a838d6c11d2bc7738b15730518154bb5
SHA512 e7e715c61db3c420cdee4425d67e05973616e60e23308ef2a24e4a25deeeb8d4802de1cd5cf6a997cec2e9ebad29a4c197b885f8d43e9f7b2b015e9c026782e8

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd

MD5 081c878324505d643a70efcc5a80a371
SHA1 8bef8336476d8b7c5c9ef71d7b7db4100de32348
SHA256 fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66
SHA512 c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_sqlite3.pyd

MD5 bb4aa2d11444900c549e201eb1a4cdd6
SHA1 ca3bb6fc64d66deaddd804038ea98002d254c50e
SHA256 f44d80ab16c27ca65da23ae5fda17eb842065f3e956f10126322b2ea3ecdf43f
SHA512 cd3c5704e5d99980109fdc505d39ad5b26a951685e9d8e3fed9e0848cd44e24cc4611669dbdb58acc20f1f4a5c37d5e01d9d965cf6fe74f94da1b29aa2ff6931

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_socket.pyd

MD5 7a31bc84c0385590e5a01c4cbe3865c3
SHA1 77c4121abe6e134660575d9015308e4b76c69d7c
SHA256 5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36
SHA512 b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd

MD5 0e7612fc1a1fad5a829d4e25cfa87c4f
SHA1 3db2d6274ce3dbe3dbb00d799963df8c3046a1d6
SHA256 9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8
SHA512 52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_overlapped.pyd

MD5 a752451482e3a12bb548d671dfdb8b45
SHA1 cd1b4b5fb4bd967a88f22a309fc4f91df2c5a6e9
SHA256 6c415e1ff4c4cc218c8b3df6678f1eab8d4206bd269f68512910fa04b64b8f22
SHA512 841408f1e01ac372e80882fd2e38207a92a26d5c445172ddc776279e5b08572b72a88011402d644135db145fd0893278999a09db15cc18920103b90fdb76de56

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_multiprocessing.pyd

MD5 9e1a8a2209262745323a3087e3ca5356
SHA1 db5db846be89ed930291afd3e0b5ee31f3e8a50e
SHA256 f7bc9e58a91241d120998e2125173b8ce05fb178e4c77825bcae0f9afd751769
SHA512 bb5741285b773b36a2c24f15d28d172cb96220a662111a587f5ea6a9652a3e09b4795737ae8d2785243990039ebb8f7a597423e3dbd9a69a9cc4917222fa65e7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_hashlib.pyd

MD5 4ae75c47dbdebaa16a596f31b27abd9e
SHA1 a11f963139c715921dedd24bc957ab6d14788c34
SHA256 2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d
SHA512 e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_elementtree.pyd

MD5 ad2229ca1802fc2408b59d9ec9460cea
SHA1 f090c8647c2f21c2d46384b9562238559846d793
SHA256 d175def644ad25a6447b3c84fd0aafd75f8f9adf177f3ae9c78d61bfed04b8a0
SHA512 7168cf9ca6ac49f935303e741b3f0e4edee384a2fa64fb4100eebda0e012b4b5aa1a08acba62643debc638c25c6462393ddcd132f7a02c5ed207cd37fda8d895

memory/3216-1330-0x00007FF846900000-0x00007FF8469B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_decimal.pyd

MD5 f65d2fed5417feb5fa8c48f106e6caf7
SHA1 9260b1535bb811183c9789c23ddd684a9425ffaa
SHA256 574fe8e01054a5ba07950e41f37e9cf0aea753f20fe1a31f58e19202d1f641d8
SHA512 030502fa4895e0d82c8cce00e78831fc3b2e6d956c8cc3b9fb5e50cb23ef07cd6942949a9f16d02da6908523d9d4ef5f722fb1336d4a80cd944c9f0cb11239ab

memory/3216-1333-0x00007FF856C10000-0x00007FF856C36000-memory.dmp

memory/3216-1334-0x00007FF8467E0000-0x00007FF8468F8000-memory.dmp

memory/3216-1332-0x00007FF856E00000-0x00007FF856E0B000-memory.dmp

memory/3216-1331-0x00007FF857240000-0x00007FF85724D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_cffi_backend.cp310-win_amd64.pyd

MD5 d968ebcdbec08ebaa42356ca155ac6a1
SHA1 7953a0a9c7c38349d629968a1dbd7e3bf9e9933c
SHA256 670379d72b8ac580f237a7236c4b51933b2576e8dd7689e09b9e58d55818a979
SHA512 5dbfb6e928f8b96d03dd4dabf2c21f8e22a3e0983152c167e768e9e1b6771432d706d5250032ba3ffb067198fb2a18bf3e05b09ddbc84c2ec945f3d865a57ef7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_asyncio.pyd

MD5 bac1b37093d9a3d8a69c4449067daf79
SHA1 6debc17c8446915b7413685da449f028cf284549
SHA256 b4130ab50e425027634a8a4c01c320a70b8529f2988c3a7fb053e07847b68089
SHA512 24e108ed396c15fe70a4c915a5adadbfaddacab93d20109574b2f3875ed76225f2444098f2f2c47613f5df16d31c5c93dcc77f5af7b6d9b7739d1e392260ec59

C:\Users\Admin\AppData\Local\Temp\_MEI43562\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

C:\Users\Admin\AppData\Local\Temp\_MEI43562\unicodedata.pyd

MD5 7a462a10aa1495cef8bfca406fb3637e
SHA1 6dcbd46198b89ef3007c76deb42ab10ba4c4cf40
SHA256 459bca991fcb88082d49d22cc6ebffe37381a5bd3efcc77c5a52f7a4bb3184c0
SHA512 d2b7c6997b4bd390257880a6f3336e88d1dd7159049811f8d7c54e3623e9b033e18e8922422869c81de72fc8c10890c173d8a958d192dd03bfc57cffaea1ac7b

C:\Users\Admin\AppData\Local\Temp\_MEI43562\tk86t.dll

MD5 19adc6ec8b32110665dffe46c828c09f
SHA1 964eca5250e728ea2a0d57dda95b0626f5b7bf09
SHA256 6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7
SHA512 4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27

C:\Users\Admin\AppData\Local\Temp\_MEI43562\tcl86t.dll

MD5 2ac611c106c5271a3789c043bf36bf76
SHA1 1f549bff37baf84c458fc798a8152cc147aadf6e
SHA256 7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6
SHA512 3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08

C:\Users\Admin\AppData\Local\Temp\_MEI43562\sqlite3.dll

MD5 bd2819965b59f015ec4233be2c06f0c1
SHA1 cff965068f1659d77be6f4942ca1ada3575ca6e2
SHA256 ab072d20cee82ae925dae78fd41cae7cd6257d14fd867996382a69592091d8ec
SHA512 f7758bd71d2ad236bf3220db0ad26f3866d9977eab311a5912f6e079b59fa918735c852de6dbf7b5fee9e04124bc0cd438c4c71edc0c04309330108ba0085d59

C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

memory/3216-1335-0x00007FF852AB0000-0x00007FF852AE8000-memory.dmp

memory/3216-1336-0x00007FF8563D0000-0x00007FF8563DB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2.dll

MD5 2b13a3f2fc8f9cdb3161374c4bc85f86
SHA1 9039a90804dba7d6abb2bcf3068647ba8cab8901
SHA256 110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6
SHA512 2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

C:\Users\Admin\AppData\Local\Temp\_MEI43562\pyexpat.pyd

MD5 9cbd08544dce0712557d8ab3fa0d2d15
SHA1 cff5ea26bd61330146451390d6cecbda1c102c57
SHA256 77813956d86430e1d850989eca1ace8641b7523ecbe1de825bd2fd7094f15f2c
SHA512 e9879b10f26b4205d389de77a978135d285339d971ddae6050cd8453aecf7ed8e39834a685c77aa1beddb8d7d922f4390278c772beb9cd0bfbd7cc8a77c7fc90

C:\Users\Admin\AppData\Local\Temp\_MEI43562\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-1_1.dll

MD5 eac369b3fde5c6e8955bd0b8e31d0830
SHA1 4bf77158c18fe3a290e44abd2ac1834675de66b4
SHA256 60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c
SHA512 c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libcrypto-1_1.dll

MD5 daa2eed9dceafaef826557ff8a754204
SHA1 27d668af7015843104aa5c20ec6bbd30f673e901
SHA256 4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914
SHA512 7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea

C:\Users\Admin\AppData\Local\Temp\_MEI43562\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI43562\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_lzma.pyd

MD5 6f810f46f308f7c6ccddca45d8f50039
SHA1 6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea
SHA256 39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76
SHA512 c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878

memory/3216-1275-0x00007FF856EA0000-0x00007FF856EB9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43562\select.pyd

MD5 666358e0d7752530fc4e074ed7e10e62
SHA1 b9c6215821f5122c5176ce3cf6658c28c22d46ba
SHA256 6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841
SHA512 1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_lzma.pyd

MD5 6f810f46f308f7c6ccddca45d8f50039
SHA1 6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea
SHA256 39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76
SHA512 c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878

C:\Users\Admin\AppData\Local\Temp\_MEI43562\_bz2.pyd

MD5 93fe6d3a67b46370565db12a9969d776
SHA1 ff520df8c24ed8aa6567dd0141ef65c4ea00903b
SHA256 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b
SHA512 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac

C:\Users\Admin\AppData\Local\Temp\_MEI43562\libffi-7.dll

MD5 6f818913fafe8e4df7fedc46131f201f
SHA1 bbb7ba3edbd4783f7f973d97b0b568cc69cadac5
SHA256 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56
SHA512 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

memory/3216-1271-0x00007FF858F30000-0x00007FF858F54000-memory.dmp

memory/3216-1337-0x00007FF856240000-0x00007FF85624C000-memory.dmp

memory/3216-1339-0x00007FF84DDE0000-0x00007FF84DDEC000-memory.dmp

memory/3216-1338-0x00007FF84FF40000-0x00007FF84FF4B000-memory.dmp

memory/3216-1340-0x00007FF84DDD0000-0x00007FF84DDDB000-memory.dmp

memory/3216-1341-0x00007FF84D740000-0x00007FF84D74C000-memory.dmp

memory/3216-1342-0x00007FF84D730000-0x00007FF84D73D000-memory.dmp

memory/3216-1343-0x00007FF84D720000-0x00007FF84D72E000-memory.dmp

memory/3216-1345-0x00007FF84D6F0000-0x00007FF84D6FB000-memory.dmp

memory/3216-1344-0x00007FF84D700000-0x00007FF84D70C000-memory.dmp

memory/3216-1346-0x00007FF84D6E0000-0x00007FF84D6EB000-memory.dmp

memory/3216-1347-0x00007FF8483C0000-0x00007FF8483CC000-memory.dmp

memory/3216-1348-0x00007FF8483B0000-0x00007FF8483BC000-memory.dmp

memory/3216-1349-0x00007FF8483A0000-0x00007FF8483AD000-memory.dmp

memory/3216-1351-0x00007FF848370000-0x00007FF84837C000-memory.dmp

memory/3216-1352-0x00007FF848360000-0x00007FF848370000-memory.dmp

memory/3216-1350-0x00007FF848380000-0x00007FF848392000-memory.dmp

memory/3216-1354-0x00007FF856E70000-0x00007FF856E9D000-memory.dmp

memory/3216-1353-0x00007FF85C300000-0x00007FF85C30F000-memory.dmp

memory/3216-1356-0x00007FF856B10000-0x00007FF856B1B000-memory.dmp

memory/3216-1355-0x00007FF8469C0000-0x00007FF846D35000-memory.dmp

memory/3216-1357-0x00007FF84D710000-0x00007FF84D71C000-memory.dmp

memory/3216-1358-0x00007FF848190000-0x00007FF8481A5000-memory.dmp

memory/3216-1359-0x00007FF847B90000-0x00007FF847BA4000-memory.dmp

memory/3216-1360-0x00007FF847B60000-0x00007FF847B82000-memory.dmp

memory/3216-1361-0x00007FF847970000-0x00007FF847989000-memory.dmp

memory/3216-1362-0x00007FF8477E0000-0x00007FF8477F1000-memory.dmp

memory/3216-1364-0x00007FF846730000-0x00007FF84674C000-memory.dmp

memory/3216-1363-0x00007FF847960000-0x00007FF84796A000-memory.dmp

memory/3216-1365-0x00007FF846670000-0x00007FF84669E000-memory.dmp

memory/3216-1366-0x00007FF8464D0000-0x00007FF846641000-memory.dmp

memory/3216-1367-0x00007FF847990000-0x00007FF8479A7000-memory.dmp

memory/3216-1368-0x00007FF847800000-0x00007FF847849000-memory.dmp

memory/3216-1370-0x00007FF8466A0000-0x00007FF8466C9000-memory.dmp

memory/3216-1369-0x00007FF8466D0000-0x00007FF84672D000-memory.dmp

memory/3216-1373-0x00007FF8464A0000-0x00007FF8464AB000-memory.dmp

memory/3216-1372-0x00007FF8464B0000-0x00007FF8464C8000-memory.dmp

memory/3216-1371-0x00007FF846650000-0x00007FF84666F000-memory.dmp

memory/3216-1374-0x00007FF846490000-0x00007FF84649C000-memory.dmp

memory/3216-1375-0x00007FF846480000-0x00007FF84648B000-memory.dmp

memory/3216-1376-0x00007FF846470000-0x00007FF84647C000-memory.dmp

memory/3216-1377-0x00007FF846460000-0x00007FF84646B000-memory.dmp

memory/3216-1378-0x00007FF846450000-0x00007FF84645C000-memory.dmp

memory/3216-1379-0x00007FF846440000-0x00007FF84644D000-memory.dmp

memory/3216-1381-0x00007FF846420000-0x00007FF84642C000-memory.dmp

memory/3216-1380-0x00007FF846430000-0x00007FF84643E000-memory.dmp

memory/3216-1382-0x00007FF846410000-0x00007FF84641C000-memory.dmp

memory/3216-1383-0x00007FF846400000-0x00007FF84640B000-memory.dmp

memory/3216-1384-0x00007FF8463F0000-0x00007FF8463FB000-memory.dmp

memory/3216-1385-0x00007FF8463E0000-0x00007FF8463EC000-memory.dmp

memory/3216-1386-0x00007FF8463D0000-0x00007FF8463DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ehuxqmh.jxp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3216-1519-0x00007FF846D40000-0x00007FF8471AE000-memory.dmp

memory/3216-1520-0x00007FF858F30000-0x00007FF858F54000-memory.dmp

memory/3216-1521-0x00007FF85C300000-0x00007FF85C30F000-memory.dmp

memory/3216-1522-0x00007FF856EA0000-0x00007FF856EB9000-memory.dmp

memory/3216-1523-0x00007FF856E70000-0x00007FF856E9D000-memory.dmp

memory/3216-1524-0x00007FF856E10000-0x00007FF856E24000-memory.dmp

memory/3216-1525-0x00007FF8469C0000-0x00007FF846D35000-memory.dmp

memory/3216-1527-0x00007FF8589C0000-0x00007FF8589CD000-memory.dmp

memory/3216-1526-0x00007FF856CE0000-0x00007FF856CF9000-memory.dmp

memory/3216-1529-0x00007FF846900000-0x00007FF8469B8000-memory.dmp

memory/3216-1530-0x00007FF857240000-0x00007FF85724D000-memory.dmp

memory/3216-1531-0x00007FF856E00000-0x00007FF856E0B000-memory.dmp

memory/3216-1532-0x00007FF856C10000-0x00007FF856C36000-memory.dmp

memory/3216-1528-0x00007FF856CB0000-0x00007FF856CDE000-memory.dmp

memory/3216-1533-0x00007FF8467E0000-0x00007FF8468F8000-memory.dmp

memory/3216-1534-0x00007FF852AB0000-0x00007FF852AE8000-memory.dmp

memory/3216-1535-0x00007FF848190000-0x00007FF8481A5000-memory.dmp

memory/3216-1536-0x00007FF848360000-0x00007FF848370000-memory.dmp

memory/3216-1538-0x00007FF847B60000-0x00007FF847B82000-memory.dmp

memory/3216-1537-0x00007FF847B90000-0x00007FF847BA4000-memory.dmp

memory/3216-1539-0x00007FF847990000-0x00007FF8479A7000-memory.dmp

memory/3216-1540-0x00007FF847970000-0x00007FF847989000-memory.dmp

memory/3216-1541-0x00007FF847800000-0x00007FF847849000-memory.dmp

memory/3216-1542-0x00007FF8477E0000-0x00007FF8477F1000-memory.dmp

memory/3216-1543-0x00007FF847960000-0x00007FF84796A000-memory.dmp

memory/3216-1544-0x00007FF846730000-0x00007FF84674C000-memory.dmp

memory/3216-1545-0x00007FF8466D0000-0x00007FF84672D000-memory.dmp

memory/3216-1546-0x00007FF8466A0000-0x00007FF8466C9000-memory.dmp

memory/3216-1547-0x00007FF846670000-0x00007FF84669E000-memory.dmp

memory/3216-1548-0x00007FF846650000-0x00007FF84666F000-memory.dmp

memory/3216-1549-0x00007FF8464D0000-0x00007FF846641000-memory.dmp

memory/3216-1550-0x00007FF8464B0000-0x00007FF8464C8000-memory.dmp

memory/3216-1551-0x00007FF8460E0000-0x00007FF846114000-memory.dmp

memory/3216-1552-0x00007FF846020000-0x00007FF8460DC000-memory.dmp

memory/3216-1554-0x00007FF845D60000-0x00007FF845FE3000-memory.dmp

memory/3216-1553-0x00007FF845FF0000-0x00007FF84601B000-memory.dmp

memory/3216-1555-0x00007FF8456F0000-0x00007FF845D58000-memory.dmp

memory/3216-1556-0x00007FF845690000-0x00007FF8456E5000-memory.dmp

memory/3216-1557-0x00007FF845380000-0x00007FF84565F000-memory.dmp

memory/3216-1558-0x00007FF843280000-0x00007FF845373000-memory.dmp

memory/3216-1559-0x00007FF843260000-0x00007FF843277000-memory.dmp

memory/3216-1560-0x00007FF843230000-0x00007FF843251000-memory.dmp

memory/3216-1561-0x00007FF843200000-0x00007FF843222000-memory.dmp

memory/3216-1562-0x00007FF843160000-0x00007FF8431FC000-memory.dmp

memory/3216-1563-0x00007FF843130000-0x00007FF843160000-memory.dmp

memory/3216-1565-0x00007FF8430A0000-0x00007FF8430E8000-memory.dmp

memory/3216-1564-0x00007FF8430F0000-0x00007FF843123000-memory.dmp

memory/3216-1567-0x00007FF843080000-0x00007FF84309A000-memory.dmp

memory/3216-1656-0x00007FF843040000-0x00007FF84305D000-memory.dmp

memory/3216-1657-0x00007FF843020000-0x00007FF843033000-memory.dmp

memory/3216-1664-0x00007FF842F60000-0x00007FF843014000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI38322\cryptography-41.0.5.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/3216-1701-0x00007FF842B30000-0x00007FF842F3F000-memory.dmp

memory/3216-1707-0x00007FF842A90000-0x00007FF842B27000-memory.dmp

memory/3216-1714-0x00007FF842A40000-0x00007FF842A8B000-memory.dmp

memory/3216-1693-0x00007FF842F40000-0x00007FF842F5A000-memory.dmp

memory/3216-1650-0x00007FF843060000-0x00007FF843079000-memory.dmp

memory/3216-1715-0x000002BAAF1B0000-0x000002BAB10A3000-memory.dmp

memory/3216-1763-0x00007FF840A90000-0x00007FF840B39000-memory.dmp

memory/3216-1791-0x00007FF83F020000-0x00007FF83F246000-memory.dmp

memory/3216-1795-0x00007FF840A10000-0x00007FF840A8B000-memory.dmp

memory/3216-1796-0x00007FF83FA00000-0x00007FF83FA89000-memory.dmp

memory/3216-1797-0x00007FF83F9B0000-0x00007FF83F9F8000-memory.dmp

memory/3216-1846-0x00007FF83F960000-0x00007FF83F9A4000-memory.dmp

memory/3216-1859-0x00007FF83F910000-0x00007FF83F952000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4

MD5 5ac44ced534a47dc15b18990d8af0e49
SHA1 11add282a818408965d4455333a7d3d6e30923f1
SHA256 bea9d33028271f219a9c1786489dbfe8fa7191ba2fe2fbf8bd291130889a6448
SHA512 0ac4256e7dcc6697e7bb6d118a6cd6dbbfe2601a6487512d2c0ca3d73bc6ed4bc3f61d1c76e1c4316ec15c6bc3c5749fd8faf8636bc556a16844811586e21998

C:\Users\Admin\folderppa\ss.png

MD5 be9783016e10fa842b77e1edba73b61c
SHA1 696381084381866e1361147441689940c61302ab
SHA256 52babb1ca1cfa0c0fdeaaa74ecfa9186a963c0f48a5e83807df565ca1220cb52
SHA512 e47e4d1035980ceb93f5329314d27d8162074af0e1e4e344b2bc37cdd274809bbd18cdd6c81276bd3c5a3febd7ff35e304dd5513270e212ec8cd8ffc20862411

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.FrU684

MD5 ae94903b853f079589e8af69a4ef186e
SHA1 c36cebebc2705336c3e3467d7d89f82c076a7117
SHA256 bb4d6e0ac3a2292608774645e6c54a8d23192b138c72907e44201ed4ccf34fa9
SHA512 8adcd2c52988ec157634717d04d5ed8a0c72f1fe979d7e642097dd53173c75d6818acd6cec7ae472acfa77a4b7d31479aeb9dc5d658bcc4f40d056ee23960f75

C:\Users\Admin\folderppa\ss.png

MD5 cba891dcb5c235616cf1bf5b6eb77dcf
SHA1 2fc0b7f7b7e6dd0a219ac856315549ccf2366da2
SHA256 44eed918dda132299352d7404c28e16f7f8c8f53fe431d6f2489b86c788f74a7
SHA512 cb9399b43f4daae18b704566f10c8aba8e631011c142cc6a16fc12169578d598bd719f6fabb9737e6a2531cde138dc2e5c206d980d8924c6f377bd2261168cb4

C:\Users\Admin\folderppa\rec_\22.11.2023_20.56.wav

MD5 b00580dbc88962975a4ed271d22cd391
SHA1 dcccc22ba97d7ce320ab98ea3f0245cf80a2b839
SHA256 ec32bc9ba1963e716ba7f23bc1170068c2e8a7e3c5bc83ea9fef95242e8cde89
SHA512 1d83e0d44b84f3bac7efc18c14d3e198daab1618caffc8ebc490962cce52fd586d09d9187ea49e3f0274cf61fd5c2176edf9c1d8ce203752bfe65bf32714c7c1

C:\Users\Admin\folderppa\ss.png

MD5 857cf5a66e937a9a139ec31cdc9106e9
SHA1 6c557130f303ab429a06bf9fa4b249579b35f8b8
SHA256 7efdbbfeb59ec43fc9584c5027bfb5a906d7980f68ffa20f617083617c6cf574
SHA512 9b4f912380f7120c28bf24cd2c87887bd533845b6aa94e6b9de0ce44df6497741f917697ccc7fa72b245fdc1ceadb49747e48f514d74e2a941de93256ecf608c