Malware Analysis Report

2024-11-13 15:06

Sample ID 231211-ezqe1seba6
Target Source Prepared.zip
SHA256 2db3fa48b0da161c95da3dc682dbecf28633e372c43dac9668574eee8dce8dd3
Tags
evasion persistence upx pyinstaller pysilon
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2db3fa48b0da161c95da3dc682dbecf28633e372c43dac9668574eee8dce8dd3

Threat Level: Known bad

The file Source Prepared.zip was found to be: Known bad.

Malicious Activity Summary

evasion persistence upx pyinstaller pysilon

Pysilon family

Detect Pysilon

Sets file to hidden

UPX packed file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Kills process with taskkill

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-11 04:24

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-11 04:22

Reported

2023-12-11 05:04

Platform

win10v2004-20231127-en

Max time kernel

2280s

Max time network

1884s

Command Line

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Source Prepared.zip"

Signatures

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
N/A N/A C:\Users\Admin\Desktop\source_prepared.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Exploit1 = "C:\\Users\\Admin\\Exploit Bot\\Hacker.exe" C:\Users\Admin\Desktop\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 2380 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Users\Admin\Desktop\source_prepared.exe
PID 2940 wrote to memory of 2380 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Users\Admin\Desktop\source_prepared.exe
PID 2380 wrote to memory of 4648 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 4648 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 3040 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2380 wrote to memory of 3040 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2380 wrote to memory of 3880 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 3880 N/A C:\Users\Admin\Desktop\source_prepared.exe C:\Windows\system32\cmd.exe
PID 3880 wrote to memory of 4704 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3880 wrote to memory of 4704 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3880 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 3880 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 3880 wrote to memory of 468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3880 wrote to memory of 468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4896 wrote to memory of 3048 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 4896 wrote to memory of 3048 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 3048 wrote to memory of 1848 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 1848 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\system32\cmd.exe
PID 3048 wrote to memory of 836 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3048 wrote to memory of 836 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Source Prepared.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\Desktop\source_prepared.exe

"C:\Users\Admin\Desktop\source_prepared.exe"

C:\Users\Admin\Desktop\source_prepared.exe

"C:\Users\Admin\Desktop\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a8 0x40c

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Exploit Bot\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Exploit Bot\activate.bat""

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Exploit Bot\Hacker.exe

"Hacker.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\Exploit Bot\Hacker.exe

"Hacker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Exploit Bot\""

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
N/A 127.0.0.1:49426 tcp
N/A 127.0.0.1:49439 tcp
N/A 127.0.0.1:49441 tcp
US 8.8.8.8:53 34.197.79.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Source Prepared.zip

MD5 9810200a8874ebae8c3723f3206be6e4
SHA1 e9c1096f616a27cb10a23008aac2e5cf2a4ee1bb
SHA256 10b6e6a3b343f4090ada2086f091a2490717ce13a5c45c8a2e1ee3a827ae55ab
SHA512 f24f81497c708966a7075f46e7be8271f3c9901c4ecd9ef9bd354127094ed2d7355abb1ed9608a850f06602210d45c4ce4daf9012ab6019196ac3b9f69cbed12

memory/4324-1-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-3-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-2-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-7-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-11-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-10-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-13-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-12-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-9-0x0000020769930000-0x0000020769931000-memory.dmp

memory/4324-8-0x0000020769930000-0x0000020769931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\python310.dll

MD5 0c720b4358ec6d863ed492e1a5dfdeee
SHA1 67daf63baeaf529f4fcf72269db794400a1f378f
SHA256 f036c475603ad840ba3b8acb3f17dc33527326b38af752a150be505ffcaaf15e
SHA512 2c89fcde5e7d5bb841e2689fcad9228ec2c056d6720743b56fead52296ff7379972883eb28f4a41683c0599688446fcad19a16a9bfc50bb2c9a84f68a3af04ca

C:\Users\Admin\AppData\Local\Temp\_MEI29402\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

memory/2380-1278-0x00007FF9573A0000-0x00007FF95780E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\python310.dll

MD5 88702fcc4cf2ad5da6395fdc1f6efe00
SHA1 0f96be0aa0dbee1c39c8ce0b0137bc3a0832b8d6
SHA256 a9364473ee346dfdceaa3c69f1b0ce1d0ef58abfa2b209b4374f3b31ccd65e71
SHA512 432e7dd6fde566fff4dfdff00dfa3f0920930cd12dbc360dbbf946c02876882f2a450ae162c0f5edd44d0a30b817d24e9ae8548a9669a9073f79cf981a58ce84

C:\Users\Admin\AppData\Local\Temp\_MEI29402\base_library.zip

MD5 03915e815cab493e255d43f6387f191e
SHA1 d0c3ea2b53e779078ea19bd11d49542b1556635b
SHA256 da1790b8f2a5f5c2b6495fa4e399780ebe428450152b178f0171f9e2424b8563
SHA512 605b8033994d00f278f38714bb0dea86b879d985f46e8273bd5499ae9d9def2199f3e5f36c74f6c285a1bfc0322789b510e05e2ab1699ec827fcd61a74810be9

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_ctypes.pyd

MD5 35ed0c8206d9c49504a42df3118a2b06
SHA1 d4148f4b98171fc71f502fca98f5b8d8839ddaee
SHA256 f45186bb8b794da8672eab28d7f55e6a37a44d77fecf3eb2646a3193f4914874
SHA512 c6daa7c3de5ddfc58b21217a16e30c1bf7c9e41859e0d37fe55cad45ffad8f4db79caf9de5524e1f738808bfa7b438cfc187b4bce5f321f66b7d858fe0c1ac52

C:\Users\Admin\AppData\Local\Temp\_MEI29402\python3.dll

MD5 e0ca371cb1e69e13909bfbd2a7afc60e
SHA1 955c31d85770ae78e929161d6b73a54065187f9e
SHA256 abb50921ef463263acd7e9be19862089045074ea332421d82e765c5f2163e78a
SHA512 dd5a980ba72e4e7be81b927d140e408ad06c7be51b4f509737faee5514e85a42d47518213da1c3e77c25f9bd2eb2109fca173d73d710ff57e6a88a2ff971d0b4

C:\Users\Admin\AppData\Local\Temp\_MEI29402\python3.dll

MD5 1a41c9bbe59891a1bcd752d110176df9
SHA1 c10eac8499e592174f2c758c441b8dfb6553367b
SHA256 dbc826ca6ab26e79368ce0ddaa2bac21cd8d592942a5cbe98beed910670c557e
SHA512 f60b0ec4fc8679f0cfae2501b5c1d789973ac97b76b4f8db416943d0f84e07087f25c1916331cb3ac9ba357b21a5d9c50d4370e318cbab432737ec7771f8be93

memory/2380-1287-0x00007FF96D570000-0x00007FF96D594000-memory.dmp

memory/2380-1292-0x00007FF9728F0000-0x00007FF9728FF000-memory.dmp

memory/2380-1337-0x00007FF96D4B0000-0x00007FF96D4DD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libcrypto-1_1.dll

MD5 b14324364d099c99065fd80420ca489c
SHA1 5d70d2ce599b589f7b332e70ca5ecaff138055f7
SHA256 05355728c48aa92a60d738014a5d3763854acce24716f0a4e77238c416aea40a
SHA512 76438c66603992c3004daa6db0207ea8450333d10c3660386a4e9af2e80a679514d3a78b967fe9752daa3c53ee6c570b7f2d269194a94ae40b67ccbdb60daea9

memory/2380-1338-0x00007FF957020000-0x00007FF957395000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\psutil\_psutil_windows.pyd

MD5 9deb186efc71b798f7db905ff0659dd3
SHA1 91c9e1c195005382cbdbb5c05f0436ad37aac296
SHA256 77180a88f572e4c20361178367e91e9617175c56e82ef25c038a1e1454377b77
SHA512 397933c008f69a875323970bcffe77003a44ee3ed03b16e223e71551a86bdba5c89ea2ba01896242b7ec250082da99c718039a97313247f4c44d3568e5d94ebd

C:\Users\Admin\AppData\Local\Temp\_MEI29402\select.pyd

MD5 959e471b8496a2c68649bad5dfa865eb
SHA1 eb0d58cda97190d2e57f7d594c4d5f2e3314ea56
SHA256 e7f17d68107e4154879412da5d99fb8b3e3d25b602355f67e13c6a91106eaeb3
SHA512 21cae515d08e7d2b50eed1d4bf09abb195e8dfbb7812b1b6e1f0ec4ff2dbe275ffa70ca062e0a65cf2124229f26730052e6d1dc0f26520ac1e505366f91d853c

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_socket.pyd

MD5 74ddc73184701a1378a36e0494b84b74
SHA1 9b81c3e23f2751a14cc8ef16d7ab64b5d4abd9a5
SHA256 e3219e905226441a6de3d1d1420aa11de3f0368dcd2aa85dc5283b702dca96cf
SHA512 65e072080b543ea20b6a272312249bb166728583d514d3b86351ca65dc620fb55005aa3899382486bd8db61b521c9572b2ee8b33196b3aa524d177d7474c737f

memory/2380-1343-0x00007FF969060000-0x00007FF96907C000-memory.dmp

memory/2380-1344-0x00007FF969030000-0x00007FF96905E000-memory.dmp

memory/2380-1345-0x00007FF968F20000-0x00007FF968FD8000-memory.dmp

memory/2380-1346-0x00007FF96D550000-0x00007FF96D569000-memory.dmp

memory/2380-1347-0x00007FF969170000-0x00007FF969184000-memory.dmp

memory/2380-1342-0x00007FF96F170000-0x00007FF96F17D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_hashlib.pyd

MD5 d739520f67e7b96c851c362b13453a7d
SHA1 2e6f2a9ad034eb5572c8eb595a2973de00c450fc
SHA256 d62f84f07831c7ecae8c94fc647f35bc1c0b0d659f6649fd6829dac733c085cb
SHA512 994ec042e13f5a6164a5046fccf5d6f16dc9b5f7517b6219cde90cf0d8554090eedb5de51f64c5abebe4a3e5237af210f06106f41bcdaab29660fdbf9e5b146a

memory/2380-1348-0x00007FF969150000-0x00007FF969169000-memory.dmp

memory/2380-1349-0x00007FF96D680000-0x00007FF96D68D000-memory.dmp

memory/2380-1350-0x00007FF968EE0000-0x00007FF968F18000-memory.dmp

memory/2380-1352-0x00007FF969690000-0x00007FF96969F000-memory.dmp

memory/2380-1351-0x00007FF969940000-0x00007FF96994E000-memory.dmp

memory/2380-1354-0x00007FF968EC0000-0x00007FF968ED1000-memory.dmp

memory/2380-1353-0x00007FF969140000-0x00007FF96914E000-memory.dmp

memory/2380-1355-0x00007FF968EB0000-0x00007FF968EBF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_uuid.pyd

MD5 ee02ef4972de5e5800285702755b4b95
SHA1 d51f5fef0c03b93016c749694f6f013218031b1d
SHA256 0081ebd9ecf7e5e690ae9a1cf5450e018c84bdf98dc9b6a45b1a6d527411ec96
SHA512 8233734de4c51d2a2aeed94059c183e6d5c7d66ec9d1c31a54aab23f2aa10a6c483a1d7284fc345215bdc89d2831ad0e63fdfd560b36cd469b393a6d77efe033

memory/2380-1366-0x00007FF964850000-0x00007FF964865000-memory.dmp

memory/2380-1369-0x00007FF968E70000-0x00007FF968E82000-memory.dmp

memory/2380-1370-0x00007FF964870000-0x00007FF964881000-memory.dmp

memory/2380-1371-0x00007FF964840000-0x00007FF964850000-memory.dmp

memory/2380-1368-0x00007FF96D4A0000-0x00007FF96D4AF000-memory.dmp

memory/2380-1372-0x00007FF964820000-0x00007FF964834000-memory.dmp

memory/2380-1367-0x00007FF95A160000-0x00007FF95A278000-memory.dmp

memory/2380-1365-0x00007FF964890000-0x00007FF9648A5000-memory.dmp

memory/2380-1364-0x00007FF9648B0000-0x00007FF9648C1000-memory.dmp

memory/2380-1363-0x00007FF964B60000-0x00007FF964B6E000-memory.dmp

memory/2380-1362-0x00007FF964EC0000-0x00007FF964ECE000-memory.dmp

memory/2380-1361-0x00007FF964ED0000-0x00007FF964EDF000-memory.dmp

memory/2380-1360-0x00007FF964EE0000-0x00007FF964EEE000-memory.dmp

memory/2380-1359-0x00007FF964EF0000-0x00007FF964EFF000-memory.dmp

memory/2380-1358-0x00007FF968E60000-0x00007FF968E70000-memory.dmp

memory/2380-1357-0x00007FF968E90000-0x00007FF968EA0000-memory.dmp

memory/2380-1356-0x00007FF968EA0000-0x00007FF968EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_tkinter.pyd

MD5 65fcdef212d4d051e191bf19db4b8670
SHA1 9ac5babed404b6c153931870f453200239e7d399
SHA256 cc54efe587f1bcf52bd4f2a1c90ece2a3e70a1193775118507177556374f9344
SHA512 afeba98ca8ee81b301304f16de391785eb97c6032f8bbcfa9c9cd6827c52f3944b45ceaa425c3f5957de6e7843754cf02eaaf376bc1a99d8e67a32b6c12f9233

memory/2380-1373-0x00007FF95A130000-0x00007FF95A152000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_ssl.pyd

MD5 1883bfef9670e3d5f8f2a4395e9cc716
SHA1 c79a65879ee289c926a5a56b2ec833781a483751
SHA256 5278c2e8b033d10448f4b09ada23f3692f33e6cba36a680a0398de0d51f26e0e
SHA512 ff9e09b7b40c50a2a727e24340122bfda2e559421e15aaede9ab92f5a716a5c05f6c5ee5dc56e646586b6cb63268084ca02cbd811ea4278788ce45e9cd9cbd39

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_sqlite3.pyd

MD5 05e2a32c271cbeb41b177c91d4136872
SHA1 cad145d665409e7e999f21db8e48956035d6eafb
SHA256 2ff94ef85f93a79a07e85ad7accbce79bd167234342e01f26636f9c7507affe6
SHA512 e6fe3630affa31db4ce98bc7b17f7334182137b86a8ec2e12d0064534dd3dab268dd853ff09d0677a7d1f531e28a4a9a269d2637b09cca879a993b52566bdde6

memory/2380-1374-0x00007FF95A110000-0x00007FF95A127000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_queue.pyd

MD5 76085aca5511e13a547b5e4a98e15bd3
SHA1 3328b85533f0c549ebdd8bc5c77b4f3ed1ed618d
SHA256 b5b6d6c055f58fc44576ae4490a36a1a0a6cd10827f9c7605d8e46365edcd773
SHA512 ef48fd39c52ef5cbac67245146d0c22c1a664ee878760ce9533145c5052964af8c079aec7793a803cab3da58ab74c86d93bd19ab7c433feafc798d7b524740de

memory/2380-1375-0x00007FF95A080000-0x00007FF95A091000-memory.dmp

memory/2380-1377-0x00007FF959D10000-0x00007FF959D6D000-memory.dmp

memory/2380-1378-0x00007FF95A0F0000-0x00007FF95A109000-memory.dmp

memory/2380-1376-0x00007FF964810000-0x00007FF96481A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_portaudio.cp310-win_amd64.pyd

MD5 bf9f5464020792a3a1042bc7d5a22cb7
SHA1 9703d95401c24fee99a016ee78dcc2e914b3f401
SHA256 579b787831108e8af7bedb93f90decc7ebab26fa0469e0524429b3dbba043d67
SHA512 be198eae15c8820bfc1bc6ab72ebdc574396cfd6a0f2753d9f1be55492b511b28c24c5b057fa599265e0a81b9eccca6bf715e013c81ea94cecd5efcf122cd176

memory/2380-1380-0x00007FF95A060000-0x00007FF95A07C000-memory.dmp

memory/2380-1381-0x00007FF959CE0000-0x00007FF959D09000-memory.dmp

memory/2380-1379-0x00007FF95A0A0000-0x00007FF95A0E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_overlapped.pyd

MD5 59900f9e5774b0423c593ecc6b368563
SHA1 3eba951654255924d8f5a5789b2985b3aa64cd1d
SHA256 78130cf5406b1ac068e89908901ce2589ab4c2e2d933b2fde88fab9753a7617e
SHA512 bbd1d542e42f3015d09a7813d34aa767abb5df0c2dd8efac91ba405307f75de552f46f156f9ad397f4bc9c9a590725e6e24f005a4eb699ee573231aecb566438

memory/2380-1383-0x00007FF959C90000-0x00007FF959CAF000-memory.dmp

memory/2380-1384-0x00007FF959B20000-0x00007FF959C89000-memory.dmp

memory/2380-1382-0x00007FF959CB0000-0x00007FF959CDE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_multiprocessing.pyd

MD5 dbd9f7999089b50318f3dec1b3bd9c38
SHA1 08953246685252ecda3ea5a5081b7989fa7d04c8
SHA256 1ac8697a152a4d99a1efefd4bb7f21fe20780b7fa05af00b0db5b7e87836c2c9
SHA512 70125e856c8269d6831417fa975c96ec7d52f330152bedd0f165905a44c459a84c66547f0ff19ab0ed3a88796d4385a93f8621924bb78d693e7f4672776baa77

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_msi.pyd

MD5 668b774674816454edabf76dc2e8bbf7
SHA1 b18b91b6a95d2cf0a691b70bd4789ebdf1edb705
SHA256 9166147dcbb8e63324dc2af8d73a1be7a4c77211f7d886eed2938607c2913826
SHA512 7439ba293ae66271093da726f09dfa69cfb055c5722ee71e544eb9f7108603a3c1bf302366d62b050c20f8c3d7c3f05d0493297d42711e7b15630d511d1ba335

memory/2380-1386-0x00007FF95A040000-0x00007FF95A04B000-memory.dmp

memory/2380-1388-0x00007FF9573A0000-0x00007FF95780E000-memory.dmp

memory/2380-1387-0x00007FF959B10000-0x00007FF959B1B000-memory.dmp

memory/2380-1389-0x00007FF959AD0000-0x00007FF959ADB000-memory.dmp

memory/2380-1391-0x00007FF959AB0000-0x00007FF959ABD000-memory.dmp

memory/2380-1393-0x00007FF959A90000-0x00007FF959A9C000-memory.dmp

memory/2380-1394-0x00007FF959A80000-0x00007FF959A8C000-memory.dmp

memory/2380-1395-0x00007FF959A70000-0x00007FF959A7B000-memory.dmp

memory/2380-1392-0x00007FF959AA0000-0x00007FF959AAE000-memory.dmp

memory/2380-1396-0x00007FF959A60000-0x00007FF959A6B000-memory.dmp

memory/2380-1400-0x00007FF959A40000-0x00007FF959A4C000-memory.dmp

memory/2380-1401-0x00007FF959A30000-0x00007FF959A3D000-memory.dmp

memory/2380-1399-0x00007FF959A50000-0x00007FF959A5C000-memory.dmp

memory/2380-1402-0x00007FF959B00000-0x00007FF959B0C000-memory.dmp

memory/2380-1390-0x00007FF959AC0000-0x00007FF959ACC000-memory.dmp

memory/2380-1385-0x00007FF957020000-0x00007FF957395000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_elementtree.pyd

MD5 0f64b5d1c4d02fea46afa0794073dc8c
SHA1 1be50c3e02252c25f984bb2b3ac277c444da1e4d
SHA256 b14147904a5c40020d8b31bf6d5be46312924079f95335d7e1f572ecf47dfd30
SHA512 da71778859e4c7fa5f75ae2228c5234ef90959c25890248a9fa734b7971d149b1a2fb0ec8c10c62f52457eaf8ebddb436ef5657dcec72f9775ad5aba8a5cc545

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_decimal.pyd

MD5 a4d9986048c460110c0ac116e5f1c666
SHA1 80cde175f1ee5522a6ac3e9cbb8a954b82c78b78
SHA256 655b0a55cb3003c813c448f566861c11f3bd586c59e02412f113feb8a363b677
SHA512 599595a19f92632824d96e768cc591f1b5e92c75de1ffbc5b2991cd20c4ad998f87f367dc3f2de299c530097033235841bd5bcec8e7127b6f4ad7ec9a828a6b8

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_cffi_backend.cp310-win_amd64.pyd

MD5 d968ebcdbec08ebaa42356ca155ac6a1
SHA1 7953a0a9c7c38349d629968a1dbd7e3bf9e9933c
SHA256 670379d72b8ac580f237a7236c4b51933b2576e8dd7689e09b9e58d55818a979
SHA512 5dbfb6e928f8b96d03dd4dabf2c21f8e22a3e0983152c167e768e9e1b6771432d706d5250032ba3ffb067198fb2a18bf3e05b09ddbc84c2ec945f3d865a57ef7

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_asyncio.pyd

MD5 33a959c2614c1ba881c9913696c67651
SHA1 ded8d8bee5177a255011be5b215b139c8c488ead
SHA256 afc7cf63e2e3f2d2fcda1d347e71777d3df8cd086d3e72f00acd67934791a9a0
SHA512 f7e732995d7f26b2066dbce6dddb6cc74c449748892e2db224be0fdc591e30914a090e2953458b3a85042f2d7fba08f86f3f02ca9f759708d5247e12c8b73500

C:\Users\Admin\AppData\Local\Temp\_MEI29402\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI29402\VCRUNTIME140_1.dll

MD5 75e78e4bf561031d39f86143753400ff
SHA1 324c2a99e39f8992459495182677e91656a05206
SHA256 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
SHA512 ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

C:\Users\Admin\AppData\Local\Temp\_MEI29402\unicodedata.pyd

MD5 fe56a8560877b061f4b0546b18a3a7f7
SHA1 66327f366e9ea70196cf4dbccfca1c93b9efc9cf
SHA256 6aea5ad83a3f85d960c1372a08cb8005204f41c48794d932a6131380f976a319
SHA512 6a7cff56a3a314f18c9fb644f6cb0c89c64334040ba1f8f9841e81256f1dbd305e53794609472bc956f0884cb4516a577acf687f5e34e1eb6d06c341032d937a

C:\Users\Admin\AppData\Local\Temp\_MEI29402\tk86t.dll

MD5 19adc6ec8b32110665dffe46c828c09f
SHA1 964eca5250e728ea2a0d57dda95b0626f5b7bf09
SHA256 6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7
SHA512 4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27

C:\Users\Admin\AppData\Local\Temp\_MEI29402\tcl86t.dll

MD5 2ac611c106c5271a3789c043bf36bf76
SHA1 1f549bff37baf84c458fc798a8152cc147aadf6e
SHA256 7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6
SHA512 3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08

C:\Users\Admin\AppData\Local\Temp\_MEI29402\sqlite3.dll

MD5 7dc915e7cc5afbc8b275be0a79338daf
SHA1 be47ba1e341c7a98fd65999c1c2ad55e455a495c
SHA256 8011f64536efd23d5c7a5988a9461a236191a62732e7be2e331d0b02fae60823
SHA512 58f3e2fe70cc720399c01a77b557bd8c7ae91195d0aa98c1d3dca408b2a2e2a1b56011823b6b72dd66007097b208ba8b7dc4971904ab3748930b663f7e17461a

C:\Users\Admin\AppData\Local\Temp\_MEI29402\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI29402\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI29402\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI29402\SDL2.dll

MD5 2b13a3f2fc8f9cdb3161374c4bc85f86
SHA1 9039a90804dba7d6abb2bcf3068647ba8cab8901
SHA256 110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6
SHA512 2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

C:\Users\Admin\AppData\Local\Temp\_MEI29402\pyexpat.pyd

MD5 d930198dfbd47f7e746616dd6103a044
SHA1 1f03785014c42a68f740f82cf2adc9c701faa910
SHA256 57788a94ce93ebed829de17e9c49f481067fdb6561bbc11a1f50a545fe102157
SHA512 5a4c7318064d64b5c981ab77898a570c204e01744e61f2d956f8f8757fc32b63d8ce8c09bca01dca1defdde1baae61a8ad812f4236028c83ec5bc8785be4d1b4

C:\Users\Admin\AppData\Local\Temp\_MEI29402\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libssl-1_1.dll

MD5 0bfdc638fbe4135514de3aebf59fa410
SHA1 963addfdadf918339dfcab33e07bb6c48c86099e
SHA256 77affb7e88ab70fa04e382e29bf04a94ddf36c5cbd88b29ff33e15912d83ed01
SHA512 768abcc391eea4a3b34b0aade99932cd9befb922dcf9e720edf4c4719938214236e8668eca67026bd07567fbd10bbba98d63f47d63a81c7be1adce3bdd1973e4

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libopenblas64__v0.3.23-246-g3d31191b-gcc_10_3_0.dll

MD5 cdb301dee19e51ebd0681af1a8459591
SHA1 6a7179413f1a8c4575aa95ba8585288cc2631c56
SHA256 0278e2e4efb699b5e9bc0502f5de2985357046939d7722fbe62ab54ecdaf0687
SHA512 6beb866003c9476814c16ec6cf5662ec29dd4a5a6a46bc16eca26955224e9e5c37c34b97c64bc3186625cd953f0b187f845d45935560f7df673a4204507bc4a7

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libcrypto-1_1.dll

MD5 8e7025186c1c6f3f61198c027ff38627
SHA1 79c6f11358c38bda0c12ee1e3ab90a21f4651fa1
SHA256 f393f54886674e42bb7667087c92af67bd46e542c44ddff11c5061481261c90e
SHA512 4bbbf7d0a51aec361779d7735c6a91f1bdd468da0aaa3626c3cb52128c998d6454be8c473c8743172ffcea9dc66403a5a81ff5535d9baf87fa6ab990a35add41

C:\Users\Admin\AppData\Local\Temp\_MEI29402\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI29402\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_lzma.pyd

MD5 1f1dc60560fd666e6e5b3a6dde762f0a
SHA1 f509508967c2933feb2ffe86ba9259f18d9d1dc1
SHA256 b7aba82e77bb5364c7ea2bd6ff9d0dbea6a141b4128f78b3cd2f9a63d693caf3
SHA512 7b464464652a14d493483464e9733762d4b81e81fdb06a9fad36ba92b5d4d47c28c0d5355f858049707860d0ff8f634e5173b0727de1443eccdb4bb26ad36fec

C:\Users\Admin\AppData\Local\Temp\_MEI29402\_bz2.pyd

MD5 001e400d4f1b990fed96d79b886a31d1
SHA1 1ff78d878ebfd93d500ef010010fe13f63c51175
SHA256 1e297c76fdbd6d36933b95584c66acd1d8a0316169971c94974ef6ef565366c5
SHA512 2bb7778df4d18f415b856fe6474f13ad42876594a5b62249c033c1987dd3e15d3df6ce17b8876d7dfc6505ad575dbe94a9052a148aebf27ac0e89af64e448ff3

C:\Users\Admin\AppData\Local\Temp\_MEI29402\libffi-7.dll

MD5 36b9af930baedaf9100630b96f241c6c
SHA1 b1d8416250717ed6b928b4632f2259492a1d64a4
SHA256 d2159e1d1c9853558b192c75d64033e09e7de2da2b3f1bf26745124ed33fbf86
SHA512 5984b32a63a4440a13ebd2f5ca0b22f1391e63ac15fe67a94d4a579d58b8bb0628980a2be484ac65ad3a215bbe44bd14fe33ec7b3581c6ab521f530395847dd5

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vxz2ve4l.s3e.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\Desktop\logs\executed_at_2023-12-11_04-27-30.log

MD5 4ce88ce721aafc5bd9bc5102b36ed362
SHA1 01c5925d2bd463640e490a21a28e81e8410818cb
SHA256 a56c02bd072beaedb8e8ffa650d660471e378c97138cbaacd7132504ca50a0ec
SHA512 24bb8b71b4f1eb9f67d98ca4d48c23778e368833d3ee92c5cb14b7eea986e5386c662a7b6363cfbec71d928214470e6c8b269e948b0f6b243b9b08b04fe58b89

memory/2380-1552-0x00007FF9573A0000-0x00007FF95780E000-memory.dmp

memory/2380-1553-0x00007FF96D570000-0x00007FF96D594000-memory.dmp

memory/2380-1555-0x00007FF96D550000-0x00007FF96D569000-memory.dmp

memory/2380-1556-0x00007FF96D4B0000-0x00007FF96D4DD000-memory.dmp

memory/2380-1558-0x00007FF957020000-0x00007FF957395000-memory.dmp

memory/2380-1557-0x00007FF969170000-0x00007FF969184000-memory.dmp

memory/2380-1554-0x00007FF9728F0000-0x00007FF9728FF000-memory.dmp

memory/2380-1560-0x00007FF96F170000-0x00007FF96F17D000-memory.dmp

memory/2380-1559-0x00007FF969150000-0x00007FF969169000-memory.dmp

memory/2380-1561-0x00007FF969060000-0x00007FF96907C000-memory.dmp

memory/2380-1562-0x00007FF969030000-0x00007FF96905E000-memory.dmp

memory/2380-1564-0x00007FF96D680000-0x00007FF96D68D000-memory.dmp

memory/2380-1563-0x00007FF968F20000-0x00007FF968FD8000-memory.dmp

memory/2380-1566-0x00007FF968EE0000-0x00007FF968F18000-memory.dmp

memory/2380-1565-0x00007FF95A160000-0x00007FF95A278000-memory.dmp

memory/2380-1567-0x00007FF964850000-0x00007FF964865000-memory.dmp

memory/2380-1569-0x00007FF964820000-0x00007FF964834000-memory.dmp

memory/2380-1570-0x00007FF95A130000-0x00007FF95A152000-memory.dmp

memory/2380-1572-0x00007FF95A0F0000-0x00007FF95A109000-memory.dmp

memory/2380-1573-0x00007FF95A0A0000-0x00007FF95A0E9000-memory.dmp

memory/2380-1574-0x00007FF95A080000-0x00007FF95A091000-memory.dmp

memory/2380-1576-0x00007FF95A060000-0x00007FF95A07C000-memory.dmp

memory/2380-1575-0x00007FF964810000-0x00007FF96481A000-memory.dmp

memory/2380-1577-0x00007FF959D10000-0x00007FF959D6D000-memory.dmp

memory/2380-1578-0x00007FF959CE0000-0x00007FF959D09000-memory.dmp

memory/2380-1571-0x00007FF95A110000-0x00007FF95A127000-memory.dmp

memory/2380-1568-0x00007FF964840000-0x00007FF964850000-memory.dmp

memory/2380-1580-0x00007FF959C90000-0x00007FF959CAF000-memory.dmp

memory/2380-1579-0x00007FF959CB0000-0x00007FF959CDE000-memory.dmp

memory/2380-1581-0x00007FF959B20000-0x00007FF959C89000-memory.dmp

memory/2380-1582-0x00007FF9599C0000-0x00007FF9599F4000-memory.dmp

memory/2380-1583-0x00007FF959900000-0x00007FF9599BC000-memory.dmp

memory/2380-1584-0x00007FF9598D0000-0x00007FF9598FB000-memory.dmp

memory/2380-1586-0x00007FF9564F0000-0x00007FF956B5D000-memory.dmp

memory/2380-1587-0x00007FF959870000-0x00007FF9598C5000-memory.dmp

memory/2380-1585-0x00007FF956D90000-0x00007FF957013000-memory.dmp

memory/2380-1588-0x00007FF94A990000-0x00007FF94CA82000-memory.dmp

memory/2380-1589-0x00007FF956200000-0x00007FF9564E6000-memory.dmp

memory/2380-1590-0x00007FF959850000-0x00007FF959869000-memory.dmp

memory/2380-1591-0x00007FF9591F0000-0x00007FF959212000-memory.dmp

memory/2380-1600-0x00007FF959150000-0x00007FF959174000-memory.dmp

memory/2380-1637-0x00007FF957D10000-0x00007FF957DA5000-memory.dmp

memory/2380-1658-0x00007FF957CE0000-0x00007FF957D0D000-memory.dmp

memory/2380-1679-0x00007FF957CA0000-0x00007FF957CD3000-memory.dmp

memory/2380-1680-0x00007FF957C50000-0x00007FF957C95000-memory.dmp

memory/2380-1684-0x00007FF959830000-0x00007FF959849000-memory.dmp

memory/2380-1691-0x00007FF9591D0000-0x00007FF9591E7000-memory.dmp

memory/2380-1701-0x00007FF958560000-0x00007FF95857A000-memory.dmp

memory/2380-1724-0x00007FF957B80000-0x00007FF957C2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48962\attrs-23.1.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/2380-1706-0x00007FF957C30000-0x00007FF957C43000-memory.dmp

memory/2380-1737-0x00007FF957B60000-0x00007FF957B7B000-memory.dmp

memory/2380-1742-0x00007FF955ED0000-0x00007FF9561F6000-memory.dmp

memory/2380-1744-0x00007FF955E30000-0x00007FF955EC2000-memory.dmp

memory/2380-1750-0x00007FF957AA0000-0x00007FF957AEC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-11 04:22

Reported

2023-12-11 04:28

Platform

win10v2004-20231127-en

Max time kernel

120s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Exploit1 = "C:\\Users\\Admin\\Exploit Bot\\Hacker.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Exploit Bot\Hacker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4656 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4656 wrote to memory of 4424 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4424 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4424 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4424 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4424 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4424 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4424 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 2228 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 2228 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 2228 wrote to memory of 1704 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 2228 wrote to memory of 1704 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 2228 wrote to memory of 4248 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2228 wrote to memory of 4248 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1704 wrote to memory of 3100 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 1704 wrote to memory of 3100 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Users\Admin\Exploit Bot\Hacker.exe
PID 3100 wrote to memory of 3976 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\system32\cmd.exe
PID 3100 wrote to memory of 3976 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\system32\cmd.exe
PID 3100 wrote to memory of 1252 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3100 wrote to memory of 1252 N/A C:\Users\Admin\Exploit Bot\Hacker.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x520

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Exploit Bot\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Exploit Bot\activate.bat""

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Exploit Bot\Hacker.exe

"Hacker.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\Exploit Bot\Hacker.exe

"Hacker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Exploit Bot\""

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 udp
US 162.159.134.234:443 tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:53933 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:53943 tcp
N/A 127.0.0.1:53945 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI46562\python310.dll

MD5 130ed5ec118f3794806c8af8209e95a5
SHA1 5b1a24bb0ef4566a9694e1fa30f22e2f13e479db
SHA256 2dc9281c67f9b12d438e763d598fff3a9f6c6a88b91bdf60ffee1a49f255acda
SHA512 125eade1b6a13a21bd5de221fc5b7e15709d94d24a207f18e73cc2a22c1fc5a192f21e806b1f5dd2f99bfb21fe7588c724f9d21d913c4c9f8c8d90aeb1dc177a

C:\Users\Admin\AppData\Local\Temp\_MEI46562\VCRUNTIME140.dll

MD5 e6f8144c8bb482b75c60e14ebbfe4c4c
SHA1 03aef442835a8b040ad0bcdf4bc7f79865be93e8
SHA256 fbd3667cc5821f72971157e0c838e88e2f3cadd041fc4f9b1427dcacf049024b
SHA512 5d6948e3e311a963d10643169c05978cad19ea363b7a4d9f25bbac7f1e3a708f9432312fe12ed2881388373459f670f1ceb88ac3310c69e45c3662fb2d47e4d1

memory/4424-1264-0x00007FFFA9D10000-0x00007FFFAA17E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\VCRUNTIME140.dll

MD5 ceb75aadf9a7618174b0a834a642e286
SHA1 0143e4c2a5d86463594930fa56072f311050ad44
SHA256 232f263b63cf59177114365330e75abc4c2afc37b912aeff4d7b64a7de011711
SHA512 345b04a9b32603ff685b84e03919a395146c165b8af4db55b9f93bd7ace5959df47caf63e902103bddfc483e53dd3a5882ef3b0874b1a5c36d6c5e9dba13ac70

C:\Users\Admin\AppData\Local\Temp\_MEI46562\python310.dll

MD5 546023e72197dc6e53ff950ebbab1784
SHA1 c6f28a1eb41dd7ae0714b4a4990f37d24d4be40a
SHA256 6af762e58336ecba2f66baba9cc38cdbb6dae5345e28596a6be42db24285d071
SHA512 318cbad0db38a74731dd25d41551f1ef941bf8eb227e24aa0425c636989bf59f7e3d6668650da3cc102604806e08f521be43e2a56b61514043d023f2caeef6df

C:\Users\Admin\AppData\Local\Temp\_MEI46562\base_library.zip

MD5 a990cc4c3c8c13cb23f2a7322fecdb04
SHA1 ce5343ddf21612475947df8d7b36a6452402dabc
SHA256 78a2bf0ba2db0581e2895680b15d22500f2817a7c6b4de5f85381f2ee4368695
SHA512 d84c8e72f60e1c62275ab5d074879fb9ad64c14db0c68266399899413eeecf65608f52748c5f0ef0ba1ae93f85055f944776fc6ca5a4c0e36827fac66c39bf2f

memory/4424-1272-0x00007FFFB0DE0000-0x00007FFFB0E04000-memory.dmp

memory/4424-1274-0x00007FFFBB140000-0x00007FFFBB14F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_lzma.pyd

MD5 5717e614331931a52e02a877acfd03e4
SHA1 84c139f00e9b71b1fb13e3f8a2ae2e4fb1e98330
SHA256 cf6f8df8ce6996f367e294dff09fec5c8544c9f70450e1a86f2411c61ef28fae
SHA512 926a89f1997116ff924ac223efc7d230ad95da145a0ae80ccc1939f5f28338ccfab50ac0a666484c735a7ebe4da3e3a64f4a71c95fe200a9550319e13dbecf5f

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_hashlib.pyd

MD5 d739520f67e7b96c851c362b13453a7d
SHA1 2e6f2a9ad034eb5572c8eb595a2973de00c450fc
SHA256 d62f84f07831c7ecae8c94fc647f35bc1c0b0d659f6649fd6829dac733c085cb
SHA512 994ec042e13f5a6164a5046fccf5d6f16dc9b5f7517b6219cde90cf0d8554090eedb5de51f64c5abebe4a3e5237af210f06106f41bcdaab29660fdbf9e5b146a

memory/4424-1325-0x00007FFFB1330000-0x00007FFFB1344000-memory.dmp

memory/4424-1326-0x00007FFFA9900000-0x00007FFFA9C75000-memory.dmp

memory/4424-1331-0x00007FFFBA550000-0x00007FFFBA55D000-memory.dmp

memory/4424-1333-0x00007FFFAADE0000-0x00007FFFAADFC000-memory.dmp

memory/4424-1334-0x00007FFFA98D0000-0x00007FFFA98FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\psutil\_psutil_windows.pyd

MD5 14a5201f18ac04244a5ee2ea57aed1c0
SHA1 2cec2ea0a3a44bda83fd76776ef028a3622e8aa7
SHA256 36e95af05d14c05b6f4af6e999d82abdf6f5dee32bc352f1e7196b43cbb84341
SHA512 aaea3da5a08b96de6975729a71ccd35cbf185d57f6bb9f2e098b32f90f5da92092a870338117112300d0211103535c41ab1ec095d0caba508ea6bee215ede2a3

memory/4424-1336-0x00007FFFA9810000-0x00007FFFA98C8000-memory.dmp

memory/4424-1338-0x00007FFFBA500000-0x00007FFFBA50D000-memory.dmp

memory/4424-1337-0x00007FFFB0DE0000-0x00007FFFB0E04000-memory.dmp

memory/4424-1335-0x00007FFFA9D10000-0x00007FFFAA17E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\psutil\_psutil_windows.pyd

MD5 9deb186efc71b798f7db905ff0659dd3
SHA1 91c9e1c195005382cbdbb5c05f0436ad37aac296
SHA256 77180a88f572e4c20361178367e91e9617175c56e82ef25c038a1e1454377b77
SHA512 397933c008f69a875323970bcffe77003a44ee3ed03b16e223e71551a86bdba5c89ea2ba01896242b7ec250082da99c718039a97313247f4c44d3568e5d94ebd

C:\Users\Admin\AppData\Local\Temp\_MEI46562\select.pyd

MD5 e293b0989eba2c52a14bb07d5e8c53b7
SHA1 7b779d80efaf25765acadc3b3799e58e153ab1f6
SHA256 3238a3b53188caca7571ae0b8c1437abc9bc0c23fa538bdd746808659fc77f77
SHA512 ad0351cb477dc5742ef1aebb61813a3a14ab6df0a0b60d2e9ad6999b8a302e92d2a7cab0d7ccdd31525c759370a899dce6e7b79362d613a5f7fcc7a8cc6dc3ae

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_socket.pyd

MD5 74ddc73184701a1378a36e0494b84b74
SHA1 9b81c3e23f2751a14cc8ef16d7ab64b5d4abd9a5
SHA256 e3219e905226441a6de3d1d1420aa11de3f0368dcd2aa85dc5283b702dca96cf
SHA512 65e072080b543ea20b6a272312249bb166728583d514d3b86351ca65dc620fb55005aa3899382486bd8db61b521c9572b2ee8b33196b3aa524d177d7474c737f

memory/4424-1328-0x00007FFFB0BE0000-0x00007FFFB0BF9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libcrypto-1_1.dll

MD5 4dbdccefe20d1b5159bd564f8b05ab38
SHA1 3a1b2af8aa4acd259468cdd8bc00992d06d1a310
SHA256 d645544fb2ebc4664998a808308ae9c79082937233eacdc93ef57cff2b7efa34
SHA512 f988f11629899dd7138f13e7d34ae3065d3ce509fc0e6d69e144a9516a0b6c014dc3688e8cf885d521a8bbf5e960c51e9295faa4dfc2ad0a9a494eb98692fc66

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_uuid.pyd

MD5 ee02ef4972de5e5800285702755b4b95
SHA1 d51f5fef0c03b93016c749694f6f013218031b1d
SHA256 0081ebd9ecf7e5e690ae9a1cf5450e018c84bdf98dc9b6a45b1a6d527411ec96
SHA512 8233734de4c51d2a2aeed94059c183e6d5c7d66ec9d1c31a54aab23f2aa10a6c483a1d7284fc345215bdc89d2831ad0e63fdfd560b36cd469b393a6d77efe033

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_tkinter.pyd

MD5 65fcdef212d4d051e191bf19db4b8670
SHA1 9ac5babed404b6c153931870f453200239e7d399
SHA256 cc54efe587f1bcf52bd4f2a1c90ece2a3e70a1193775118507177556374f9344
SHA512 afeba98ca8ee81b301304f16de391785eb97c6032f8bbcfa9c9cd6827c52f3944b45ceaa425c3f5957de6e7843754cf02eaaf376bc1a99d8e67a32b6c12f9233

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_ssl.pyd

MD5 9ac6fb2ecf3de59049084ad986899c50
SHA1 c884ba3f97f58cc8abc33a61b5cd202ccb13743e
SHA256 2e4a6646055278511029b2a31b872b7279cf9846240fed65f66acf90cb5f8e20
SHA512 52f784da32eacb96991bdf9f4be2347e629689e9dbaecdb19218fafdbc6df6007d82d38db771288938b1f1dbc91821ab6b25d8514a522dd937f1b95091dd3eee

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_sqlite3.pyd

MD5 05e2a32c271cbeb41b177c91d4136872
SHA1 cad145d665409e7e999f21db8e48956035d6eafb
SHA256 2ff94ef85f93a79a07e85ad7accbce79bd167234342e01f26636f9c7507affe6
SHA512 e6fe3630affa31db4ce98bc7b17f7334182137b86a8ec2e12d0064534dd3dab268dd853ff09d0677a7d1f531e28a4a9a269d2637b09cca879a993b52566bdde6

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_socket.pyd

MD5 6df7790fc77e53e4a98b135e26a73da8
SHA1 b37feedabd2818ea1fae795eafa6a29358b85794
SHA256 052ff4383fe6de1d86d24f496918775234a311558fbb3899cd134d6d5b1f3ff7
SHA512 53d208413eae666f42c795e73e653d989d53b4fe6aea3db3b80332019a8a5cecb56b9862d424cf3af29948f39471193b253243d94d9a8a18957e778043b7e5b7

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_queue.pyd

MD5 76085aca5511e13a547b5e4a98e15bd3
SHA1 3328b85533f0c549ebdd8bc5c77b4f3ed1ed618d
SHA256 b5b6d6c055f58fc44576ae4490a36a1a0a6cd10827f9c7605d8e46365edcd773
SHA512 ef48fd39c52ef5cbac67245146d0c22c1a664ee878760ce9533145c5052964af8c079aec7793a803cab3da58ab74c86d93bd19ab7c433feafc798d7b524740de

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_portaudio.cp310-win_amd64.pyd

MD5 c87f515ea40a0b8269e5ffee04ecbf74
SHA1 a9c893ace6a29e2f1d98b5201cf3ae3d560c1bb5
SHA256 1b846c3ca8c8e9568c0e3966bc4ec89472dcbdb55126e2bcd263c9954bf3a70c
SHA512 018767be58b2f5ee53ebfafe42b3a650abe4f447800b9947721a8e520511b1d3c5f8abdbee578f6be1b5c59a7d33a9404728cb119eaa91723df94cfce8731fc0

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_overlapped.pyd

MD5 3ef2bf94e7bffdc7c0621b946b85112a
SHA1 0b48549d399d5ba27b5172b4e64b642cc47f54f3
SHA256 ebc7d118b59fa37b9995b025fd9357e736d3b18289861e9890cbf856ad083979
SHA512 ac5471ca1a4e8633b661dc9e0a8239ed5c91fd09e954b2f97a16f5d148602735089cd1aa9f6c7dc4ada3878386cd324856e468e9ede79442b97f1aba14c0dfa0

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_multiprocessing.pyd

MD5 f607da797570db55c47a4d552a85c9b6
SHA1 1e906e02d7b05c1f57b538fc7260701fcead3836
SHA256 4bff0bf90deb9ff9824eb66ce312dd2827f2dd4c39eb3ff47e53a7f5257af381
SHA512 3141b15926fe43efa1507cd5d70405d6dc15a0481c67ff1f90c13971d1bfcd3b906d90bcc87f1fb9e2d0fcba2dfba76ccf08eb0fd574774a3df4eaa3616c67f7

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_msi.pyd

MD5 668b774674816454edabf76dc2e8bbf7
SHA1 b18b91b6a95d2cf0a691b70bd4789ebdf1edb705
SHA256 9166147dcbb8e63324dc2af8d73a1be7a4c77211f7d886eed2938607c2913826
SHA512 7439ba293ae66271093da726f09dfa69cfb055c5722ee71e544eb9f7108603a3c1bf302366d62b050c20f8c3d7c3f05d0493297d42711e7b15630d511d1ba335

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_elementtree.pyd

MD5 e7baa0ddb430f75d80895d9fd311ef23
SHA1 218ab67ff80c8ce0dcb7c7c6a529064948b0a083
SHA256 9d456f923e29f6f1cb3ebc37a24c3fb3f2d0ca83ebacd0d34baedc18699105eb
SHA512 65202b556ae82ae90fe459fd31f09ade4c5d227cf3857cbe4e73455e3bfed42663ad0cfd7f7a56d619637231a4ee62f95dcd895e3319bf3a81791f702de10b38

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_decimal.pyd

MD5 1c89e49eed35bc1a70fc28ea53dc9450
SHA1 1b3b4d8f5847946a69fe5c5d486d49bebde67a5c
SHA256 eaf92bd8e5afc847e99dda33e5b910b44519f996d32fe6dda501f149fb096ac5
SHA512 9b73ed9dc22b0b560b65c17e4a6bbf3da689fadc281bc29bfbf51c98bdeb9a283f12e30fdb7ea676b583bec63e91f4d2a49272d1577580536ac7705990b61f8a

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_cffi_backend.cp310-win_amd64.pyd

MD5 05313180bb51e163bc0d7ac83ab1d617
SHA1 86ce67cd93b7f70f952bbf7208b9972903e067f9
SHA256 bb3a821c334ae6733761c059dc0139055c910c2b73d575bbf04d2ecce9f27a63
SHA512 1124721322c212974fab52b9547b71f73cf7441c820ab460e95aa76b42ef24648f321c9a27a5a301b28297b87e095ce11321f017aecce0a3509d1a8ee2d8439d

memory/4424-1339-0x00007FFFA96F0000-0x00007FFFA9808000-memory.dmp

memory/4424-1341-0x00007FFFAAE00000-0x00007FFFAAE2D000-memory.dmp

memory/4424-1348-0x00007FFFB9BB0000-0x00007FFFB9BBE000-memory.dmp

memory/4424-1347-0x00007FFFB0BE0000-0x00007FFFB0BF9000-memory.dmp

memory/4424-1352-0x00007FFFB3440000-0x00007FFFB3450000-memory.dmp

memory/4424-1355-0x00007FFFA9670000-0x00007FFFA9682000-memory.dmp

memory/4424-1357-0x00007FFFA9650000-0x00007FFFA965F000-memory.dmp

memory/4424-1363-0x00007FFFA9600000-0x00007FFFA9611000-memory.dmp

memory/4424-1365-0x00007FFFA95A0000-0x00007FFFA95B1000-memory.dmp

memory/4424-1366-0x00007FFFA9580000-0x00007FFFA9595000-memory.dmp

memory/4424-1367-0x00007FFFA95D0000-0x00007FFFA95E0000-memory.dmp

memory/4424-1370-0x00007FFFA9510000-0x00007FFFA9527000-memory.dmp

memory/4424-1371-0x00007FFFA94F0000-0x00007FFFA9509000-memory.dmp

memory/4424-1369-0x00007FFFA9530000-0x00007FFFA9552000-memory.dmp

memory/4424-1374-0x00007FFFA9480000-0x00007FFFA9491000-memory.dmp

memory/4424-1376-0x00007FFFA9450000-0x00007FFFA946C000-memory.dmp

memory/4424-1377-0x00007FFFA93F0000-0x00007FFFA944D000-memory.dmp

memory/4424-1375-0x00007FFFA95E0000-0x00007FFFA95F5000-memory.dmp

memory/4424-1373-0x00007FFFA9470000-0x00007FFFA947A000-memory.dmp

memory/4424-1379-0x00007FFFA9150000-0x00007FFFA9179000-memory.dmp

memory/4424-1380-0x00007FFFA9120000-0x00007FFFA914E000-memory.dmp

memory/4424-1378-0x00007FFFA9580000-0x00007FFFA9595000-memory.dmp

memory/4424-1372-0x00007FFFA94A0000-0x00007FFFA94E9000-memory.dmp

memory/4424-1368-0x00007FFFA9560000-0x00007FFFA9574000-memory.dmp

memory/4424-1364-0x00007FFFA95E0000-0x00007FFFA95F5000-memory.dmp

memory/4424-1362-0x00007FFFA9620000-0x00007FFFA962E000-memory.dmp

memory/4424-1361-0x00007FFFA95C0000-0x00007FFFA95CE000-memory.dmp

memory/4424-1360-0x00007FFFA9630000-0x00007FFFA963F000-memory.dmp

memory/4424-1381-0x00007FFFA90F0000-0x00007FFFA910F000-memory.dmp

memory/4424-1359-0x00007FFFA9640000-0x00007FFFA964E000-memory.dmp

memory/4424-1358-0x00007FFFA96B0000-0x00007FFFA96E8000-memory.dmp

memory/4424-1382-0x00007FFFA9530000-0x00007FFFA9552000-memory.dmp

memory/4424-1383-0x00007FFFA8F80000-0x00007FFFA90E9000-memory.dmp

memory/4424-1387-0x00007FFFA8F40000-0x00007FFFA8F4B000-memory.dmp

memory/4424-1386-0x00007FFFA8F60000-0x00007FFFA8F6B000-memory.dmp

memory/4424-1385-0x00007FFFA8F70000-0x00007FFFA8F7B000-memory.dmp

memory/4424-1384-0x00007FFFA9510000-0x00007FFFA9527000-memory.dmp

memory/4424-1356-0x00007FFFA9660000-0x00007FFFA9670000-memory.dmp

memory/4424-1354-0x00007FFFB0DD0000-0x00007FFFB0DE0000-memory.dmp

memory/4424-1353-0x00007FFFA98D0000-0x00007FFFA98FE000-memory.dmp

memory/4424-1351-0x00007FFFB9850000-0x00007FFFB985F000-memory.dmp

memory/4424-1350-0x00007FFFAADE0000-0x00007FFFAADFC000-memory.dmp

memory/4424-1349-0x00007FFFA9690000-0x00007FFFA96A1000-memory.dmp

memory/4424-1346-0x00007FFFBA330000-0x00007FFFBA33E000-memory.dmp

memory/4424-1345-0x00007FFFB1330000-0x00007FFFB1344000-memory.dmp

memory/4424-1344-0x00007FFFB9BF0000-0x00007FFFB9BFF000-memory.dmp

memory/4424-1343-0x00007FFFBA3C0000-0x00007FFFBA3CF000-memory.dmp

memory/4424-1342-0x00007FFFA9900000-0x00007FFFA9C75000-memory.dmp

memory/4424-1340-0x00007FFFA96B0000-0x00007FFFA96E8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_asyncio.pyd

MD5 728e9c777b6573b6017fbb4552b2dbee
SHA1 4fe82a24837a836438eb16aee3c19264f8fa1794
SHA256 89233eec4bbc95920765028d8ddcc91b5dbbaaa5c047203462b33f828c725956
SHA512 1bf92d57d21e86ee98595fb4dda12d64d43d11b53f27d0754ee08dee16be77f53ad427f84c870429837fdee04e6f0d062a8451953fecdaa09b9db7245f548ca0

C:\Users\Admin\AppData\Local\Temp\_MEI46562\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI46562\VCRUNTIME140_1.dll

MD5 75e78e4bf561031d39f86143753400ff
SHA1 324c2a99e39f8992459495182677e91656a05206
SHA256 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e
SHA512 ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

C:\Users\Admin\AppData\Local\Temp\_MEI46562\unicodedata.pyd

MD5 15fb3324ec1f86b80d4b1d244296d08e
SHA1 68cbb1c308984716b704b5b68a9098dc48c4afbd
SHA256 90e898720dc7579191362d017aeb30d17cb2135659324c94a2113a2e8282bea4
SHA512 2585818db7a8412522525281a5be983ec69b73ce8212fb58b8b21b96ae812ddbc944b658b9674020514c530b4ddb723529531f2fdbe0a38bc5f24ad1829a665b

C:\Users\Admin\AppData\Local\Temp\_MEI46562\tk86t.dll

MD5 7a9099e99c47fce42d2e10935be85e52
SHA1 6b9c65a4882810d7c8a58e24e8de73bb03805010
SHA256 63d28044a0b2c59e799c891018200e3015d89c8419be211a96c22ab6daa291ea
SHA512 8a350c947a32c5a29884629c893481cbcf3601d1c388130de7f5beeed7d6b1e9d753a6a3e14e7920021c44748fce6e716a73dc1fe91658231eab213308f4dac7

C:\Users\Admin\AppData\Local\Temp\_MEI46562\tcl86t.dll

MD5 61dc8006529a7656288d2d4a3990f12d
SHA1 4c2d12e74e47a8422d0b897d669eefb479c8fa5d
SHA256 0d6d9297c873757558a903bd61e7723344cf04241a2c2495999d9d7b853aa235
SHA512 4c3c9377a80a29e68d0da8508bbb5aa060c3af8e4acd616d4d0488e73ede0717172f815aab61f5ba12dba63756e2256eb4c6ebaf6e9c14ab2e6e7bc7231a7546

C:\Users\Admin\AppData\Local\Temp\_MEI46562\sqlite3.dll

MD5 04747358ea7ca0379439ed834f795518
SHA1 55fc2c7e953d946fe8ee287222962d12681bc281
SHA256 ef209ef34927113b5a218dca320ab3bd1feed2e191b4dd2df9828ca500d13c7b
SHA512 c22697b9ee21ecac8ac30ce6e7e1ab16175670adc0bed025c9251b130a6add2562a9506c62ee7257c6897cb104358e84dfcd959bea10a6281c22a8bd87cdd840

C:\Users\Admin\AppData\Local\Temp\_MEI46562\select.pyd

MD5 959e471b8496a2c68649bad5dfa865eb
SHA1 eb0d58cda97190d2e57f7d594c4d5f2e3314ea56
SHA256 e7f17d68107e4154879412da5d99fb8b3e3d25b602355f67e13c6a91106eaeb3
SHA512 21cae515d08e7d2b50eed1d4bf09abb195e8dfbb7812b1b6e1f0ec4ff2dbe275ffa70ca062e0a65cf2124229f26730052e6d1dc0f26520ac1e505366f91d853c

C:\Users\Admin\AppData\Local\Temp\_MEI46562\SDL2_ttf.dll

MD5 8d3d0ae6d009adcfa22cf9229aea9000
SHA1 d115dacbd3248fdc434654e962253b9fe7c1b2f9
SHA256 dcd5e6305c85b20fce17c5915c120eb61b25dac4e2148cf7fb3f1cebe059c8df
SHA512 a518b3a4d3ba4549a02197f84c4fecba02fd93141c46334d6214137fa4205806dc8cd3d939b0594bc6cc06b918104fcd5a4a5d63bad5539129aa52f216707420

C:\Users\Admin\AppData\Local\Temp\_MEI46562\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI46562\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI46562\SDL2.dll

MD5 b25ee198d83a9decabe6222b15fec124
SHA1 aad86fdd464c9db23afeccb48b516f185709ee86
SHA256 4dc011ffc4dd8191731bea92241a6870a201d9f0bd4bcb8ead032b1f18740d51
SHA512 fbff85d846d080716f6d233065b97599b248aada139040c5b7b7640da38d06a69eb3cb435d4bba17fdd3d82efe2db117110eac28a4927ca24ca09b4b078653d0

C:\Users\Admin\AppData\Local\Temp\_MEI46562\pyexpat.pyd

MD5 d930198dfbd47f7e746616dd6103a044
SHA1 1f03785014c42a68f740f82cf2adc9c701faa910
SHA256 57788a94ce93ebed829de17e9c49f481067fdb6561bbc11a1f50a545fe102157
SHA512 5a4c7318064d64b5c981ab77898a570c204e01744e61f2d956f8f8757fc32b63d8ce8c09bca01dca1defdde1baae61a8ad812f4236028c83ec5bc8785be4d1b4

C:\Users\Admin\AppData\Local\Temp\_MEI46562\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libssl-1_1.dll

MD5 ec14acdd9c22b57d3d58bf44dca7b962
SHA1 705f59d4e760d56970d9cf170ac7311de1aef163
SHA256 cc7a9c5c311c588d1b78541d2ba7bc9ae5452cb1f0265e85717b4e6ddaaa9c0e
SHA512 abda9eb3275ded66e9ef8d22e408f72458935700a8aa2ecceafcaa96c579b60dc31a096e5416da2fb385c242a7270585e4b994c7999ad891c6462eacc42cc70c

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libopenblas64__v0.3.23-246-g3d31191b-gcc_10_3_0.dll

MD5 ebe7a53760bbb4f930a77399bc21dc71
SHA1 4219701079cf7bfccb83d9b895d76b7f3bf143c4
SHA256 283eb657e0dc2daf73e16a266a69eef1794ded6882f151a64a83e592e73dbc08
SHA512 8d24bf1c303acf0d83e201153416d675beb5190aa22685588fd5698a57b3815886f91727ca8432567b2f0ee2af8512f7d1150b7ef052461f3aaa3c686d9c42cd

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libcrypto-1_1.dll

MD5 76920f5737182ea341dcd32427dd3342
SHA1 eec0ef2ec1576acdc57fe753fc3c8847ade0efeb
SHA256 51492f7664400af55e96f00194f58c0bf7d68ebc0750e804350e02117cfc27a5
SHA512 815980a18201288bb46c6a8bdbef2c3cccb1c341f63e6828f0edab4279eb44913b8ae40bf4702ad81659cfa28fbb62d5cbfad387ed6c58f7a6edcc618aff4bd0

C:\Users\Admin\AppData\Local\Temp\_MEI46562\freetype.dll

MD5 797624ae3bb9ff00b67eabbcf02b5106
SHA1 5fd91c1739e4f8aa2a8ac7f59c29b5730746f217
SHA256 84af458914f5f968349099c59d771a6c4c97cf7a239e5db223338fa0cf5880fa
SHA512 a3510390390d1ef4b48cbdea321b32eb4ab9dd92b4ba90f4febc83e4adadefd888eba04c1e287d14af511d5dca2c3e172bd15ca98a8712b74e0bb1ab1a8bfb08

C:\Users\Admin\AppData\Local\Temp\_MEI46562\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

memory/4424-1280-0x00007FFFAAE00000-0x00007FFFAAE2D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_lzma.pyd

MD5 1f1dc60560fd666e6e5b3a6dde762f0a
SHA1 f509508967c2933feb2ffe86ba9259f18d9d1dc1
SHA256 b7aba82e77bb5364c7ea2bd6ff9d0dbea6a141b4128f78b3cd2f9a63d693caf3
SHA512 7b464464652a14d493483464e9733762d4b81e81fdb06a9fad36ba92b5d4d47c28c0d5355f858049707860d0ff8f634e5173b0727de1443eccdb4bb26ad36fec

memory/4424-1278-0x00007FFFB97D0000-0x00007FFFB97E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_bz2.pyd

MD5 001e400d4f1b990fed96d79b886a31d1
SHA1 1ff78d878ebfd93d500ef010010fe13f63c51175
SHA256 1e297c76fdbd6d36933b95584c66acd1d8a0316169971c94974ef6ef565366c5
SHA512 2bb7778df4d18f415b856fe6474f13ad42876594a5b62249c033c1987dd3e15d3df6ce17b8876d7dfc6505ad575dbe94a9052a148aebf27ac0e89af64e448ff3

C:\Users\Admin\AppData\Local\Temp\_MEI46562\libffi-7.dll

MD5 36b9af930baedaf9100630b96f241c6c
SHA1 b1d8416250717ed6b928b4632f2259492a1d64a4
SHA256 d2159e1d1c9853558b192c75d64033e09e7de2da2b3f1bf26745124ed33fbf86
SHA512 5984b32a63a4440a13ebd2f5ca0b22f1391e63ac15fe67a94d4a579d58b8bb0628980a2be484ac65ad3a215bbe44bd14fe33ec7b3581c6ab521f530395847dd5

C:\Users\Admin\AppData\Local\Temp\_MEI46562\_ctypes.pyd

MD5 35ed0c8206d9c49504a42df3118a2b06
SHA1 d4148f4b98171fc71f502fca98f5b8d8839ddaee
SHA256 f45186bb8b794da8672eab28d7f55e6a37a44d77fecf3eb2646a3193f4914874
SHA512 c6daa7c3de5ddfc58b21217a16e30c1bf7c9e41859e0d37fe55cad45ffad8f4db79caf9de5524e1f738808bfa7b438cfc187b4bce5f321f66b7d858fe0c1ac52

C:\Users\Admin\AppData\Local\Temp\_MEI46562\python3.dll

MD5 e0ca371cb1e69e13909bfbd2a7afc60e
SHA1 955c31d85770ae78e929161d6b73a54065187f9e
SHA256 abb50921ef463263acd7e9be19862089045074ea332421d82e765c5f2163e78a
SHA512 dd5a980ba72e4e7be81b927d140e408ad06c7be51b4f509737faee5514e85a42d47518213da1c3e77c25f9bd2eb2109fca173d73d710ff57e6a88a2ff971d0b4

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hybtwei0.mqe.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4424-1561-0x00007FFFAAE00000-0x00007FFFAAE2D000-memory.dmp

memory/4424-1562-0x00007FFFB1330000-0x00007FFFB1344000-memory.dmp

memory/4424-1568-0x00007FFFA9810000-0x00007FFFA98C8000-memory.dmp

memory/4424-1573-0x00007FFFA95D0000-0x00007FFFA95E0000-memory.dmp

memory/4424-1576-0x00007FFFA9510000-0x00007FFFA9527000-memory.dmp

memory/4424-1577-0x00007FFFA94F0000-0x00007FFFA9509000-memory.dmp

memory/4424-1579-0x00007FFFA9480000-0x00007FFFA9491000-memory.dmp

memory/4424-1578-0x00007FFFA94A0000-0x00007FFFA94E9000-memory.dmp

memory/4424-1575-0x00007FFFA9530000-0x00007FFFA9552000-memory.dmp

memory/4424-1583-0x00007FFFA9150000-0x00007FFFA9179000-memory.dmp

memory/4424-1587-0x00007FFFA8E10000-0x00007FFFA8E44000-memory.dmp

memory/4424-1588-0x00007FFFA8D50000-0x00007FFFA8E0C000-memory.dmp

memory/4424-1589-0x00007FFFA8D20000-0x00007FFFA8D4B000-memory.dmp

memory/4424-1591-0x00007FFFA8420000-0x00007FFFA8A8D000-memory.dmp

memory/4424-1592-0x00007FFFA83C0000-0x00007FFFA8415000-memory.dmp

memory/4424-1590-0x00007FFFA8A90000-0x00007FFFA8D13000-memory.dmp

memory/4424-1586-0x00007FFFA8F80000-0x00007FFFA90E9000-memory.dmp

memory/4424-1584-0x00007FFFA9120000-0x00007FFFA914E000-memory.dmp

memory/4424-1585-0x00007FFFA90F0000-0x00007FFFA910F000-memory.dmp

memory/4424-1582-0x00007FFFA93F0000-0x00007FFFA944D000-memory.dmp

memory/4424-1593-0x00007FFFA6290000-0x00007FFFA8382000-memory.dmp

memory/4424-1595-0x00007FFFBAA50000-0x00007FFFBAA69000-memory.dmp

memory/4424-1597-0x00007FFFBA430000-0x00007FFFBA454000-memory.dmp

memory/4424-1599-0x00007FFFBA0B0000-0x00007FFFBA0DD000-memory.dmp

memory/4424-1601-0x00007FFFBA020000-0x00007FFFBA065000-memory.dmp

memory/4424-1605-0x00007FFFB9FC0000-0x00007FFFB9FDA000-memory.dmp

memory/4424-1606-0x00007FFFB9FA0000-0x00007FFFB9FB3000-memory.dmp

memory/4424-1609-0x0000029847D90000-0x00000298480B6000-memory.dmp

memory/4424-1612-0x00007FFFB0C00000-0x00007FFFB0C4C000-memory.dmp

memory/4424-1610-0x00007FFFAA780000-0x00007FFFAA812000-memory.dmp

memory/4424-1608-0x00007FFFB9F80000-0x00007FFFB9F9B000-memory.dmp

memory/4424-1607-0x00007FFFAB330000-0x00007FFFAB3DA000-memory.dmp

memory/4424-1700-0x00007FFFAA6D0000-0x00007FFFAA776000-memory.dmp

memory/4424-1720-0x00007FFFAB1B0000-0x00007FFFAB1D4000-memory.dmp

memory/4424-1759-0x00007FFFA54C0000-0x00007FFFA554B000-memory.dmp

memory/4424-1758-0x00007FFFA5550000-0x00007FFFA55B8000-memory.dmp

memory/4424-1760-0x00007FFFA5470000-0x00007FFFA54B8000-memory.dmp

memory/4424-1748-0x00007FFFA55C0000-0x00007FFFA5600000-memory.dmp

memory/4424-1723-0x00007FFFA5600000-0x00007FFFA5645000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI17042\attrs-23.1.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/4424-1718-0x00007FFFA5650000-0x00007FFFA56C3000-memory.dmp

memory/4424-1706-0x00007FFFA56D0000-0x00007FFFA58E8000-memory.dmp

memory/4424-1621-0x00007FFF9DAE0000-0x00007FFF9F97A000-memory.dmp

memory/4424-1604-0x00007FFFB9FE0000-0x00007FFFB9FF7000-memory.dmp

memory/4424-1602-0x00007FFFBA000000-0x00007FFFBA019000-memory.dmp

memory/4424-1600-0x00007FFFBA070000-0x00007FFFBA0A3000-memory.dmp

memory/4424-1598-0x00007FFFBA0E0000-0x00007FFFBA175000-memory.dmp

memory/4424-1596-0x00007FFFBA460000-0x00007FFFBA482000-memory.dmp

memory/4424-1594-0x00007FFFA5FA0000-0x00007FFFA6286000-memory.dmp

memory/4424-1581-0x00007FFFA9450000-0x00007FFFA946C000-memory.dmp

memory/4424-1580-0x00007FFFA9470000-0x00007FFFA947A000-memory.dmp

memory/4424-1574-0x00007FFFA9560000-0x00007FFFA9574000-memory.dmp

memory/4424-1571-0x00007FFFA96B0000-0x00007FFFA96E8000-memory.dmp

memory/4424-1572-0x00007FFFA9580000-0x00007FFFA9595000-memory.dmp

memory/4424-1569-0x00007FFFBA500000-0x00007FFFBA50D000-memory.dmp

memory/4424-1570-0x00007FFFA96F0000-0x00007FFFA9808000-memory.dmp

memory/4424-1567-0x00007FFFA98D0000-0x00007FFFA98FE000-memory.dmp

memory/4424-1566-0x00007FFFAADE0000-0x00007FFFAADFC000-memory.dmp

memory/4424-1565-0x00007FFFBA550000-0x00007FFFBA55D000-memory.dmp

memory/4424-1564-0x00007FFFB0BE0000-0x00007FFFB0BF9000-memory.dmp

memory/4424-1563-0x00007FFFA9900000-0x00007FFFA9C75000-memory.dmp

memory/4424-1560-0x00007FFFB97D0000-0x00007FFFB97E9000-memory.dmp

memory/4424-1559-0x00007FFFBB140000-0x00007FFFBB14F000-memory.dmp

memory/4424-1558-0x00007FFFB0DE0000-0x00007FFFB0E04000-memory.dmp

memory/4424-1557-0x00007FFFA9D10000-0x00007FFFAA17E000-memory.dmp