Malware Analysis Report

2025-05-05 21:21

Sample ID 240510-wcjsdscf76
Target setup.rar
SHA256 f5d41636c073fb72526aa151f84bc757ec50a23b2e17a69d0d1e3bbf842854f2
Tags
pyinstaller upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f5d41636c073fb72526aa151f84bc757ec50a23b2e17a69d0d1e3bbf842854f2

Threat Level: Shows suspicious behavior

The file setup.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller upx

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

UPX packed file

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 17:46

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 17:46

Reported

2024-05-10 17:49

Platform

win7-20240221-en

Max time kernel

118s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\setup\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

C:\Users\Admin\AppData\Local\Temp\setup\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI13082\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI13082\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

C:\Users\Admin\AppData\Local\Temp\_MEI13082\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

\Users\Admin\AppData\Local\Temp\_MEI13082\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

C:\Users\Admin\AppData\Local\Temp\_MEI13082\api-ms-win-core-timezone-l1-1-0.dll

MD5 b9a20c9223d3e3d3a0c359f001ce1046
SHA1 9710b9a8c393ba00c254cf693c7c37990c447cc8
SHA256 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068
SHA512 a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

C:\Users\Admin\AppData\Local\Temp\_MEI13082\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI13082\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 17:46

Reported

2024-05-10 17:49

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4628 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\setup\setup.exe
PID 4628 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\setup\setup.exe
PID 3516 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Windows\system32\cmd.exe
PID 3516 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Windows\system32\cmd.exe
PID 3536 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3536 wrote to memory of 1764 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 3516 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Windows\system32\cmd.exe
PID 3516 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\setup\setup.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 1544 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe
PID 1328 wrote to memory of 1544 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe
PID 1544 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe
PID 1544 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe
PID 764 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Windows\system32\cmd.exe
PID 764 wrote to memory of 3668 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Windows\system32\cmd.exe
PID 764 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Windows\system32\cmd.exe
PID 764 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe C:\Windows\system32\cmd.exe
PID 2044 wrote to memory of 1048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 2044 wrote to memory of 1048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

C:\Users\Admin\AppData\Local\Temp\setup\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "about\error.txt"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\setup\about\error.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3376 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe"

C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe

C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe

C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe

C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

Network

Country Destination Domain Proto
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.4.235:443 pastebin.com tcp
US 8.8.8.8:53 235.4.20.104.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 monkey-bebeicy.replit.app udp
US 34.117.33.233:443 monkey-bebeicy.replit.app tcp
US 8.8.8.8:53 233.33.117.34.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.8.44:443 ipapi.co tcp
US 8.8.8.8:53 44.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI46282\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI46282\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

C:\Users\Admin\AppData\Local\Temp\_MEI46282\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI46282\base_library.zip

MD5 524a85217dc9edc8c9efc73159ca955d
SHA1 a4238cbde50443262d00a843ffe814435fb0f4e2
SHA256 808549964adb09afafb410cdc030df4813c5c2a7276a94e7f116103af5de7621
SHA512 f5a929b35a63f073bdc7600155ba2f0f262e6f60cf67efb38fa44e8b3be085cf1d5741d66d25a1ecaaf3f94abfe9bbe97d135f8a47c11f2b811d2aac6876f46c

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_socket.pyd

MD5 0f5e64e33f4d328ef11357635707d154
SHA1 8b6dcb4b9952b362f739a3f16ae96c44bea94a0e
SHA256 8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe
SHA512 4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

C:\Users\Admin\AppData\Local\Temp\_MEI46282\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI46282\select.pyd

MD5 c119811a40667dca93dfe6faa418f47a
SHA1 113e792b7dcec4366fc273e80b1fc404c309074c
SHA256 8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7
SHA512 107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_ssl.pyd

MD5 9ddb64354ef0b91c6999a4b244a0a011
SHA1 86a9dc5ea931638699eb6d8d03355ad7992d2fee
SHA256 e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab
SHA512 4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

C:\Users\Admin\AppData\Local\Temp\_MEI46282\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI46282\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI46282\zstandard\backend_c.cp310-win_amd64.pyd

MD5 4652c4087b148d08adefedf55719308b
SHA1 30e06026fea94e5777c529b479470809025ffbe2
SHA256 003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795
SHA512 d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_hashlib.pyd

MD5 d856a545a960bf2dca1e2d9be32e5369
SHA1 67a15ecf763cdc2c2aa458a521db8a48d816d91e
SHA256 cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3
SHA512 34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_queue.pyd

MD5 52d0a6009d3de40f4fa6ec61db98c45c
SHA1 5083a2aff5bcce07c80409646347c63d2a87bd25
SHA256 007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75
SHA512 cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_decimal.pyd

MD5 6339fa92584252c3b24e4cce9d73ef50
SHA1 dccda9b641125b16e56c5b1530f3d04e302325cd
SHA256 4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96
SHA512 428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

C:\Users\Admin\AppData\Local\Temp\_MEI46282\simplejson\_speedups.cp310-win_amd64.pyd

MD5 a4c988361c7f69e080de5eb1a6c3f5cd
SHA1 86d77b7a17c79a1db9c6790b23b0702b245ed94c
SHA256 02d867d8f8120658255c6e5ec426010c149fe353795f79326fe5de3e849fc6c8
SHA512 dc73a144dc007ed9b207e9ca02e3a8663e705f71e3873d5d883e7e3fecba3d6268b4fa59a1f88db023d4b98aaef6fc5677e7269fff0c2c0e4eab8f98e57b062a

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_lzma.pyd

MD5 0a94c9f3d7728cf96326db3ab3646d40
SHA1 8081df1dca4a8520604e134672c4be79eb202d14
SHA256 0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31
SHA512 6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

C:\Users\Admin\AppData\Local\Temp\_MEI46282\_bz2.pyd

MD5 bbe89cf70b64f38c67b7bf23c0ea8a48
SHA1 44577016e9c7b463a79b966b67c3ecc868957470
SHA256 775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723
SHA512 3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

C:\Users\Admin\AppData\Local\Temp\_MEI46282\charset_normalizer\md.cp310-win_amd64.pyd

MD5 0e2a2addd0d5b21193dbaae162604181
SHA1 526b25822b2571307fe8d4208c83227c0c64cb10
SHA256 ab0a8fd8f085766a2a7001380e6ee219d5ae68d0194498eeb8d3866f922fbcae
SHA512 6e0f0fa11fff0853e4063f5e1a526936cd682303f94b13da0bd4fb6b2da5efdbb3acb378951508ee3a2dea7f7e2c1d6f968e00ae63d1b6063cc2ad932a3856e9

C:\Users\Admin\AppData\Local\Temp\_MEI46282\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 c6c87fc7bd7555026bb1738857066cff
SHA1 3c89dcbc228a7b689860545495f7a081721c5a12
SHA256 1a6961fd249dbb3a9ccc903fe5ec4631616594edefb19db423fb488b3dba619a
SHA512 63d5b76830d17f90c7d846c8481fac33d86cf1e606d4e33cbe5af868b41d35e7c8c95b93906258d1954809d13a46036fabad093a8693bd29121c020f743faeaa

C:\Users\Admin\AppData\Local\Temp\_MEI46282\unicodedata.pyd

MD5 4c8af8a30813e9380f5f54309325d6b8
SHA1 169a80d8923fb28f89bc26ebf89ffe37f8545c88
SHA256 4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05
SHA512 ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

C:\Users\Admin\AppData\Local\Temp\_MEI46282\certifi\cacert.pem

MD5 59a15f9a93dcdaa5bfca246b84fa936a
SHA1 7f295ea74fc7ed0af0e92be08071fb0b76c8509e
SHA256 2c11c3ce08ffc40d390319c72bc10d4f908e9c634494d65ed2cbc550731fd524
SHA512 746157a0fcedc67120c2a194a759fa8d8e1f84837e740f379566f260e41aa96b8d4ea18e967e3d1aa1d65d5de30453446d8a8c37c636c08c6a3741387483a7d7

C:\Users\Admin\AppData\Local\Temp\setup\about\error.txt

MD5 fa0a6866f06ecc5db780b047802e9ecd
SHA1 6846053deec25b04028a67ca88173e908f3bffcb
SHA256 0d74840faf4775a49e88102f0715f5338d8fac71c65c4bae628dc00060954e4f
SHA512 0fa7fe7fcc1e0a778cab67b1d4e8b562fb5ef874fa4e59c351a8af28bdd9d0b4a3c74b864656400a98549ca0f05bc75c0147b42e76b1ce4573d0c3e5b9555d41

C:\Users\Admin\AppData\Local\Temp\tmpu_a188wx\executor.exe

MD5 4a7d4143741345576c21eed45712fbd7
SHA1 b29366490d9645397bec014dee50f1a36b37ff94
SHA256 67a4401bdbe48dbc38308bbddb46f47d19bbf86921d98c8816ee271750255777
SHA512 69aa02a7bc57c3868b961ef68b473b2ddaa47516ba94f6997f3432b8c0ce1181d6e1a352ab13bed59e1680b90e344e8cf264571ecdfc59dc04259f5552f370ad

C:\Users\Admin\AppData\Local\Temp\_MEI15442\pyinstaller-5.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI15442\python310.dll

MD5 69d4f13fbaeee9b551c2d9a4a94d4458
SHA1 69540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA512 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

memory/764-313-0x00007FFE92580000-0x00007FFE929EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_ctypes.pyd

MD5 6ca9a99c75a0b7b6a22681aa8e5ad77b
SHA1 dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8
SHA256 d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8
SHA512 b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

memory/764-322-0x00007FFE957A0000-0x00007FFE957C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI15442\libffi-7.dll

MD5 b5150b41ca910f212a1dd236832eb472
SHA1 a17809732c562524b185953ffe60dfa91ba3ce7d
SHA256 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA512 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

memory/764-324-0x00007FFEA4230000-0x00007FFEA423F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_bz2.pyd

MD5 758fff1d194a7ac7a1e3d98bcf143a44
SHA1 de1c61a8e1fb90666340f8b0a34e4d8bfc56da07
SHA256 f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708
SHA512 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

memory/764-328-0x00007FFE9FDF0000-0x00007FFE9FE09000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI15442\_lzma.pyd

MD5 abceeceaeff3798b5b0de412af610f58
SHA1 c3c94c120b5bed8bccf8104d933e96ac6e42ca90
SHA256 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e
SHA512 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

memory/764-330-0x00007FFE94F60000-0x00007FFE94F8D000-memory.dmp

memory/764-331-0x00007FFE935D0000-0x00007FFE93604000-memory.dmp

memory/764-332-0x00007FFE93E40000-0x00007FFE93E59000-memory.dmp

memory/764-333-0x00007FFEA0FC0000-0x00007FFEA0FCD000-memory.dmp

memory/764-334-0x00007FFEA0310000-0x00007FFEA031D000-memory.dmp

memory/764-335-0x00007FFE931E0000-0x00007FFE9320E000-memory.dmp

memory/764-339-0x00007FFE93120000-0x00007FFE931DC000-memory.dmp

memory/764-338-0x00007FFE92580000-0x00007FFE929EE000-memory.dmp

memory/764-341-0x00007FFE930F0000-0x00007FFE9311B000-memory.dmp

memory/764-340-0x00007FFE957A0000-0x00007FFE957C4000-memory.dmp

memory/764-342-0x00007FFE930A0000-0x00007FFE930E2000-memory.dmp

memory/764-343-0x00007FFE9FE60000-0x00007FFE9FE6A000-memory.dmp

memory/764-345-0x00007FFE935B0000-0x00007FFE935CC000-memory.dmp

memory/764-344-0x00007FFE94F60000-0x00007FFE94F8D000-memory.dmp

memory/764-347-0x00007FFE93070000-0x00007FFE9309E000-memory.dmp

memory/764-346-0x00007FFE935D0000-0x00007FFE93604000-memory.dmp

memory/764-349-0x00007FFE92FB0000-0x00007FFE93068000-memory.dmp

memory/764-348-0x00007FFE93E40000-0x00007FFE93E59000-memory.dmp

memory/764-351-0x00007FFE92200000-0x00007FFE92575000-memory.dmp

memory/764-350-0x000002861DF60000-0x000002861E2D5000-memory.dmp

memory/764-352-0x00007FFE92F20000-0x00007FFE92FA7000-memory.dmp

memory/764-353-0x00007FFE931E0000-0x00007FFE9320E000-memory.dmp

memory/764-354-0x00007FFE92F00000-0x00007FFE92F14000-memory.dmp

memory/764-356-0x00007FFE92EE0000-0x00007FFE92EF2000-memory.dmp

memory/764-355-0x00007FFE93120000-0x00007FFE931DC000-memory.dmp

memory/764-358-0x00007FFE9FE30000-0x00007FFE9FE3B000-memory.dmp

memory/764-357-0x00007FFE930F0000-0x00007FFE9311B000-memory.dmp

memory/764-360-0x00007FFE92EB0000-0x00007FFE92ED5000-memory.dmp

memory/764-361-0x00007FFE9FE60000-0x00007FFE9FE6A000-memory.dmp

memory/764-362-0x00007FFE920E0000-0x00007FFE921F8000-memory.dmp

memory/764-359-0x00007FFE930A0000-0x00007FFE930E2000-memory.dmp

memory/764-364-0x00007FFE92E90000-0x00007FFE92EAF000-memory.dmp

memory/764-363-0x00007FFE935B0000-0x00007FFE935CC000-memory.dmp

memory/764-366-0x00007FFE91F60000-0x00007FFE920D1000-memory.dmp

memory/764-365-0x00007FFE93070000-0x00007FFE9309E000-memory.dmp

memory/764-367-0x00007FFE92FB0000-0x00007FFE93068000-memory.dmp

memory/764-368-0x00007FFE91F20000-0x00007FFE91F58000-memory.dmp

memory/764-374-0x00007FFE9B460000-0x00007FFE9B46C000-memory.dmp

memory/764-373-0x00007FFE92F20000-0x00007FFE92FA7000-memory.dmp

memory/764-375-0x00007FFE94F50000-0x00007FFE94F5B000-memory.dmp

memory/764-372-0x00007FFE9EA80000-0x00007FFE9EA8B000-memory.dmp

memory/764-371-0x00007FFE9FDC0000-0x00007FFE9FDCB000-memory.dmp

memory/764-370-0x00007FFE92200000-0x00007FFE92575000-memory.dmp

memory/764-369-0x000002861DF60000-0x000002861E2D5000-memory.dmp

memory/764-376-0x00007FFE94DC0000-0x00007FFE94DCC000-memory.dmp

memory/764-377-0x00007FFE92EB0000-0x00007FFE92ED5000-memory.dmp

memory/764-378-0x00007FFE92E80000-0x00007FFE92E8B000-memory.dmp

memory/764-380-0x00007FFE92E70000-0x00007FFE92E7C000-memory.dmp

memory/764-379-0x00007FFE920E0000-0x00007FFE921F8000-memory.dmp

memory/764-381-0x00007FFE92E90000-0x00007FFE92EAF000-memory.dmp

memory/764-382-0x00007FFE91F10000-0x00007FFE91F1D000-memory.dmp

memory/764-384-0x00007FFE91F00000-0x00007FFE91F0E000-memory.dmp

memory/764-383-0x00007FFE91F60000-0x00007FFE920D1000-memory.dmp

memory/764-385-0x00007FFE91F20000-0x00007FFE91F58000-memory.dmp

memory/764-386-0x00007FFE91EF0000-0x00007FFE91EFC000-memory.dmp

memory/764-387-0x00007FFE91EE0000-0x00007FFE91EEC000-memory.dmp

memory/764-388-0x00007FFE91ED0000-0x00007FFE91EDB000-memory.dmp

memory/764-389-0x00007FFE91EC0000-0x00007FFE91ECB000-memory.dmp

memory/764-390-0x00007FFE91EB0000-0x00007FFE91EBC000-memory.dmp

memory/764-391-0x00007FFE91EA0000-0x00007FFE91EAC000-memory.dmp

memory/764-392-0x00007FFE91E90000-0x00007FFE91E9D000-memory.dmp

memory/764-395-0x00007FFE91E40000-0x00007FFE91E55000-memory.dmp

memory/764-394-0x00007FFE91E60000-0x00007FFE91E6C000-memory.dmp

memory/764-393-0x00007FFE91E70000-0x00007FFE91E82000-memory.dmp

memory/764-396-0x00007FFE91E30000-0x00007FFE91E40000-memory.dmp

memory/764-397-0x00007FFE91E10000-0x00007FFE91E24000-memory.dmp

memory/764-398-0x00007FFE91DE0000-0x00007FFE91E02000-memory.dmp

memory/764-399-0x00007FFE91DB0000-0x00007FFE91DD9000-memory.dmp

memory/764-402-0x00007FFE91B00000-0x00007FFE91D52000-memory.dmp

memory/764-456-0x00007FFEA4230000-0x00007FFEA423F000-memory.dmp

memory/764-463-0x00007FFE931E0000-0x00007FFE9320E000-memory.dmp

memory/764-476-0x00007FFE92EB0000-0x00007FFE92ED5000-memory.dmp

memory/764-475-0x00007FFE9FE30000-0x00007FFE9FE3B000-memory.dmp

memory/764-474-0x00007FFE92EE0000-0x00007FFE92EF2000-memory.dmp

memory/764-471-0x00007FFE92200000-0x00007FFE92575000-memory.dmp

memory/764-468-0x00007FFE935B0000-0x00007FFE935CC000-memory.dmp

memory/764-467-0x00007FFE9FE60000-0x00007FFE9FE6A000-memory.dmp

memory/764-466-0x00007FFE930A0000-0x00007FFE930E2000-memory.dmp

memory/764-464-0x00007FFE93120000-0x00007FFE931DC000-memory.dmp

memory/764-462-0x00007FFEA0310000-0x00007FFEA031D000-memory.dmp

memory/764-486-0x00007FFE91B00000-0x00007FFE91D52000-memory.dmp

memory/764-485-0x00007FFE91DB0000-0x00007FFE91DD9000-memory.dmp

memory/764-484-0x00007FFE91DE0000-0x00007FFE91E02000-memory.dmp

memory/764-483-0x00007FFE91E10000-0x00007FFE91E24000-memory.dmp

memory/764-482-0x00007FFE91E30000-0x00007FFE91E40000-memory.dmp

memory/764-481-0x00007FFE91E40000-0x00007FFE91E55000-memory.dmp

memory/764-480-0x00007FFE91F20000-0x00007FFE91F58000-memory.dmp

memory/764-479-0x00007FFE91F60000-0x00007FFE920D1000-memory.dmp

memory/764-478-0x00007FFE92E90000-0x00007FFE92EAF000-memory.dmp

memory/764-477-0x00007FFE920E0000-0x00007FFE921F8000-memory.dmp

memory/764-461-0x00007FFEA0FC0000-0x00007FFEA0FCD000-memory.dmp

memory/764-460-0x00007FFE93E40000-0x00007FFE93E59000-memory.dmp

memory/764-459-0x00007FFE935D0000-0x00007FFE93604000-memory.dmp

memory/764-458-0x00007FFE94F60000-0x00007FFE94F8D000-memory.dmp

memory/764-457-0x00007FFE9FDF0000-0x00007FFE9FE09000-memory.dmp

memory/764-454-0x00007FFE92580000-0x00007FFE929EE000-memory.dmp

memory/764-473-0x00007FFE92F00000-0x00007FFE92F14000-memory.dmp

memory/764-472-0x00007FFE92F20000-0x00007FFE92FA7000-memory.dmp

memory/764-470-0x00007FFE92FB0000-0x00007FFE93068000-memory.dmp

memory/764-469-0x00007FFE93070000-0x00007FFE9309E000-memory.dmp

memory/764-465-0x00007FFE930F0000-0x00007FFE9311B000-memory.dmp

memory/764-455-0x00007FFE957A0000-0x00007FFE957C4000-memory.dmp

memory/524-616-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-618-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-617-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-622-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-625-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-628-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-627-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-626-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-623-0x000001B37B210000-0x000001B37B211000-memory.dmp

memory/524-624-0x000001B37B210000-0x000001B37B211000-memory.dmp