Analysis Overview
SHA256
82a25fd9ecb71be4fffa75947429614b57f6f9fe3f67eb603a80df263b2569a0
Threat Level: Shows suspicious behavior
The file 654cfafd3808676689b0fb8963a773ff_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Unsigned PE
Detects Pyinstaller
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-22 00:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 00:10
Reported
2024-05-22 00:12
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
Loads dropped DLL
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\654cfafd3808676689b0fb8963a773ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\654cfafd3808676689b0fb8963a773ff_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe"
C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe"
C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe"
Network
Files
memory/2128-0-0x0000000074481000-0x0000000074482000-memory.dmp
memory/2128-1-0x0000000074480000-0x0000000074A2B000-memory.dmp
memory/2128-2-0x0000000074480000-0x0000000074A2B000-memory.dmp
\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
| MD5 | b0b0353c7d1de6481df28d29e30a8d21 |
| SHA1 | ebfc530903dd6df4a902474f29fd4e44f1dbceba |
| SHA256 | 21bd665d09977589113f6ee3873c9884f74dfa64d5ae754dd35c3123aeae16cd |
| SHA512 | 4bf7265f133327bb02361e92f2efcbe84f3517fd56def8a02bb1d93825e34be2f5fb05e2a5aea0e3d9aff37a1718de4aa778770ca12cad21c2d1a1cf18f82246 |
C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
| MD5 | 9cf7d8c91f0c95bb3a2f9f5a48da2ac5 |
| SHA1 | c42588e692880b4cd0b6ab08d69590204e93bc24 |
| SHA256 | be5980c81f9225e93c0d8f47685f4d0ab07e088be0f1e2099158f374ec271f99 |
| SHA512 | 425446ead1d8bd8b76183d6cde55f7f007e27cafc9e209bdc92c2d843e6da34916355b9fbea18f4117e37133b30186a4d0153883ba29b3dd29fbe1f812e67d55 |
memory/2128-19-0x0000000074480000-0x0000000074A2B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16882\python38.dll
| MD5 | 1f2688b97f9827f1de7dfedb4ad2348c |
| SHA1 | a9650970d38e30835336426f704579e87fcfc892 |
| SHA256 | 169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc |
| SHA512 | 27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\angst.exe.manifest
| MD5 | 5c19e50a10cd7ab76df4516b10b3f392 |
| SHA1 | 51147c310cb01dfcb86b981433283d15abb8917f |
| SHA256 | 34e699fa6b2df70ea87614723b14af30a80c091deb0f6b2400a853241e55e11d |
| SHA512 | 56af8dd0cfcfdf153e218a0bcea4d2852bfb6405bfa9edd3065a68e7278ede42205a81cdd8c3e82220cf7bed5583865ffc36d5b54b8cb3639aa35e8a2a20d62a |
\Users\Admin\AppData\Local\Temp\_MEI16882\VCRUNTIME140.dll
| MD5 | 18571d6663b7d9ac95f2821c203e471f |
| SHA1 | 3c186018df04e875d6b9f83521028a21f145e3be |
| SHA256 | 0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f |
| SHA512 | c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\base_library.zip
| MD5 | bc59d0993c320b3cd7f7dc2a8021cf9a |
| SHA1 | 2c64beaeb8f167d8f1ba80cde7aa83f3cc689a05 |
| SHA256 | 175e5ecd65e165a1a4ee0f2625918b8ddf52744cc0094c82efbc22a53ec200af |
| SHA512 | c9f0f62e895c2ff9f2efaee609c1c56ebbfbadc4f38c298927841558edc9c80ee1a3bdc111e8bcfc6a5bf6b8ae2db94441315356d216281bd1d3f1950cfa7534 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_ctypes.pyd
| MD5 | 8adb1345c717e575e6614e163eb62328 |
| SHA1 | f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3 |
| SHA256 | 65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8 |
| SHA512 | 0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\_socket.pyd
| MD5 | 1d53841bb21acdcc8742828c3aded891 |
| SHA1 | cdf15d4815820571684c1f720d0cba24129e79c8 |
| SHA256 | ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b |
| SHA512 | 0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_lzma.pyd
| MD5 | 60e215bb78fb9a40352980f4de818814 |
| SHA1 | ff750858c3352081514e2ae0d200f3b8c3d40096 |
| SHA256 | c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806 |
| SHA512 | 398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_bz2.pyd
| MD5 | fc0d862a854993e0e51c00dee3eec777 |
| SHA1 | 20203332c6f7bd51f6a5acbbc9f677c930d0669d |
| SHA256 | e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863 |
| SHA512 | b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f |
\Users\Admin\AppData\Local\Temp\_MEI16882\select.pyd
| MD5 | a2ab334e18222738dcb05bf820725938 |
| SHA1 | 2f75455a471f95ac814b8e4560a023034480b7b5 |
| SHA256 | 7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7 |
| SHA512 | 72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\pyexpat.pyd
| MD5 | 11a886189eb726d5786926cc09f9e116 |
| SHA1 | d94295368a1285681fb03bac0553eb1495d43805 |
| SHA256 | dc38bdbe10cfaa99799e0c87aa8444fc062d445b87686d6593ffca46cc938031 |
| SHA512 | 405c56487a91ad1209029ca6ea125642076251f0a8c069eef0e30ce484381db7bf24d2f5cd74b83d1c8c1358f92f35fa6ed7b75601ace611cf36bb2331588684 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\win32api.pyd
| MD5 | 62c6c784ded5ac6296f7ad9770b86cfc |
| SHA1 | ee7d9e60ec42e8548c26681f5122ade0b103134c |
| SHA256 | 25b36692d216af99f1526dc473ba34caf19b403fe15a19269c72e683aed8ed88 |
| SHA512 | d200a874581a0d4ee2943ff012dbc43e4f5d91ea01c6a61c73a065d8708a8198d4e38e91b9a9a73276cd44d8394dda83a76b14b275502911f5dfaa113e11018c |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\pywintypes38.dll
| MD5 | 9d95a3e8f0ff313d13b5057b34ed2380 |
| SHA1 | 0a9407bda668ee9fa597fa03210b299a98b87ae9 |
| SHA256 | b2d639f897aa376f7cbac7c1989cd176486a7aa0d0b2fa3d3ade410f5430978f |
| SHA512 | 10019a6790c9152be88c0eb75f38b650070325a91fe930aeca6f4e4740ea30774f0c475e084bf833b16e4f9a0332d8ae6c981c661f0b0641997f0fdccd9b7ca2 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\pythoncom38.dll
| MD5 | a4dfd0918c4f6335a14cc00cdd3978dc |
| SHA1 | 85ade339728c852906d53dba9a10820ecee1d7ce |
| SHA256 | 452edd825eac1b2eb77685fe4cbdf3244ca058c6c90d07d042a3b6be6f9215dc |
| SHA512 | d9167da605d9282dd87d36228a9a9eddb15dd646e1e3793f0b7fbd5c62aed1c2e5bd2261e5be7dec7c9a34f50823bcf95a0bc9fed77e0ab39d4265a1905a6e1d |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\libcrypto-1_1.dll
| MD5 | cc4cbf715966cdcad95a1e6c95592b3d |
| SHA1 | d5873fea9c084bcc753d1c93b2d0716257bea7c3 |
| SHA256 | 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1 |
| SHA512 | 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_ssl.pyd
| MD5 | 84dea8d0acce4a707b094a3627b62eab |
| SHA1 | d45dda99466ab08cc922e828729d0840ae2ddc18 |
| SHA256 | dcf6b3ff84b55c3859d0f176c4ce6904c0d7d4643a657b817c6322933dbf82f6 |
| SHA512 | fdaa7eb10f8bf7b42a5c9691f600eff48190041a8b28a5dab977170db717fff58dd0f64b02ca30d274552ff30ee02a6577f1465792cf6760366c2588bf373108 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\libssl-1_1.dll
| MD5 | bc778f33480148efa5d62b2ec85aaa7d |
| SHA1 | b1ec87cbd8bc4398c6ebb26549961c8aab53d855 |
| SHA256 | 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843 |
| SHA512 | 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\_pytransform.dll
| MD5 | ef0bc18d982cd691563c63eccbce295c |
| SHA1 | 5abe5eb0d0a575710b6bab64576eed86030bce58 |
| SHA256 | f0c0458fc473253afcd810ee7a5c96db6431d002fb7220a1210714076a7560df |
| SHA512 | 87d0564473837d0a4818b04beaa7c869319f1ad19b0eff3282ad69173ca600254948bdc21f83b0c3f7c9e26159990a400a68b9903034aa749263df95c8e3ce93 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_hashlib.pyd
| MD5 | 5fa7c9d5e6068718c6010bbeb18fbeb3 |
| SHA1 | 93e8875d6d0f943b4226e25452c2c7d63d22b790 |
| SHA256 | 2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155 |
| SHA512 | 3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_queue.pyd
| MD5 | 1fc2c6b80936efc502bfc30fc24caa56 |
| SHA1 | 4e5b26ff3b225906c2b9e39e0f06126cfc43a257 |
| SHA256 | 9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514 |
| SHA512 | d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee |
memory/2456-1118-0x000007FEF0000000-0x000007FEF0001000-memory.dmp
memory/2456-1117-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1115-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1113-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1111-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1109-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1107-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1105-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1097-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1095-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1093-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1091-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1089-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1087-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1085-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1077-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1075-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1073-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1071-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1069-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1067-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1065-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1063-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1061-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1059-0x0000000003250000-0x0000000003251000-memory.dmp
memory/2456-1058-0x0000000003240000-0x0000000003241000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI16882\unicodedata.pyd
| MD5 | 549c9eeda8546cd32d0713c723abd12a |
| SHA1 | f84b2c529cff58b888cc99f566fcd2eba6ff2b8e |
| SHA256 | 5d5e733397ef7c4946cf26c84b07312cb12eaf339374613d4381e694ef38169b |
| SHA512 | 9432daf045bac3e322b1797f49afe50f76faf8b7d8db063a1d56578016c813881af3324e2529032a8644a04b58ccc9d2c363bf92b56115f06b9eefebfab08180 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\certifi\cacert.pem
| MD5 | c760591283d5a4a987ad646b35de3717 |
| SHA1 | 5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134 |
| SHA256 | 1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e |
| SHA512 | c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI16882\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
| MD5 | b537c5216bd68311d50b10d62d02b9bb |
| SHA1 | eb613bdabc18ee0f43afa4a13e684d0f8bc57817 |
| SHA256 | 2b4fefd3688f5e92b1c3ef745d3463d44d9c071b9e2e190a7179191cd3b1e3a5 |
| SHA512 | 1a3a8e9454646d7ac87f0acc34092da9c3873e4912ea8cb7c335d58a1bf7336d370dda9da13fdc6148ebfe93e3b75ceebc0684a5ee7b4ae24e8e2b5d053afe38 |
\Users\Admin\AppData\Local\Temp\_MEI16882\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
| MD5 | 6f1d3ed33d7dfeae5642406d76ff2084 |
| SHA1 | 014cfee7d754564928ed2df2fef933aeda915918 |
| SHA256 | f5918822781473d44f69030a9b32bcaeffa8671f1328c48085c9671f140d1273 |
| SHA512 | e55f57ef9411979ab164d5c3faca609856ddaa273ee817225ba77a12ddad02da464378ca0cbd98ddec708aeac96845ab8c718d35edc88b0ab06bb14ed53647ca |
\Users\Admin\AppData\Local\Temp\_MEI16882\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
| MD5 | 03c703a8f4c2a1443cccc8316af8940c |
| SHA1 | 046d8c846d9393e472064aa1250826994a785577 |
| SHA256 | ca09e03d93f3a330a467afd7fb998ad81dfd75fa7a1c2e202d6898f229c269d4 |
| SHA512 | a65bf31452e984de1f951a3bca97c9dc27ac113e5fd4e0d29fa2b67e6c1b24d48ba6513d1e2ceaa7617e92305171e9675379a0e97980a3ceec209c49cd687329 |
\Users\Admin\AppData\Local\Temp\_MEI16882\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
| MD5 | d4535f5b8683cd4b523d1f97232d3772 |
| SHA1 | 1a6ce4eeb5acd1762f629478db14dfe8e361967f |
| SHA256 | a8bd1b23f25393b26570a23f3083227dca1e2a6c4422581ff3e46cea3c4ac4ad |
| SHA512 | 447c9b1772f4a4f91961268e1b87c3576415f5257197db16336a3be8601dcfc8cd01dd1bb0676403633c58b8593aa9f558bbd53ccd994f5702df38c265358730 |
\Users\Admin\AppData\Local\Temp\_MEI16882\win32crypt.pyd
| MD5 | ae58c89929b50d7a2c3fb93ff34a57b4 |
| SHA1 | 164ba95be9075b97637ab54481d4117b28667de0 |
| SHA256 | e1f1fa417ff19efe3b0bed5b49a0e9f60728569b252817d79c9fb66b03e7305d |
| SHA512 | 090082d3419f6234fc63499e76da090afec107b7d367083f84079d9b1850ce324697357c836f02d7046695f67492f44000f71c1b32598d56eed839d015d790e6 |
\Users\Admin\AppData\Local\Temp\_MEI16882\sqlite3.dll
| MD5 | a2dbd94878af1bb29f8725a834696a60 |
| SHA1 | 01c40f2949604183fb8c76fd5e7803009a83ce4d |
| SHA256 | 6af14006a4d732fc0c4bd44317457fca8c37d12ffcaf845790d3f57da75451fb |
| SHA512 | 6aad1e43e272b178127334c48925f69422ca9a4e6e4636e4c5a522a3b3690e0a715c1a3c400ec6962b6eeaac0ff2612208595d72747de3e286745eca90ee9953 |
\Users\Admin\AppData\Local\Temp\_MEI16882\_sqlite3.pyd
| MD5 | a3a0cb078aa4fc5d5a081be54745a4c9 |
| SHA1 | 42b1873c4633f9a0288ce4ee44c50234c0f03e22 |
| SHA256 | e0ed20d5ae660a18bf60e907ba7f21013e04305aa67aa3b8b5a1cee9bd4dcd27 |
| SHA512 | ac6628bf3908c053362b8c840a7934d704413ae673702052b06d23d71995702d1c562e36a6bde3ad0170eb71a77f43d702ad71f74bc21a3d770f05b95be16f4e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 00:10
Reported
2024-05-22 00:12
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
125s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\654cfafd3808676689b0fb8963a773ff_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\654cfafd3808676689b0fb8963a773ff_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\654cfafd3808676689b0fb8963a773ff_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe"
C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe"
C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
"C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
C:\Windows\System32\Wbem\WMIC.exe
wmic path softwarelicensingservice get OA3xOriginalProductKey
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.134.233:443 | discordapp.com | tcp |
| US | 162.159.134.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
memory/4200-0-0x0000000074862000-0x0000000074863000-memory.dmp
memory/4200-1-0x0000000074860000-0x0000000074E11000-memory.dmp
memory/4200-2-0x0000000074860000-0x0000000074E11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AdobeCCUninst.exe
| MD5 | b0b0353c7d1de6481df28d29e30a8d21 |
| SHA1 | ebfc530903dd6df4a902474f29fd4e44f1dbceba |
| SHA256 | 21bd665d09977589113f6ee3873c9884f74dfa64d5ae754dd35c3123aeae16cd |
| SHA512 | 4bf7265f133327bb02361e92f2efcbe84f3517fd56def8a02bb1d93825e34be2f5fb05e2a5aea0e3d9aff37a1718de4aa778770ca12cad21c2d1a1cf18f82246 |
C:\Users\Admin\AppData\Local\Temp\AutoClicker.exe
| MD5 | 9cf7d8c91f0c95bb3a2f9f5a48da2ac5 |
| SHA1 | c42588e692880b4cd0b6ab08d69590204e93bc24 |
| SHA256 | be5980c81f9225e93c0d8f47685f4d0ab07e088be0f1e2099158f374ec271f99 |
| SHA512 | 425446ead1d8bd8b76183d6cde55f7f007e27cafc9e209bdc92c2d843e6da34916355b9fbea18f4117e37133b30186a4d0153883ba29b3dd29fbe1f812e67d55 |
memory/4200-22-0x0000000074860000-0x0000000074E11000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20642\angst.exe.manifest
| MD5 | 5c19e50a10cd7ab76df4516b10b3f392 |
| SHA1 | 51147c310cb01dfcb86b981433283d15abb8917f |
| SHA256 | 34e699fa6b2df70ea87614723b14af30a80c091deb0f6b2400a853241e55e11d |
| SHA512 | 56af8dd0cfcfdf153e218a0bcea4d2852bfb6405bfa9edd3065a68e7278ede42205a81cdd8c3e82220cf7bed5583865ffc36d5b54b8cb3639aa35e8a2a20d62a |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\python38.dll
| MD5 | 1f2688b97f9827f1de7dfedb4ad2348c |
| SHA1 | a9650970d38e30835336426f704579e87fcfc892 |
| SHA256 | 169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc |
| SHA512 | 27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\VCRUNTIME140.dll
| MD5 | 18571d6663b7d9ac95f2821c203e471f |
| SHA1 | 3c186018df04e875d6b9f83521028a21f145e3be |
| SHA256 | 0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f |
| SHA512 | c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\base_library.zip
| MD5 | bc59d0993c320b3cd7f7dc2a8021cf9a |
| SHA1 | 2c64beaeb8f167d8f1ba80cde7aa83f3cc689a05 |
| SHA256 | 175e5ecd65e165a1a4ee0f2625918b8ddf52744cc0094c82efbc22a53ec200af |
| SHA512 | c9f0f62e895c2ff9f2efaee609c1c56ebbfbadc4f38c298927841558edc9c80ee1a3bdc111e8bcfc6a5bf6b8ae2db94441315356d216281bd1d3f1950cfa7534 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_ctypes.pyd
| MD5 | 8adb1345c717e575e6614e163eb62328 |
| SHA1 | f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3 |
| SHA256 | 65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8 |
| SHA512 | 0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_socket.pyd
| MD5 | 1d53841bb21acdcc8742828c3aded891 |
| SHA1 | cdf15d4815820571684c1f720d0cba24129e79c8 |
| SHA256 | ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b |
| SHA512 | 0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\select.pyd
| MD5 | a2ab334e18222738dcb05bf820725938 |
| SHA1 | 2f75455a471f95ac814b8e4560a023034480b7b5 |
| SHA256 | 7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7 |
| SHA512 | 72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_bz2.pyd
| MD5 | fc0d862a854993e0e51c00dee3eec777 |
| SHA1 | 20203332c6f7bd51f6a5acbbc9f677c930d0669d |
| SHA256 | e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863 |
| SHA512 | b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_lzma.pyd
| MD5 | 60e215bb78fb9a40352980f4de818814 |
| SHA1 | ff750858c3352081514e2ae0d200f3b8c3d40096 |
| SHA256 | c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806 |
| SHA512 | 398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\pyexpat.pyd
| MD5 | 11a886189eb726d5786926cc09f9e116 |
| SHA1 | d94295368a1285681fb03bac0553eb1495d43805 |
| SHA256 | dc38bdbe10cfaa99799e0c87aa8444fc062d445b87686d6593ffca46cc938031 |
| SHA512 | 405c56487a91ad1209029ca6ea125642076251f0a8c069eef0e30ce484381db7bf24d2f5cd74b83d1c8c1358f92f35fa6ed7b75601ace611cf36bb2331588684 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\win32api.pyd
| MD5 | 62c6c784ded5ac6296f7ad9770b86cfc |
| SHA1 | ee7d9e60ec42e8548c26681f5122ade0b103134c |
| SHA256 | 25b36692d216af99f1526dc473ba34caf19b403fe15a19269c72e683aed8ed88 |
| SHA512 | d200a874581a0d4ee2943ff012dbc43e4f5d91ea01c6a61c73a065d8708a8198d4e38e91b9a9a73276cd44d8394dda83a76b14b275502911f5dfaa113e11018c |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\pywintypes38.dll
| MD5 | 9d95a3e8f0ff313d13b5057b34ed2380 |
| SHA1 | 0a9407bda668ee9fa597fa03210b299a98b87ae9 |
| SHA256 | b2d639f897aa376f7cbac7c1989cd176486a7aa0d0b2fa3d3ade410f5430978f |
| SHA512 | 10019a6790c9152be88c0eb75f38b650070325a91fe930aeca6f4e4740ea30774f0c475e084bf833b16e4f9a0332d8ae6c981c661f0b0641997f0fdccd9b7ca2 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\pythoncom38.dll
| MD5 | a4dfd0918c4f6335a14cc00cdd3978dc |
| SHA1 | 85ade339728c852906d53dba9a10820ecee1d7ce |
| SHA256 | 452edd825eac1b2eb77685fe4cbdf3244ca058c6c90d07d042a3b6be6f9215dc |
| SHA512 | d9167da605d9282dd87d36228a9a9eddb15dd646e1e3793f0b7fbd5c62aed1c2e5bd2261e5be7dec7c9a34f50823bcf95a0bc9fed77e0ab39d4265a1905a6e1d |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_ssl.pyd
| MD5 | 84dea8d0acce4a707b094a3627b62eab |
| SHA1 | d45dda99466ab08cc922e828729d0840ae2ddc18 |
| SHA256 | dcf6b3ff84b55c3859d0f176c4ce6904c0d7d4643a657b817c6322933dbf82f6 |
| SHA512 | fdaa7eb10f8bf7b42a5c9691f600eff48190041a8b28a5dab977170db717fff58dd0f64b02ca30d274552ff30ee02a6577f1465792cf6760366c2588bf373108 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\libssl-1_1.dll
| MD5 | bc778f33480148efa5d62b2ec85aaa7d |
| SHA1 | b1ec87cbd8bc4398c6ebb26549961c8aab53d855 |
| SHA256 | 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843 |
| SHA512 | 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\libcrypto-1_1.dll
| MD5 | cc4cbf715966cdcad95a1e6c95592b3d |
| SHA1 | d5873fea9c084bcc753d1c93b2d0716257bea7c3 |
| SHA256 | 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1 |
| SHA512 | 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_pytransform.dll
| MD5 | ef0bc18d982cd691563c63eccbce295c |
| SHA1 | 5abe5eb0d0a575710b6bab64576eed86030bce58 |
| SHA256 | f0c0458fc473253afcd810ee7a5c96db6431d002fb7220a1210714076a7560df |
| SHA512 | 87d0564473837d0a4818b04beaa7c869319f1ad19b0eff3282ad69173ca600254948bdc21f83b0c3f7c9e26159990a400a68b9903034aa749263df95c8e3ce93 |
memory/2604-1121-0x00007FFEE0000000-0x00007FFEE0001000-memory.dmp
memory/2604-1120-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1118-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1116-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1114-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1112-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1110-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1108-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1100-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1098-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1096-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1094-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1092-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1090-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1088-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1080-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1078-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1076-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1074-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1072-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1070-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1068-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1066-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1064-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1062-0x000001CEF8FF0000-0x000001CEF8FF1000-memory.dmp
memory/2604-1061-0x000001CEF8FE0000-0x000001CEF8FE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_queue.pyd
| MD5 | 1fc2c6b80936efc502bfc30fc24caa56 |
| SHA1 | 4e5b26ff3b225906c2b9e39e0f06126cfc43a257 |
| SHA256 | 9c47a3b84012837c60b7feced86ed0a4f12910a85fd259a4483a48cd940e3514 |
| SHA512 | d07655d78aca969ccc0d7cedf9e337c7b20082d80be1d90d69c42be933fbab1c828316d2eb5461ded2ff35e52762e249fc0c2bccbc2b8436488fb6a270d3d9ee |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_hashlib.pyd
| MD5 | 5fa7c9d5e6068718c6010bbeb18fbeb3 |
| SHA1 | 93e8875d6d0f943b4226e25452c2c7d63d22b790 |
| SHA256 | 2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155 |
| SHA512 | 3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\unicodedata.pyd
| MD5 | 549c9eeda8546cd32d0713c723abd12a |
| SHA1 | f84b2c529cff58b888cc99f566fcd2eba6ff2b8e |
| SHA256 | 5d5e733397ef7c4946cf26c84b07312cb12eaf339374613d4381e694ef38169b |
| SHA512 | 9432daf045bac3e322b1797f49afe50f76faf8b7d8db063a1d56578016c813881af3324e2529032a8644a04b58ccc9d2c363bf92b56115f06b9eefebfab08180 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\certifi\cacert.pem
| MD5 | c760591283d5a4a987ad646b35de3717 |
| SHA1 | 5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134 |
| SHA256 | 1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e |
| SHA512 | c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\sqlite3.dll
| MD5 | a2dbd94878af1bb29f8725a834696a60 |
| SHA1 | 01c40f2949604183fb8c76fd5e7803009a83ce4d |
| SHA256 | 6af14006a4d732fc0c4bd44317457fca8c37d12ffcaf845790d3f57da75451fb |
| SHA512 | 6aad1e43e272b178127334c48925f69422ca9a4e6e4636e4c5a522a3b3690e0a715c1a3c400ec6962b6eeaac0ff2612208595d72747de3e286745eca90ee9953 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\win32crypt.pyd
| MD5 | ae58c89929b50d7a2c3fb93ff34a57b4 |
| SHA1 | 164ba95be9075b97637ab54481d4117b28667de0 |
| SHA256 | e1f1fa417ff19efe3b0bed5b49a0e9f60728569b252817d79c9fb66b03e7305d |
| SHA512 | 090082d3419f6234fc63499e76da090afec107b7d367083f84079d9b1850ce324697357c836f02d7046695f67492f44000f71c1b32598d56eed839d015d790e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Util\_strxor.cp38-win_amd64.pyd
| MD5 | c718722a0c7e48a91b492b604ca15125 |
| SHA1 | 6fa5b7da8366bfd7ae575452d389d01bfa25e6b4 |
| SHA256 | 248962dbfabfd47f79df23f22754e6644404ccd10f152420a639de12215a615f |
| SHA512 | 953aa4827746ad544e799976724f657a56337407bebcc0c721b926caa74fae6bfc42acbd194c4220f3e0e4edc5e325674be3f0773859f9ed40ad943a359058dd |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Cipher\_raw_ctr.cp38-win_amd64.pyd
| MD5 | c04554cf7f89e2d360ebcc39f85a2970 |
| SHA1 | 42ac403bd2a854d7f6ac60a299594a9c4a793f35 |
| SHA256 | 264ed03313efc36ef0794e3c716319e0aa4774c3d0a26c522dcfa7be1f46349f |
| SHA512 | 668928abb8510d36dcc2e9ff7cd10353c3cbc10af199ca4c909770921fdcbe4aeedc5dfb106c91cf480c86a2ab78e2da6278d859aae93cb72bc50de432411ed9 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
| MD5 | b537c5216bd68311d50b10d62d02b9bb |
| SHA1 | eb613bdabc18ee0f43afa4a13e684d0f8bc57817 |
| SHA256 | 2b4fefd3688f5e92b1c3ef745d3463d44d9c071b9e2e190a7179191cd3b1e3a5 |
| SHA512 | 1a3a8e9454646d7ac87f0acc34092da9c3873e4912ea8cb7c335d58a1bf7336d370dda9da13fdc6148ebfe93e3b75ceebc0684a5ee7b4ae24e8e2b5d053afe38 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
| MD5 | 6f1d3ed33d7dfeae5642406d76ff2084 |
| SHA1 | 014cfee7d754564928ed2df2fef933aeda915918 |
| SHA256 | f5918822781473d44f69030a9b32bcaeffa8671f1328c48085c9671f140d1273 |
| SHA512 | e55f57ef9411979ab164d5c3faca609856ddaa273ee817225ba77a12ddad02da464378ca0cbd98ddec708aeac96845ab8c718d35edc88b0ab06bb14ed53647ca |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
| MD5 | 03c703a8f4c2a1443cccc8316af8940c |
| SHA1 | 046d8c846d9393e472064aa1250826994a785577 |
| SHA256 | ca09e03d93f3a330a467afd7fb998ad81dfd75fa7a1c2e202d6898f229c269d4 |
| SHA512 | a65bf31452e984de1f951a3bca97c9dc27ac113e5fd4e0d29fa2b67e6c1b24d48ba6513d1e2ceaa7617e92305171e9675379a0e97980a3ceec209c49cd687329 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
| MD5 | d4535f5b8683cd4b523d1f97232d3772 |
| SHA1 | 1a6ce4eeb5acd1762f629478db14dfe8e361967f |
| SHA256 | a8bd1b23f25393b26570a23f3083227dca1e2a6c4422581ff3e46cea3c4ac4ad |
| SHA512 | 447c9b1772f4a4f91961268e1b87c3576415f5257197db16336a3be8601dcfc8cd01dd1bb0676403633c58b8593aa9f558bbd53ccd994f5702df38c265358730 |
C:\Users\Admin\AppData\Local\Temp\_MEI20642\_sqlite3.pyd
| MD5 | a3a0cb078aa4fc5d5a081be54745a4c9 |
| SHA1 | 42b1873c4633f9a0288ce4ee44c50234c0f03e22 |
| SHA256 | e0ed20d5ae660a18bf60e907ba7f21013e04305aa67aa3b8b5a1cee9bd4dcd27 |
| SHA512 | ac6628bf3908c053362b8c840a7934d704413ae673702052b06d23d71995702d1c562e36a6bde3ad0170eb71a77f43d702ad71f74bc21a3d770f05b95be16f4e |
C:\Users\Admin\AppData\Local\sqlite_file
| MD5 | 8f5942354d3809f865f9767eddf51314 |
| SHA1 | 20be11c0d42fc0cef53931ea9152b55082d1a11e |
| SHA256 | 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea |
| SHA512 | fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218 |
memory/2604-1162-0x0000000070A00000-0x0000000070ACF000-memory.dmp