Malware Analysis Report

2025-05-05 21:31

Sample ID 240529-h69n1seg7x
Target windisc.exe
SHA256 661c2d39349b70f904ffdb96f96d6e46c0f9824bc2432aa4d2f05d3e4ed94069
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

661c2d39349b70f904ffdb96f96d6e46c0f9824bc2432aa4d2f05d3e4ed94069

Threat Level: Shows suspicious behavior

The file windisc.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 07:22

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 07:22

Reported

2024-05-29 07:24

Platform

win7-20240508-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\windisc.exe

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

C:\Users\Admin\AppData\Local\Temp\windisc.exe

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:50364 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI16362\setuptools-49.2.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI16362\python38.dll

MD5 2b5f50cc676c7fe476062064155da697
SHA1 d04fe5c342549e83bceb15294f029382946ba3c8
SHA256 59db58d5a51d258ee980298fd429f40bf373a0ba81c5e0625925fc7a46c809a7
SHA512 1d98e097cb054fd9428b4ffa6241eeed87bc160b0968c5eecffc5288ec88df8d3632d77c759a0919bfddf50ca989d4c542361dcccfa669b6ea30f2211707947d

\Users\Admin\AppData\Local\Temp\_MEI16362\VCRUNTIME140.dll

MD5 e4ca3dce43b1184bb18ff01f3a0f1a40
SHA1 604611d559ca41e73b12c362de6acf84db9aee43
SHA256 0778c7e17016895bb6962a9774acc5568afa1a50ba309b7d9726c89dad70bdbf
SHA512 137c884afa1b0b731bbd523abb47b83f31487a6ca051487292bc2a9eb7f103a0d3974fa743014018bd564be957210bdcd62c822f4ffb6441aee23b444c23e812

C:\Users\Admin\AppData\Local\Temp\_MEI16362\base_library.zip

MD5 387a7c14ffae258fa83cee4b7ff9a082
SHA1 23855b8284bd4b424378f8044a030d5e4b9c4e09
SHA256 d524b36c810c37b8fb7f2bc787d632f356dacf2c837a2103a6f5715db87fd4d0
SHA512 eda86fb739318e13c0112338e9749cd0eb68f8c82261ee7477677c21d6bc0faac225c3c07c4e976a205904dc711b2825d2f683700ebf459a36474554802b1543

\Users\Admin\AppData\Local\Temp\_MEI16362\_ctypes.pyd

MD5 9920db5cdbcd1e69591ec24566a6eda1
SHA1 0a0ddbdd707a99df9db5374303d77e601496aed4
SHA256 d17a08eb7744162192eec8c99fbc2a6781bc9fba915d3751e6cd1d25b81d4dd1
SHA512 de95fdf48e3c95c9a714bff4e27db29733fc128a1211ada013f8e3e4cb9e50eb134aeaacb0f6e01afc09418591da19de1f6a5152f6256064af9d61a89c10ace6

C:\Users\Admin\AppData\Local\Temp\_MEI16362\libffi-7.dll

MD5 bc20614744ebf4c2b8acd28d1fe54174
SHA1 665c0acc404e13a69800fae94efd69a41bdda901
SHA256 0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA512 0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

\Users\Admin\AppData\Local\Temp\_MEI16362\_bz2.pyd

MD5 b85b771a656911b152925434e948e5b6
SHA1 38549c9a3c19f7672ced7739b6ef39e59e6f15e7
SHA256 c0a8cbcb8dd86d43b179698cc94ef3664ec1f69868f1249088376928477c6c24
SHA512 e425a239e4b6ecdb0a6762576816dea3c4f608a0df94b804c6f58db2d42db3690928da63f53e7d83d8745b2e8188b35aed25249fa13455eeceb001eaf51d6080

C:\Users\Admin\AppData\Local\Temp\_MEI16362\_lzma.pyd

MD5 78457883e270ba94f462ee6fd9991bfb
SHA1 c425f8d1592c002cdbfec1659f052e5d70b60a20
SHA256 b1c72ea095304b09439499454ba2738b2332664859b25e3b590102ac38a64562
SHA512 2695da6045d3c9cbd846582f05ec547c29dc2e5c27796cf765f8c4e2587537285e9c9aeed86451d55689d75803ed2e72b7ead36c3b236201a6b7715938c3e0f0

C:\Users\Admin\AppData\Local\Temp\_MEI16362\pyexpat.pyd

MD5 c8d1f56d31d1b8a70349da51a9bfd951
SHA1 bd4fd5e8451930a64a66e3588408405453c482a2
SHA256 a89f5d88381363c1a097522a998358f668fb306c2ce0fc45486dc93bbb694ab4
SHA512 70f3d51d363e181ac70536ca2893a26f435918d3fead36d218ec5eb51617ecd415fe879dffb5619364d41be7d13569cfd936593308db8408ca8584226de470f3

C:\Users\Admin\AppData\Local\Temp\_MEI16362\_socket.pyd

MD5 c60d80f1f1f35f1e923c452b3c67f326
SHA1 156d792b770aa6eaee002099f13a129d424ac8f9
SHA256 568971a512409e205b9242171bb55daa120b8d6b6faec2f7a30415ec13ab83e7
SHA512 9f499cb40a31dbc62af3ac36c5eae961a392654147ba2ea01f647decddf2712e4ecddd2accf9e313c855d381ecf61930c61ded0c77bfae52c5d570a977aa1c71

C:\Users\Admin\AppData\Local\Temp\_MEI16362\select.pyd

MD5 18fb38786f8b0d9054a5f81e41fa4293
SHA1 f0c93d17012dca9b89039667d2d9367b40f991c1
SHA256 fced60bdf3e79c48407e4f903469ab7a36ecf304cbf03e65eb712da6529aae98
SHA512 4aaf6276665dca76696b5801f7a82900dcec3e7eeb56787678d65551dd26ab6b9aabac0dc218b6306ad39408044498fb98a95e7bd4cb70662f68c68c55caf602

C:\Users\Admin\AppData\Local\Temp\_MEI16362\win32api.pyd

MD5 3d4cdc4e1ac38eecd00f7ab9f72baf5d
SHA1 f362606fcb5762dd96792ae439385414e24fbe66
SHA256 4f242496e57f5f28c7bcf6fc599f1d021de499191997539a1dc53d50ae42cda6
SHA512 329c362afab9d74293005c868a2d9d3333113d9667c4470425e2e83ee5a541f1c877e3c66675c42c2ca285ac2e56e8bc78a37a71e222d8f48e16905560dcd14f

C:\Users\Admin\AppData\Local\Temp\_MEI16362\pywintypes38.dll

MD5 66abdc1521ef3fce5e9689b29832a49b
SHA1 5a2b330777350744ae1910eae163b533139e7588
SHA256 d522e94eb7c618ed75e8d86be5d690232c007dadaf4acf29d68708242000e890
SHA512 d4d8551f48d0d9c2c9361a712cc489e52f9e64fc09bc2e6bf4bc45a119df54acfffddb74a7d789e95da07f05f4cd4166efa436525c31e086ee31e418b944cbaf

C:\Users\Admin\AppData\Local\Temp\_MEI16362\pythoncom38.dll

MD5 01397518d5cf95a2389207ea5ca84412
SHA1 8f59b5048a368a81c2648e83d3ae32bebbc35803
SHA256 a8a4f1d8866b7d1aaa3cc0e515ae89929b2074e6c86862940a4e5a98e59c4a1e
SHA512 5f48461eae23bcda64716a64bcf7416ebd2c90aacd5ef34f1459137a1039f5538a7a21ff34c25cfb820beec683130b59e0c3209a56c0633a0e45f964f127a681

C:\Users\Admin\AppData\Local\Temp\_MEI16362\_ssl.pyd

MD5 0de0a1a820602c7014009c03d8a34690
SHA1 6ee30a699b00360bfecde274cf5393e0b33f694c
SHA256 da498586b6b7831bec4fecdb2f0420b88d5ae64293c88c4c4fb3fa3715ed71fa
SHA512 47f77bb81f7f90fbccf3ffd41b3fb55d8422319d4a5eb93a13b54fa7f0288db4f798ae6ce4bc3d3c2b9d6d4ff75c9fc2729e90ff3a7aa3cfcf20732fac8a37ed

C:\Users\Admin\AppData\Local\Temp\_MEI16362\libcrypto-1_1.dll

MD5 c7298cd5232cf8f6e34b3404fc276266
SHA1 a043e0ff71244a65a9c2c27c95622e6cc127b932
SHA256 1e95a63b165672accde92a9c9f8b9052c8f6357344f1376af9f916aeeb306da3
SHA512 212b0c5d27615e8375d32d1952beee6b8292f38aae9c9612633839c4b102fcdb2555c3ee206f0df942df49cddb1d833e2773d7dc95a367a0c6628b871d6c6892

C:\Users\Admin\AppData\Local\Temp\_MEI16362\libssl-1_1.dll

MD5 9c266951ad1d135f50884069b4f096b7
SHA1 8d228026bf26ee1c83521afd84def1383028de52
SHA256 06958c63049e2d7fe1f56df3767e884023a76bba1f41319f7fab3439b28174c5
SHA512 df7fcc98246cd5cd37bd5b8bb3eb5e4849c0f7c1098108b8a591611a2185999d353e42d150edf68c0b02ac3bec704f407eb35ebd7c540f6a8224a4ab498bc19f

\Users\Admin\AppData\Local\Temp\_MEI16362\_asyncio.pyd

MD5 f206991b80607ca21cb15c685198502a
SHA1 a779a60768c97efae43514a1b9037ac6df5e8bb8
SHA256 575620215ec24a35c90861af446c557419825f8959360a144869fd9f7006ce3a
SHA512 b35fe95b3029a0ba461a6e914ce3e06864d0f20de6b07f59fc987172e3192d29756b2522f024fa5acf8a388aed954bf3e238dceaffca74e6723e6938ceec16c7

C:\Users\Admin\AppData\Local\Temp\_MEI16362\_overlapped.pyd

MD5 ca0a3ffac09d5bd28e43399154ceec6f
SHA1 85126bf731f8769faca08fbd6e2b3c68d8121ba1
SHA256 df107e0cbff96fb846951301c4811dbfb2e697bda84323cb739159b27c8a9696
SHA512 c5dc61c2db2f5dfa88275e0573419ae8f9d426cb23246e8c8ffb9c629c23760e81aa0f67a613d247536a6492e4cfa1c329bbadf125289e0e5ca06b193ef0903c

C:\Users\Admin\AppData\Local\Temp\_MEI16362\multidict\_multidict.cp38-win32.pyd

MD5 264b9c522d49e5e98ffa97e49aa0998c
SHA1 20aaaa7136e5b0e31e4d9fb020b875a92d0a075a
SHA256 1e2289e4c34a619168d12e4f2f6aab22dad6def49f72a87b7f3e9c83be3c8709
SHA512 afb6dc3146edb60587998715fde956f7baf831f9c8acc30dd3a2ea3ef44b411b1b92a5781dcda0659dc0bc9379e402b79d1442520eef081947d81debd3ea5f0a

C:\Users\Admin\AppData\Local\Temp\_MEI16362\_hashlib.pyd

MD5 330910a91b474545512d5b1b1576b8dc
SHA1 db4bdf2869ad1ea2109d43704ad104562c069b55
SHA256 15a177ffaceeda7d420a0046f04618499ae6b5ef6b02bfb1a0d682ef9d464eb9
SHA512 9e3786af1121a4a27b4e0bf71058ea60c559401015402d5c8d0b4ac3b8b948b3d410852adf04ed840db4a92cabb8a632a643b7ca8a2af92f751139ad46fe3fef

C:\Users\Admin\AppData\Local\Temp\_MEI16362\unicodedata.pyd

MD5 e1f715fcd3c852a016084d4d78fbeaae
SHA1 30c45e9a42a52047c091cef0060e0d1daea20a32
SHA256 f11480cb47ee949bcda4fb9e0d345dd4f0c23bfce691df90cf352ab9503b934e
SHA512 b925054397a151e8cee195dc17afb79fa260288fd6e5dee59a5d99c5c5cf300d718b52051bba67503e09085bd277710bab9109940d52a74f080315be45bebf21

C:\Users\Admin\AppData\Local\Temp\_MEI16362\yarl\_quoting_c.cp38-win32.pyd

MD5 5bb4d3999099096883f3e09bf5f83405
SHA1 c6546e40ada0b610c5aaabc2563aa0342213981b
SHA256 05393da211cf463a0e40141f0d77ccc565a540bbd555212df14450f00bed1d87
SHA512 1b321e4b638c3ccf7a100fdc5fd3e961c4cdd08dd6e19cde8c4832882959feb6b78082d0ed1801656b825d3b8d493f33a712b3d5d236919fb5aae096405b4e80

\Users\Admin\AppData\Local\Temp\_MEI16362\aiohttp\_helpers.cp38-win32.pyd

MD5 bc777d9ef65f8152782890d96e2d3ad9
SHA1 4341b6bac29b1c2fdd7b55460b537f71e6537a0c
SHA256 b09c14de25d8ca19360e59cf1624ed44837f2b417918905e61284a44637b7fa4
SHA512 04834c01ae996c4a529db8883127a15884df809b9ba50592f466a64febbf7764b87483dd8560756af7af0f7fb57bd89cc7af6848559f7002fd9ec2b45b5b049c

\Users\Admin\AppData\Local\Temp\_MEI16362\aiohttp\_http_writer.cp38-win32.pyd

MD5 c55c0d34371072dc5770e637298878f8
SHA1 e115e22e073869638576048622785d038ec20da6
SHA256 5e23d565de05989cc2de809a2f843101a1afbb0a7450ee7795ba86e306586290
SHA512 0e79701d63d2686b40dd356bb9b88d3a3e9d61ba15be12c5ddf80af861d9257d20a18f85772af8b1d6be09a6e35145f03f496be8f1cd70bc7f89c6340ed81d05

C:\Users\Admin\AppData\Local\Temp\_MEI16362\aiohttp\_http_parser.cp38-win32.pyd

MD5 46ca9fa6ce9a7b4102084bbb566499ca
SHA1 93a4467a405e7102ff58063848d8f5e78adb4b6a
SHA256 932c4dfa18500802acf220e7b6eaaaf4cddf0be125308626545cfc0e8266425e
SHA512 6e01e395e465584979af225443c47c69a71a7584e56b48492dead38888c03bfa52b13f3c152e01a127070a4f2ba79c17aac3785bf639ccac10654aac728c0851

\Users\Admin\AppData\Local\Temp\_MEI16362\aiohttp\_websocket.cp38-win32.pyd

MD5 49f4d3d8c92fb077ad09e04a8e0374f6
SHA1 04e59be90469a5fc167cc676460acb6efc3e96d3
SHA256 94c2125849736dce4b51c64262707e74ab65923616b2a6776403038b8dfc7bb2
SHA512 c4759c64fd648284df546b431032e12170d7b8adade91f76d239a3c293e96728ff8f08e9f7597f41378e4b9c861103bbfd5ca7c873049b3797184fd35c918298

\Users\Admin\AppData\Local\Temp\_MEI16362\aiohttp\_frozenlist.cp38-win32.pyd

MD5 be7678cb0d1cab049780970296f574d2
SHA1 4545111c0fa191c196dc84516b5728e6f62214eb
SHA256 972fcca874fc58f78cd92b11341c966ec11f7b27bdda90778051ca97eed65cbe
SHA512 acf4baf02c1ab653bec073939735cd6ceaebdc0c8d0d33bfade03bdb1e4b2a2ed3755701e228c360928309e731621c06bb0382ab1642181bf21e7f7e6742df0f

\Users\Admin\AppData\Local\Temp\_MEI16362\_queue.pyd

MD5 50ed43281ae603a6e16ca8c5592274ea
SHA1 88dceb2b6699b4964dbbf4aec3f0b7162e6ddb4d
SHA256 210ef3d8e80cf551286f388ea137b28c827751d4dec2792e0902e28fcfd233fd
SHA512 f70941e752726c3356f1a911575ff856a4ee4948f5419e5163c6ca739533af08a72ba8915e5a4fd61e69ee9c03d4d60cf47a6ecaeef7a2537a4aa0f7f4106fdd

C:\Users\Admin\AppData\Local\Temp\_MEI16362\cv2\cv2.cp38-win32.pyd

MD5 278cd90204aae375bab3c35dc1722cb4
SHA1 de202a517484a9ac0d26a050e987734a03b72228
SHA256 5a5ab2e4238ff5b48ab1725363a5136cd85b61998e4c2d36fbd40ad47b62fbde
SHA512 eaae8e60f7f7365b6f7c55ccba89ebb436c4eca82cebe2b51dabad0e65471da0758ac51effba0f376e9b9afe9f64b184c39d253f0ce27046af27fe7f959b82ad

C:\Users\Admin\AppData\Local\Temp\_MEI16362\numpy\core\_multiarray_umath.cp38-win32.pyd

MD5 2bccff87fe75e14dc810f1b12c7611d0
SHA1 97721059c94c4a8a2788db64662ee843b6bdd719
SHA256 2d7caae5b1372186fc33bfee42a39e12890a97473f70334333ccbd73919acc83
SHA512 41c45da8b0f9a6d8832edcc09683d518885e6c13c0eaec2c035a5cafeb4896de2e02201e5c28d151ed2e540421ee72f77fb0fa111883abdb3bf8edf9aba62ecd

\Users\Admin\AppData\Local\Temp\_MEI16362\libopenblas.D6ALFJ4QQDWP6YNOQJNPYL27LRE6SILT.gfortran-win32.dll

MD5 7b5adf80692830fe86e6da0b11173a35
SHA1 472bfbf128c6edc1ff1be8f3510ec33c80854c57
SHA256 82c5d92ca1c1f112b8fa65d8e115bd0ce6d0441c672a3b73c1375eac61c3c070
SHA512 b5b606a82e967f264d8f2518cca050a9553d070d1a4eff3223307e7ae0996003a8b5f83b29e73f6ebb70fd3199abf1564984c02d91a6739f69b57648c7f3a421

\Users\Admin\AppData\Local\Temp\_MEI16362\numpy\core\_multiarray_tests.cp38-win32.pyd

MD5 0e7078d9974c81b9ca9865a58fee4263
SHA1 663a0d652c646fbe69e6a6acb5e9b1b79f5ba6aa
SHA256 cedc715548ce121a92135e78c76352d6cdb47cde2f0447503cf225ccd9691683
SHA512 266834df65f50222d51c93988d94ba42f6848526a1021a6afe1a575016f920190ea195495e4f5b8efe6e17a1099fe3dc4fbc7d43da7cbefeb24a575598132679

C:\Users\Admin\AppData\Local\Temp\_MEI16362\numpy\linalg\_umath_linalg.cp38-win32.pyd

MD5 fda983921890e7e0d9f437c9676d5ac8
SHA1 70468f6be43e3fc3f610402771a14a683a504e11
SHA256 b96c5a44c7ac9dca9d4c63193748032383fc8ce402e6162941748e5de1b89f0d
SHA512 338fea8ea8c5a9c2e6c624d524622ba47ef075f17c7b227983e0f51d50b06234c2c3dd2fee53f07b1ad3c6901ab0118dcddea9492f08b06a7400b354065082ea

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 07:22

Reported

2024-05-29 07:24

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\windisc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\windisc.exe

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

C:\Users\Admin\AppData\Local\Temp\windisc.exe

"C:\Users\Admin\AppData\Local\Temp\windisc.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4c0 0x4f4

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.193:443 www.bing.com tcp
US 8.8.8.8:53 193.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.193:443 www.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 127.0.0.1:59371 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39202\setuptools-49.2.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI39202\python38.dll

MD5 2b5f50cc676c7fe476062064155da697
SHA1 d04fe5c342549e83bceb15294f029382946ba3c8
SHA256 59db58d5a51d258ee980298fd429f40bf373a0ba81c5e0625925fc7a46c809a7
SHA512 1d98e097cb054fd9428b4ffa6241eeed87bc160b0968c5eecffc5288ec88df8d3632d77c759a0919bfddf50ca989d4c542361dcccfa669b6ea30f2211707947d

C:\Users\Admin\AppData\Local\Temp\_MEI39202\VCRUNTIME140.dll

MD5 e4ca3dce43b1184bb18ff01f3a0f1a40
SHA1 604611d559ca41e73b12c362de6acf84db9aee43
SHA256 0778c7e17016895bb6962a9774acc5568afa1a50ba309b7d9726c89dad70bdbf
SHA512 137c884afa1b0b731bbd523abb47b83f31487a6ca051487292bc2a9eb7f103a0d3974fa743014018bd564be957210bdcd62c822f4ffb6441aee23b444c23e812

C:\Users\Admin\AppData\Local\Temp\_MEI39202\base_library.zip

MD5 387a7c14ffae258fa83cee4b7ff9a082
SHA1 23855b8284bd4b424378f8044a030d5e4b9c4e09
SHA256 d524b36c810c37b8fb7f2bc787d632f356dacf2c837a2103a6f5715db87fd4d0
SHA512 eda86fb739318e13c0112338e9749cd0eb68f8c82261ee7477677c21d6bc0faac225c3c07c4e976a205904dc711b2825d2f683700ebf459a36474554802b1543

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_ctypes.pyd

MD5 9920db5cdbcd1e69591ec24566a6eda1
SHA1 0a0ddbdd707a99df9db5374303d77e601496aed4
SHA256 d17a08eb7744162192eec8c99fbc2a6781bc9fba915d3751e6cd1d25b81d4dd1
SHA512 de95fdf48e3c95c9a714bff4e27db29733fc128a1211ada013f8e3e4cb9e50eb134aeaacb0f6e01afc09418591da19de1f6a5152f6256064af9d61a89c10ace6

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libffi-7.dll

MD5 bc20614744ebf4c2b8acd28d1fe54174
SHA1 665c0acc404e13a69800fae94efd69a41bdda901
SHA256 0c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA512 0c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b

C:\Users\Admin\AppData\Local\Temp\_MEI39202\pyexpat.pyd

MD5 c8d1f56d31d1b8a70349da51a9bfd951
SHA1 bd4fd5e8451930a64a66e3588408405453c482a2
SHA256 a89f5d88381363c1a097522a998358f668fb306c2ce0fc45486dc93bbb694ab4
SHA512 70f3d51d363e181ac70536ca2893a26f435918d3fead36d218ec5eb51617ecd415fe879dffb5619364d41be7d13569cfd936593308db8408ca8584226de470f3

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_socket.pyd

MD5 c60d80f1f1f35f1e923c452b3c67f326
SHA1 156d792b770aa6eaee002099f13a129d424ac8f9
SHA256 568971a512409e205b9242171bb55daa120b8d6b6faec2f7a30415ec13ab83e7
SHA512 9f499cb40a31dbc62af3ac36c5eae961a392654147ba2ea01f647decddf2712e4ecddd2accf9e313c855d381ecf61930c61ded0c77bfae52c5d570a977aa1c71

C:\Users\Admin\AppData\Local\Temp\_MEI39202\select.pyd

MD5 18fb38786f8b0d9054a5f81e41fa4293
SHA1 f0c93d17012dca9b89039667d2d9367b40f991c1
SHA256 fced60bdf3e79c48407e4f903469ab7a36ecf304cbf03e65eb712da6529aae98
SHA512 4aaf6276665dca76696b5801f7a82900dcec3e7eeb56787678d65551dd26ab6b9aabac0dc218b6306ad39408044498fb98a95e7bd4cb70662f68c68c55caf602

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_lzma.pyd

MD5 78457883e270ba94f462ee6fd9991bfb
SHA1 c425f8d1592c002cdbfec1659f052e5d70b60a20
SHA256 b1c72ea095304b09439499454ba2738b2332664859b25e3b590102ac38a64562
SHA512 2695da6045d3c9cbd846582f05ec547c29dc2e5c27796cf765f8c4e2587537285e9c9aeed86451d55689d75803ed2e72b7ead36c3b236201a6b7715938c3e0f0

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_bz2.pyd

MD5 b85b771a656911b152925434e948e5b6
SHA1 38549c9a3c19f7672ced7739b6ef39e59e6f15e7
SHA256 c0a8cbcb8dd86d43b179698cc94ef3664ec1f69868f1249088376928477c6c24
SHA512 e425a239e4b6ecdb0a6762576816dea3c4f608a0df94b804c6f58db2d42db3690928da63f53e7d83d8745b2e8188b35aed25249fa13455eeceb001eaf51d6080

C:\Users\Admin\AppData\Local\Temp\_MEI39202\win32api.pyd

MD5 3d4cdc4e1ac38eecd00f7ab9f72baf5d
SHA1 f362606fcb5762dd96792ae439385414e24fbe66
SHA256 4f242496e57f5f28c7bcf6fc599f1d021de499191997539a1dc53d50ae42cda6
SHA512 329c362afab9d74293005c868a2d9d3333113d9667c4470425e2e83ee5a541f1c877e3c66675c42c2ca285ac2e56e8bc78a37a71e222d8f48e16905560dcd14f

C:\Users\Admin\AppData\Local\Temp\_MEI39202\pywintypes38.dll

MD5 66abdc1521ef3fce5e9689b29832a49b
SHA1 5a2b330777350744ae1910eae163b533139e7588
SHA256 d522e94eb7c618ed75e8d86be5d690232c007dadaf4acf29d68708242000e890
SHA512 d4d8551f48d0d9c2c9361a712cc489e52f9e64fc09bc2e6bf4bc45a119df54acfffddb74a7d789e95da07f05f4cd4166efa436525c31e086ee31e418b944cbaf

C:\Users\Admin\AppData\Local\Temp\_MEI39202\pythoncom38.dll

MD5 01397518d5cf95a2389207ea5ca84412
SHA1 8f59b5048a368a81c2648e83d3ae32bebbc35803
SHA256 a8a4f1d8866b7d1aaa3cc0e515ae89929b2074e6c86862940a4e5a98e59c4a1e
SHA512 5f48461eae23bcda64716a64bcf7416ebd2c90aacd5ef34f1459137a1039f5538a7a21ff34c25cfb820beec683130b59e0c3209a56c0633a0e45f964f127a681

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_ssl.pyd

MD5 0de0a1a820602c7014009c03d8a34690
SHA1 6ee30a699b00360bfecde274cf5393e0b33f694c
SHA256 da498586b6b7831bec4fecdb2f0420b88d5ae64293c88c4c4fb3fa3715ed71fa
SHA512 47f77bb81f7f90fbccf3ffd41b3fb55d8422319d4a5eb93a13b54fa7f0288db4f798ae6ce4bc3d3c2b9d6d4ff75c9fc2729e90ff3a7aa3cfcf20732fac8a37ed

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libcrypto-1_1.dll

MD5 c7298cd5232cf8f6e34b3404fc276266
SHA1 a043e0ff71244a65a9c2c27c95622e6cc127b932
SHA256 1e95a63b165672accde92a9c9f8b9052c8f6357344f1376af9f916aeeb306da3
SHA512 212b0c5d27615e8375d32d1952beee6b8292f38aae9c9612633839c4b102fcdb2555c3ee206f0df942df49cddb1d833e2773d7dc95a367a0c6628b871d6c6892

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libssl-1_1.dll

MD5 9c266951ad1d135f50884069b4f096b7
SHA1 8d228026bf26ee1c83521afd84def1383028de52
SHA256 06958c63049e2d7fe1f56df3767e884023a76bba1f41319f7fab3439b28174c5
SHA512 df7fcc98246cd5cd37bd5b8bb3eb5e4849c0f7c1098108b8a591611a2185999d353e42d150edf68c0b02ac3bec704f407eb35ebd7c540f6a8224a4ab498bc19f

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_overlapped.pyd

MD5 ca0a3ffac09d5bd28e43399154ceec6f
SHA1 85126bf731f8769faca08fbd6e2b3c68d8121ba1
SHA256 df107e0cbff96fb846951301c4811dbfb2e697bda84323cb739159b27c8a9696
SHA512 c5dc61c2db2f5dfa88275e0573419ae8f9d426cb23246e8c8ffb9c629c23760e81aa0f67a613d247536a6492e4cfa1c329bbadf125289e0e5ca06b193ef0903c

C:\Users\Admin\AppData\Local\Temp\_MEI39202\multidict\_multidict.cp38-win32.pyd

MD5 264b9c522d49e5e98ffa97e49aa0998c
SHA1 20aaaa7136e5b0e31e4d9fb020b875a92d0a075a
SHA256 1e2289e4c34a619168d12e4f2f6aab22dad6def49f72a87b7f3e9c83be3c8709
SHA512 afb6dc3146edb60587998715fde956f7baf831f9c8acc30dd3a2ea3ef44b411b1b92a5781dcda0659dc0bc9379e402b79d1442520eef081947d81debd3ea5f0a

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_hashlib.pyd

MD5 330910a91b474545512d5b1b1576b8dc
SHA1 db4bdf2869ad1ea2109d43704ad104562c069b55
SHA256 15a177ffaceeda7d420a0046f04618499ae6b5ef6b02bfb1a0d682ef9d464eb9
SHA512 9e3786af1121a4a27b4e0bf71058ea60c559401015402d5c8d0b4ac3b8b948b3d410852adf04ed840db4a92cabb8a632a643b7ca8a2af92f751139ad46fe3fef

C:\Users\Admin\AppData\Local\Temp\_MEI39202\unicodedata.pyd

MD5 e1f715fcd3c852a016084d4d78fbeaae
SHA1 30c45e9a42a52047c091cef0060e0d1daea20a32
SHA256 f11480cb47ee949bcda4fb9e0d345dd4f0c23bfce691df90cf352ab9503b934e
SHA512 b925054397a151e8cee195dc17afb79fa260288fd6e5dee59a5d99c5c5cf300d718b52051bba67503e09085bd277710bab9109940d52a74f080315be45bebf21

C:\Users\Admin\AppData\Local\Temp\_MEI39202\yarl\_quoting_c.cp38-win32.pyd

MD5 5bb4d3999099096883f3e09bf5f83405
SHA1 c6546e40ada0b610c5aaabc2563aa0342213981b
SHA256 05393da211cf463a0e40141f0d77ccc565a540bbd555212df14450f00bed1d87
SHA512 1b321e4b638c3ccf7a100fdc5fd3e961c4cdd08dd6e19cde8c4832882959feb6b78082d0ed1801656b825d3b8d493f33a712b3d5d236919fb5aae096405b4e80

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_asyncio.pyd

MD5 f206991b80607ca21cb15c685198502a
SHA1 a779a60768c97efae43514a1b9037ac6df5e8bb8
SHA256 575620215ec24a35c90861af446c557419825f8959360a144869fd9f7006ce3a
SHA512 b35fe95b3029a0ba461a6e914ce3e06864d0f20de6b07f59fc987172e3192d29756b2522f024fa5acf8a388aed954bf3e238dceaffca74e6723e6938ceec16c7

C:\Users\Admin\AppData\Local\Temp\_MEI39202\aiohttp\_helpers.cp38-win32.pyd

MD5 bc777d9ef65f8152782890d96e2d3ad9
SHA1 4341b6bac29b1c2fdd7b55460b537f71e6537a0c
SHA256 b09c14de25d8ca19360e59cf1624ed44837f2b417918905e61284a44637b7fa4
SHA512 04834c01ae996c4a529db8883127a15884df809b9ba50592f466a64febbf7764b87483dd8560756af7af0f7fb57bd89cc7af6848559f7002fd9ec2b45b5b049c

C:\Users\Admin\AppData\Local\Temp\_MEI39202\aiohttp\_http_writer.cp38-win32.pyd

MD5 c55c0d34371072dc5770e637298878f8
SHA1 e115e22e073869638576048622785d038ec20da6
SHA256 5e23d565de05989cc2de809a2f843101a1afbb0a7450ee7795ba86e306586290
SHA512 0e79701d63d2686b40dd356bb9b88d3a3e9d61ba15be12c5ddf80af861d9257d20a18f85772af8b1d6be09a6e35145f03f496be8f1cd70bc7f89c6340ed81d05

C:\Users\Admin\AppData\Local\Temp\_MEI39202\aiohttp\_http_parser.cp38-win32.pyd

MD5 46ca9fa6ce9a7b4102084bbb566499ca
SHA1 93a4467a405e7102ff58063848d8f5e78adb4b6a
SHA256 932c4dfa18500802acf220e7b6eaaaf4cddf0be125308626545cfc0e8266425e
SHA512 6e01e395e465584979af225443c47c69a71a7584e56b48492dead38888c03bfa52b13f3c152e01a127070a4f2ba79c17aac3785bf639ccac10654aac728c0851

C:\Users\Admin\AppData\Local\Temp\_MEI39202\aiohttp\_frozenlist.cp38-win32.pyd

MD5 be7678cb0d1cab049780970296f574d2
SHA1 4545111c0fa191c196dc84516b5728e6f62214eb
SHA256 972fcca874fc58f78cd92b11341c966ec11f7b27bdda90778051ca97eed65cbe
SHA512 acf4baf02c1ab653bec073939735cd6ceaebdc0c8d0d33bfade03bdb1e4b2a2ed3755701e228c360928309e731621c06bb0382ab1642181bf21e7f7e6742df0f

C:\Users\Admin\AppData\Local\Temp\_MEI39202\aiohttp\_websocket.cp38-win32.pyd

MD5 49f4d3d8c92fb077ad09e04a8e0374f6
SHA1 04e59be90469a5fc167cc676460acb6efc3e96d3
SHA256 94c2125849736dce4b51c64262707e74ab65923616b2a6776403038b8dfc7bb2
SHA512 c4759c64fd648284df546b431032e12170d7b8adade91f76d239a3c293e96728ff8f08e9f7597f41378e4b9c861103bbfd5ca7c873049b3797184fd35c918298

C:\Users\Admin\AppData\Local\Temp\_MEI39202\_queue.pyd

MD5 50ed43281ae603a6e16ca8c5592274ea
SHA1 88dceb2b6699b4964dbbf4aec3f0b7162e6ddb4d
SHA256 210ef3d8e80cf551286f388ea137b28c827751d4dec2792e0902e28fcfd233fd
SHA512 f70941e752726c3356f1a911575ff856a4ee4948f5419e5163c6ca739533af08a72ba8915e5a4fd61e69ee9c03d4d60cf47a6ecaeef7a2537a4aa0f7f4106fdd

C:\Users\Admin\AppData\Local\Temp\_MEI39202\cv2\cv2.cp38-win32.pyd

MD5 278cd90204aae375bab3c35dc1722cb4
SHA1 de202a517484a9ac0d26a050e987734a03b72228
SHA256 5a5ab2e4238ff5b48ab1725363a5136cd85b61998e4c2d36fbd40ad47b62fbde
SHA512 eaae8e60f7f7365b6f7c55ccba89ebb436c4eca82cebe2b51dabad0e65471da0758ac51effba0f376e9b9afe9f64b184c39d253f0ce27046af27fe7f959b82ad

C:\Users\Admin\AppData\Local\Temp\_MEI39202\numpy\core\_multiarray_umath.cp38-win32.pyd

MD5 2bccff87fe75e14dc810f1b12c7611d0
SHA1 97721059c94c4a8a2788db64662ee843b6bdd719
SHA256 2d7caae5b1372186fc33bfee42a39e12890a97473f70334333ccbd73919acc83
SHA512 41c45da8b0f9a6d8832edcc09683d518885e6c13c0eaec2c035a5cafeb4896de2e02201e5c28d151ed2e540421ee72f77fb0fa111883abdb3bf8edf9aba62ecd

C:\Users\Admin\AppData\Local\Temp\_MEI39202\libopenblas.D6ALFJ4QQDWP6YNOQJNPYL27LRE6SILT.gfortran-win32.dll

MD5 7b5adf80692830fe86e6da0b11173a35
SHA1 472bfbf128c6edc1ff1be8f3510ec33c80854c57
SHA256 82c5d92ca1c1f112b8fa65d8e115bd0ce6d0441c672a3b73c1375eac61c3c070
SHA512 b5b606a82e967f264d8f2518cca050a9553d070d1a4eff3223307e7ae0996003a8b5f83b29e73f6ebb70fd3199abf1564984c02d91a6739f69b57648c7f3a421

C:\Users\Admin\AppData\Local\Temp\_MEI39202\numpy\core\_multiarray_tests.cp38-win32.pyd

MD5 0e7078d9974c81b9ca9865a58fee4263
SHA1 663a0d652c646fbe69e6a6acb5e9b1b79f5ba6aa
SHA256 cedc715548ce121a92135e78c76352d6cdb47cde2f0447503cf225ccd9691683
SHA512 266834df65f50222d51c93988d94ba42f6848526a1021a6afe1a575016f920190ea195495e4f5b8efe6e17a1099fe3dc4fbc7d43da7cbefeb24a575598132679