Resubmissions

29/05/2024, 12:46

240529-pznljafe92 7

29/05/2024, 12:43

240529-pyanaafe44 7

Analysis

  • max time kernel
    91s
  • max time network
    104s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 12:43

General

  • Target

    SwezyBuild.exe

  • Size

    67.8MB

  • MD5

    17f44a88b31ae5c1c3792c9cebe29fcd

  • SHA1

    1e5093b1a07ee52bef152e8e2d253d8635b6d6b9

  • SHA256

    25d68ff4333f885ad357f66f64f4082533df425ef53b03553dde1ab62d99969d

  • SHA512

    ca2435d88294b6b3bfe1057d03f45604eb51ca8df777fca62f7f3e90d7ecf843facc40a540bf033f17fe4b4a25ad33cbcbffc369cf3addcbf7dd0ea8e9172131

  • SSDEEP

    1572864:uNVjnnXGMK4XR3bLSCU/+6yPlvWIS7E885Hpw85HpU:KjngYRPSC++6y9+IS+VpRVpU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SwezyBuild.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Users\Admin\AppData\Local\Temp\SwezyBuild.exe
      C:\Users\Admin\AppData\Local\Temp\SwezyBuild.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Users\Admin\AppData\Local\Temp\SwezyBuild.exe
        C:\Users\Admin\AppData\Local\Temp\SwezyBuild.exe
        3⤵
        • Loads dropped DLL
        PID:2340
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
    1⤵
      PID:324
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
      1⤵
        PID:2260
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
        1⤵
          PID:712
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4244 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
          1⤵
            PID:2940
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
            1⤵
              PID:856
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2060 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
              1⤵
                PID:1264
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4104 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                1⤵
                  PID:1760
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3748 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                  1⤵
                    PID:2940
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2476 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                    1⤵
                      PID:400
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3164 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                      1⤵
                        PID:2028
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                        1⤵
                          PID:1856
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                          1⤵
                            PID:2572
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2500 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                            1⤵
                              PID:1844
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=2420 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                              1⤵
                                PID:2728
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                1⤵
                                  PID:2560
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=2516 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                  1⤵
                                    PID:2280
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=4240 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                    1⤵
                                      PID:312
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2240 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                      1⤵
                                        PID:604
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=1716 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                        1⤵
                                          PID:468
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                          1⤵
                                            PID:3544
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=4612 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                            1⤵
                                              PID:3556
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                              1⤵
                                                PID:948
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                1⤵
                                                  PID:1616
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                  1⤵
                                                    PID:2676
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=4688 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                                    1⤵
                                                      PID:3092
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=4920 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                                      1⤵
                                                        PID:3256
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=3452 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                                        1⤵
                                                          PID:3264
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=4552 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                                          1⤵
                                                            PID:3336
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                            1⤵
                                                              PID:3348
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=4072 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:1
                                                              1⤵
                                                                PID:3572
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                1⤵
                                                                  PID:3732
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1596 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                  1⤵
                                                                    PID:3740
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3636 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                    1⤵
                                                                      PID:3748
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                      1⤵
                                                                        PID:3896
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4632 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                        1⤵
                                                                          PID:3976
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3628 --field-trial-handle=1708,i,11505129518215080299,12125716079723767500,131072 /prefetch:8
                                                                          1⤵
                                                                            PID:3984
                                                                          • C:\Users\Admin\Downloads\python-3.12.3-amd64.exe
                                                                            "C:\Users\Admin\Downloads\python-3.12.3-amd64.exe"
                                                                            1⤵
                                                                            • Loads dropped DLL
                                                                            • Suspicious use of WriteProcessMemory
                                                                            PID:3992
                                                                            • C:\Windows\Temp\{9389E6B4-3F83-4146-B0CF-1B7434340466}\.cr\python-3.12.3-amd64.exe
                                                                              "C:\Windows\Temp\{9389E6B4-3F83-4146-B0CF-1B7434340466}\.cr\python-3.12.3-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.3-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              PID:4080

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-file-l1-2-0.dll

                                                                            Filesize

                                                                            21KB

                                                                            MD5

                                                                            bcb8b9f6606d4094270b6d9b2ed92139

                                                                            SHA1

                                                                            bd55e985db649eadcb444857beed397362a2ba7b

                                                                            SHA256

                                                                            fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118

                                                                            SHA512

                                                                            869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-localization-l1-2-0.dll

                                                                            Filesize

                                                                            21KB

                                                                            MD5

                                                                            20ddf543a1abe7aee845de1ec1d3aa8e

                                                                            SHA1

                                                                            0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf

                                                                            SHA256

                                                                            d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8

                                                                            SHA512

                                                                            96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-processthreads-l1-1-1.dll

                                                                            Filesize

                                                                            21KB

                                                                            MD5

                                                                            4380d56a3b83ca19ea269747c9b8302b

                                                                            SHA1

                                                                            0c4427f6f0f367d180d37fc10ecbe6534ef6469c

                                                                            SHA256

                                                                            a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a

                                                                            SHA512

                                                                            1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\python39.dll

                                                                            Filesize

                                                                            4.3MB

                                                                            MD5

                                                                            11c051f93c922d6b6b4829772f27a5be

                                                                            SHA1

                                                                            42fbdf3403a4bc3d46d348ca37a9f835e073d440

                                                                            SHA256

                                                                            0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

                                                                            SHA512

                                                                            1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Africa\Conakry

                                                                            Filesize

                                                                            148B

                                                                            MD5

                                                                            09a9397080948b96d97819d636775e33

                                                                            SHA1

                                                                            5cc9b028b5bd2222200e20091a18868ea62c4f18

                                                                            SHA256

                                                                            d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997

                                                                            SHA512

                                                                            2eccf2515599ed261e96da3fbcfbab0b6a2dfc86a1d87e3814091709f0bfe2f600c3044c8555ed027978a8ae9045666ee639a8c249f48d665d8e5c60f0597799

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Africa\Dar_es_Salaam

                                                                            Filesize

                                                                            265B

                                                                            MD5

                                                                            86dcc322e421bc8bdd14925e9d61cd6c

                                                                            SHA1

                                                                            289d1fb5a419107bc1d23a84a9e06ad3f9ee8403

                                                                            SHA256

                                                                            c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968

                                                                            SHA512

                                                                            d32771be8629fb3186723c8971f06c3803d31389438b29bf6baa958b3f9db9a38971019583ba272c7a8f5eb4a633dfc467bfcb6f76faa8e290bad4fd7366bb2b

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Africa\Kigali

                                                                            Filesize

                                                                            149B

                                                                            MD5

                                                                            b77fb20b4917d76b65c3450a7117023c

                                                                            SHA1

                                                                            b99f3115100292d9884a22ed9aef9a9c43b31ccd

                                                                            SHA256

                                                                            93f19e9551d58868ae5820752d2c93a486124c364463dc9c9489d0458f8bc682

                                                                            SHA512

                                                                            a088c2a4c7d72717257c3125c7c2aca28463d68306ea452afaad75b8a0f9e5730a8d9c430d14668809717a672dc63c4816762acb046b339da662da421a6d65df

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Africa\Lagos

                                                                            Filesize

                                                                            235B

                                                                            MD5

                                                                            8244c4cc8508425b6612fa24df71e603

                                                                            SHA1

                                                                            30ba925b4670235915dddfa1dd824dd9d7295eac

                                                                            SHA256

                                                                            cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846

                                                                            SHA512

                                                                            560c7581dcb2c800eae779005e41406beaf15d24efc763304e3111b9bb6074fe0ba59c48b5a2c5511245551b94418bbc35934d9bd46313fcc6e383323056668c

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\America\Curacao

                                                                            Filesize

                                                                            246B

                                                                            MD5

                                                                            adf95d436701b9774205f9315ec6e4a4

                                                                            SHA1

                                                                            fcf8be5296496a5dd3a7a97ed331b0bb5c861450

                                                                            SHA256

                                                                            8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497

                                                                            SHA512

                                                                            f8fceff3c346224d693315af1ab12433eb046415200abaa6cdd65fd0ad40673fdddf67b83563d351e4aa520565881a4226fb37d578d3ba88a135e596ebb9b348

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\America\Toronto

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            44a2dd3cb61b90aa4201c38e571a15ba

                                                                            SHA1

                                                                            73f6ad91b2c748957bdaec149db3b1b6b0d8ac86

                                                                            SHA256

                                                                            820392cdb1e499f82ef704d0ccfd0c50ab2b28c6e0bdeb80793861d5e165d5ad

                                                                            SHA512

                                                                            11ddb971c65c2f4ecc690ef685163f2972c089660f4778997964d89113a403030927edbb2ed397b81cf61bde9276add6a43ee8ee92dfa69a6d102b035fe9f01d

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Etc\Greenwich

                                                                            Filesize

                                                                            114B

                                                                            MD5

                                                                            9cd2aef183c064f630dfcf6018551374

                                                                            SHA1

                                                                            2a8483df5c2809f1dfe0c595102c474874338379

                                                                            SHA256

                                                                            6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d

                                                                            SHA512

                                                                            dafa0cb9d0a8e0ff75a19be499751ad85372aafa856ff06dd68ecf2b1c5578bb98a040becaecf0aed2c3e4ff7372ff200fe7614334756d19fe79dd61c01d4e92

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Europe\London

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            a40006ee580ef0a4b6a7b925fee2e11f

                                                                            SHA1

                                                                            1beba7108ea93c7111dabc9d7f4e4bfdea383992

                                                                            SHA256

                                                                            c85495070dca42687df6a1c3ee780a27cbcb82f1844750ea6f642833a44d29b4

                                                                            SHA512

                                                                            316ecacc34136294ce11dcb6d0f292570ad0515f799fd59fbff5e7121799860b1347d802b6439a291f029573a3715e043009e2c1d5275f38957be9e04f92e62e

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Europe\Oslo

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            7db6c3e5031eaf69e6d1e5583ab2e870

                                                                            SHA1

                                                                            918341ad71f9d3acd28997326e42d5b00fba41e0

                                                                            SHA256

                                                                            5ee475f71a0fc1a32faeb849f8c39c6e7aa66d6d41ec742b97b3a7436b3b0701

                                                                            SHA512

                                                                            688eaa6d3001192addaa49d4e15f57aa59f3dd9dc511c063aa2687f36ffd28ffef01d937547926be6477bba8352a8006e8295ee77690be935f76d977c3ea12fe

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Europe\Skopje

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            6213fc0a706f93af6ff6a831fecbc095

                                                                            SHA1

                                                                            961a2223fd1573ab344930109fbd905336175c5f

                                                                            SHA256

                                                                            3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a

                                                                            SHA512

                                                                            8149de3fd09f8e0f5a388f546ffe8823bdcda662d3e285b5cebc92738f0c6548ccb6ed2a5d086fd738cb3edc8e9e1f81c5e2e48edb0571e7ea7f131675b99327

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\PRC

                                                                            Filesize

                                                                            561B

                                                                            MD5

                                                                            09dd479d2f22832ce98c27c4db7ab97c

                                                                            SHA1

                                                                            79360e38e040eaa15b6e880296c1d1531f537b6f

                                                                            SHA256

                                                                            64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6

                                                                            SHA512

                                                                            f88ae25f3f04c7d5d5f98aafecc03cc7e4e56f1cd4c8deba6afd043f0fb7fe67b4d50e4df5493e77c6b34ba183e019442e736a13f784ba8c2847c06fd74ff200

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Pacific\Wallis

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            5bdd7374e21e3df324a5b3d178179715

                                                                            SHA1

                                                                            244ed7d52bc39d915e1f860727ecfe3f4b1ae121

                                                                            SHA256

                                                                            53268a8a6b11f0b8e02fc67683ae48d074efaf7b4c66e036c1478107afd9a7d7

                                                                            SHA512

                                                                            9c76f39e8795c50e6c5b384a7ff1f308a1c5173f42f810759b36cdeae7d33d1dac4934efeed580c59d988c152e2d7f8d9b8eb2073ab1fc15e4b9c10900c7b383

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\Pacific\Yap

                                                                            Filesize

                                                                            172B

                                                                            MD5

                                                                            ec972f59902432836f93737f75c5116f

                                                                            SHA1

                                                                            331542d6faf6ab15ffd364d57fbaa62629b52b94

                                                                            SHA256

                                                                            9c1dfa1c15994dd8774e53f40cb14dcf529143468721f1dba7b2c2e14ae9f5f0

                                                                            SHA512

                                                                            e8e8c8f6d096c352d1244280254e4c6ecf93f7c2ff69ecc6fa4363a6be8a2daf6cfcd7f0d96bc2669268ced5565532fa06be348a139b0742ccccb83953c6324d

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\pytz\zoneinfo\UCT

                                                                            Filesize

                                                                            114B

                                                                            MD5

                                                                            38bb24ba4d742dd6f50c1cba29cd966a

                                                                            SHA1

                                                                            d0b8991654116e9395714102c41d858c1454b3bd

                                                                            SHA256

                                                                            8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2

                                                                            SHA512

                                                                            194867d0cf66c2de4969dbfeb58c775964ecb2132acdc1b000b5ef0998cefde4a2979ffc04ec8b7dcb430e43326a79d9cedb28ecea184345aa7d742eaf9234ac

                                                                          • C:\Users\Admin\AppData\Local\Temp\_MEI21322\ucrtbase.dll

                                                                            Filesize

                                                                            992KB

                                                                            MD5

                                                                            0e0bac3d1dcc1833eae4e3e4cf83c4ef

                                                                            SHA1

                                                                            4189f4459c54e69c6d3155a82524bda7549a75a6

                                                                            SHA256

                                                                            8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

                                                                            SHA512

                                                                            a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

                                                                          • C:\Windows\Temp\{76382905-4B1B-4BB4-B4BA-44CAAA9C6424}\.ba\SideBar.png

                                                                            Filesize

                                                                            50KB

                                                                            MD5

                                                                            888eb713a0095756252058c9727e088a

                                                                            SHA1

                                                                            c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

                                                                            SHA256

                                                                            79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

                                                                            SHA512

                                                                            7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

                                                                          • \Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-file-l2-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            bfffa7117fd9b1622c66d949bac3f1d7

                                                                            SHA1

                                                                            402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

                                                                            SHA256

                                                                            1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

                                                                            SHA512

                                                                            b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

                                                                          • \Users\Admin\AppData\Local\Temp\_MEI21322\api-ms-win-core-timezone-l1-1-0.dll

                                                                            Filesize

                                                                            21KB

                                                                            MD5

                                                                            2554060f26e548a089cab427990aacdf

                                                                            SHA1

                                                                            8cc7a44a16d6b0a6b7ed444e68990ff296d712fe

                                                                            SHA256

                                                                            5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044

                                                                            SHA512

                                                                            fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

                                                                          • \Windows\Temp\{76382905-4B1B-4BB4-B4BA-44CAAA9C6424}\.ba\PythonBA.dll

                                                                            Filesize

                                                                            675KB

                                                                            MD5

                                                                            74bbd9179465851bc0145bf1ca37c73a

                                                                            SHA1

                                                                            09fdc7061d81f2a2fa548169f2239cdc2e76979d

                                                                            SHA256

                                                                            17e381ff07daf726967a8c4c66eeb4e8e2a56f9b722bde953827ce7971460e0b

                                                                            SHA512

                                                                            d5b99d4264c39740fcfad886168054070f7b0144cd1dad9bf858e8b72c6fef90a07da8ae1a4e9554645da84dd69e823a6259a0c30214b343b4e48ab81fa382d4

                                                                          • \Windows\Temp\{9389E6B4-3F83-4146-B0CF-1B7434340466}\.cr\python-3.12.3-amd64.exe

                                                                            Filesize

                                                                            858KB

                                                                            MD5

                                                                            d6958b9b90d2667936691080102ecc18

                                                                            SHA1

                                                                            c8e252d4926c81b4143aaeb89957662464eb3cd4

                                                                            SHA256

                                                                            ebee7043423bc83b3e8c8dde159e660cf15b376e248c3f8385b5076b85083614

                                                                            SHA512

                                                                            f49059a69df60cf3f6fb22787ff02809e5a8190777fa81c8672c14f9f104b2b7b1cb339a2773facb6dc450bcb51c4a0f80099fb0e992f7226c9ebcc56cf040e5