Malware Analysis Report

2024-11-30 13:36

Sample ID 240604-c3a4dsae2x
Target main.exe
SHA256 af6d3d5d4869037547a06e1e8fd89146df1f53d48ebb68090df2a9e17f656a0e
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

af6d3d5d4869037547a06e1e8fd89146df1f53d48ebb68090df2a9e17f656a0e

Threat Level: Shows suspicious behavior

The file main.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Unsigned PE

Detects Pyinstaller

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 02:36

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 02:35

Reported

2024-06-04 02:39

Platform

win7-20240419-en

Max time kernel

59s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1824 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 1824 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 1824 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 2340 wrote to memory of 2996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 1780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2340 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f49758,0x7fef6f49768,0x7fef6f49778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1272 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1488 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1220,i,10786313731755327758,4720730236838188467,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI18242\python310.dll

MD5 a1185bef38fdba5e3fe6a71f93a9d142
SHA1 e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA256 8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512 cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_2340_CBEISATRGXKLAWKZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 925b2b5e144fa1e573ea50661133cc2b
SHA1 c1e57a316435854ce1a54818abcbbac956191605
SHA256 7339120a61419b7f210ba3b4d6205da920fd76eb1383792bebb5a9cd9a15d4dd
SHA512 67fb70bfd73c4d7f937d6befa862836a4063a816a60712a854d9559ba428dcb7f4c45253acf2de71d87b8ae6fd2beb8ac5d087fe4bcaf3fb65c83e610aabc000

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2fd293c117e7ac38005ef7e6a60c66cb
SHA1 ae28b16fa3e46f9f6e1897b655922803a303a30e
SHA256 d199a2902bfeb223c7b4ab901f7e89acd053fd11c8e91796404c902494a03e4a
SHA512 6bd32dd533b2a9dbf8b772d61f86ee518fb25495058b586f03e1b837555563276dc743498126d935d6cf6400a44edbd53f5a25d5f340847eca1c534a57f71341

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c525caaf-e22b-444f-82ae-6602050c08a7.tmp

MD5 de6a8914a33b58fab3b1637fe136ba34
SHA1 d1f5ccd78fcab4e7fe1e4f815d6840bb0c9c8619
SHA256 ca68f7dda45b1497980d1bedc2089de7de5bbdab558246ad61704cd8c24b9947
SHA512 4ac4bbd6823d5315aa59880574f2b70d4547e3d96ffcb4658fdfd339cd0f687cb43bc01d6b1f530d46c1f7b0b86aa195407d75bb695022bad718a711fcc1c544

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 62de3eea57890c59493334f77712f7a4
SHA1 1f89f7116b31bdd9bde1145930310d8f416b0252
SHA256 b08073ad72a7a724883032ce0505bb78c5199641c43eb2c910f7df3fc60ccdb3
SHA512 d94d8645496695dc3d18fd422c90ac605d101ee72557d2f31661525fa68bab83890e94d8b459c8350df348c082864ed0902cba1f3fc172410ba28f750503a77f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3a94073c918926946ce4cbab9b509518
SHA1 67d410a6a60f3b1574b6bc56f90955dbaee0149e
SHA256 75be0612381b2e09a89dcf161a8d18d0f69d32d29f8a39189114df412035f830
SHA512 a99ec67823ee507cf325abf7058bf9e0b690989f6e61be7e4326c02b6aaf5aee5539b955b35aeb15dbecdc6eef55fcfafd932b5acdfff25d128f74f4e361f447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d6e6ff35f41327e6e739bd724cabb9d
SHA1 cdd1b1da9c8dd9a2f4ec29458bcaf7c3039471ae
SHA256 7bdb47c0e0e38dfa4ddc0bd9c58bb08238bca3efb136ff42556362d709edd084
SHA512 6e73c149c359b2473304d866842c5c48aabb12a5e1dc5b78581572e2201af159e5d91b8d2a73baaaa674b052243f094f31173b6aa203e58e7667970f106a1f89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a5736fb9-f607-4028-9828-8a8bec30d040.tmp

MD5 5f6d6cd9a866caf63841253036ec0e86
SHA1 5279379d7ec63d4fc5be84d99e8803b894dc0903
SHA256 063c800154dd02bb50e848309747d23e33c81214cb6bf1408a6fd49bdfda4b43
SHA512 38e37717cd5848d489e2a0d0b8f374c8a4024eba4b9e6148f92bf140e7264ad84aefb196a568fdbf16c33736de643bf5343be77e02a9c546d58b00cad7afcfd0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 02:35

Reported

2024-06-04 02:39

Platform

win10v2004-20240508-en

Max time kernel

135s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c title Discord Cloner - Developed by Timq#4444

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4488,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 35.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:49914 tcp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14202\python310.dll

MD5 a1185bef38fdba5e3fe6a71f93a9d142
SHA1 e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA256 8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512 cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

C:\Users\Admin\AppData\Local\Temp\_MEI14202\VCRUNTIME140.dll

MD5 a87575e7cf8967e481241f13940ee4f7
SHA1 879098b8a353a39e16c79e6479195d43ce98629e
SHA256 ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512 e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

C:\Users\Admin\AppData\Local\Temp\_MEI14202\base_library.zip

MD5 73d81c2115e53003f3dad7fd0a109c70
SHA1 13261a53023854ad0ca8a4c0e66f9003da541525
SHA256 fd113fa1f7379ac2193bac8475121b53edf35d2aea559fb5ee514e46622ea5a7
SHA512 0d9b47cbb3c6b638c9f58e86f1c4243647f129425b36818e2f39d7cd88ef4e5720535cb6034829822b96a126a2ed40a4ea116ce748ae77c8527a6ead15476a0b

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ctypes.pyd

MD5 92276f41ff9c856f4dbfa6508614e96c
SHA1 5bc8c3555e3407a3c78385ff2657de3dec55988e
SHA256 9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850
SHA512 9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_socket.pyd

MD5 c5378bac8c03d7ef46305ee8394560f5
SHA1 2aa7bc90c0ec4d21113b8aa6709569d59fadd329
SHA256 130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9
SHA512 1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

C:\Users\Admin\AppData\Local\Temp\_MEI14202\select.pyd

MD5 63ede3c60ee921074647ec0278e6aa45
SHA1 a02c42d3849ad8c03ce60f2fd1797b1901441f26
SHA256 cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5
SHA512 d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_lzma.pyd

MD5 a6bee109071bbcf24e4d82498d376f82
SHA1 1babacdfaa60e39e21602908047219d111ed8657
SHA256 ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f
SHA512 8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

C:\Users\Admin\AppData\Local\Temp\_MEI14202\psutil\_psutil_windows.cp310-win_amd64.pyd

MD5 6e04a1d41b0897878583702d398bdc88
SHA1 33f396728c57505b0b897b547c692a9cf8959a36
SHA256 be9701a1c3e48599d8c22c2c371d5493e9a97fa5063022c110842ecb886214e3
SHA512 f9fc5d2c480fb7edcad9490925b75007523adecdd0400adaaab888d12f1e67abfd614a142e38a93ba3b42de2e466f1aa0f48625e76bbe3868b9c308b0bdf4d66

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_ssl.pyd

MD5 9d810454bc451ff440ec95de36088909
SHA1 8c890b934a2d84c548a09461ca1e783810f075be
SHA256 5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7
SHA512 0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libssl-1_1.dll

MD5 de72697933d7673279fb85fd48d1a4dd
SHA1 085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256 ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA512 0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

C:\Users\Admin\AppData\Local\Temp\_MEI14202\libcrypto-1_1.dll

MD5 ab01c808bed8164133e5279595437d3d
SHA1 0f512756a8db22576ec2e20cf0cafec7786fb12b
SHA256 9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA512 4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_asyncio.pyd

MD5 483bfc095eb82f33f46aefbb21d97012
SHA1 def348a201c9d1434514ca9f5fc7385ca0bd2184
SHA256 5e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6
SHA512 fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705

C:\Users\Admin\AppData\Local\Temp\_MEI14202\multidict\_multidict.cp310-win_amd64.pyd

MD5 1b59c87f0871fed4ff2be93c5d9234ab
SHA1 7e5c8827a5b2dec5417800ab0a2001af46ab8924
SHA256 b7151a6ffa3dc7436d09b1e35343801e11f423c6b391f1177254236ec47a3ad7
SHA512 6092628a4c73ca2d29b6f6a0d1ed34627795363c89b2a45bfc75951f8148a288707231575183ef73d4fb24c022883ab3ab30da61c92664295fffd8a36e9200df

C:\Users\Admin\AppData\Local\Temp\_MEI14202\unicodedata.pyd

MD5 d67ac58da9e60e5b7ef3745fdda74f7d
SHA1 092faa0a13f99fd05c63395ee8ee9aa2bb1ca478
SHA256 09e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f
SHA512 9d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_hashlib.pyd

MD5 ad6e31dba413be7e082fab3dbafb3ecc
SHA1 f26886c841d1c61fb0da14e20e57e7202eefbacc
SHA256 2e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4
SHA512 6401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452

C:\Users\Admin\AppData\Local\Temp\_MEI14202\yarl\_quoting_c.cp310-win_amd64.pyd

MD5 7e620bd4ba53daae5df632f2774b9788
SHA1 28ec3b998f376b59483ad4391a0c2df2c634f308
SHA256 84c696ed1b5ba6a3819d73b6f27aee93bca72286b32307fe259e23dfc1cfacec
SHA512 e2d012dd9a7959c0e06340de3728d6e800b56cc0bc8d525c38dd49d9874095d2edc3ae06862d1a21e873c0da0678e8ab3bc95a57777d746f0d6d8b0c6c08c202

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_uuid.pyd

MD5 6cfc03bc247a7b8c3c38f1841319f348
SHA1 c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf
SHA256 b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750
SHA512 bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b

C:\Users\Admin\AppData\Local\Temp\_MEI14202\nacl\_sodium.pyd

MD5 9d1b8bad0e17e63b9d8e441cdc15baee
SHA1 0c5a62135b072d1951a9d6806b9eff7aa9c897a3
SHA256 d733c23c6a4b21625a4ff07f6562ba882bcbdb0f50826269419d8de0574f88cd
SHA512 49e7f6ab825d5047421641ed4618ff6cb2a8d22a8a4ae1bd8f2deefe7987d80c8e0acc72b950d02214f7b41dc4a42df73a7f5742ebc96670d1c5a28c47b97355

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_cffi_backend.cp310-win_amd64.pyd

MD5 282b92ef9ed04c419564fbaee2c5cdbe
SHA1 e19b54d6ab67050c80b36a016b539cbe935568d5
SHA256 5763c1d29903567cde4d46355d3a7380d10143543986ca4eebfca4d22d991e3e
SHA512 3ddebdc28d0add9063ee6d41f14331898f92452a13762b6c4c9aa5a83dde89510176425c11a48591fa05c949cb35218bf421f1974e33eb8133a1b95ea74e4941

C:\Users\Admin\AppData\Local\Temp\_MEI14202\MSVCP140.dll

MD5 6da7f4530edb350cf9d967d969ccecf8
SHA1 3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA256 9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA512 1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

C:\Users\Admin\AppData\Local\Temp\_MEI14202\VCRUNTIME140_1.dll

MD5 37c372da4b1adb96dc995ecb7e68e465
SHA1 6c1b6cb92ff76c40c77f86ea9a917a5f854397e2
SHA256 1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf
SHA512 926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_brotli.cp310-win_amd64.pyd

MD5 6d44fd95c62c6415999ebc01af40574b
SHA1 a5aee5e107d883d1490257c9702913c12b49b22a
SHA256 58bacb135729a70102356c2d110651f1735bf40a602858941e13bdeabfacab4a
SHA512 59b6c07079f979ad4a27ec394eab3fdd2d2d15d106544246fe38f4eb1c9e12672f11d4a8efb5a2a508690ce2677edfac85eb793e2f6a5f8781b258c421119ff3

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_overlapped.pyd

MD5 bf3e86152b52d3f0e73d0767cde63f9f
SHA1 3863c480a2d9a24288d63f83fa2586664ec813a2
SHA256 20c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d
SHA512 8643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235

C:\Users\Admin\AppData\Local\Temp\_MEI14202\_bz2.pyd

MD5 a1fbcfbd82de566a6c99d1a7ab2d8a69
SHA1 3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76
SHA256 0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095
SHA512 55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

C:\Users\Admin\AppData\Local\Temp\_MEI14202\python3.dll

MD5 0812ee5d8abc0072957e9415ba6e62f2
SHA1 ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5
SHA256 84a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec
SHA512 18ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b