Analysis Overview
SHA256
f23fd2d73cb23edfadd7c92456767d8b9310e063d6e2410b40946be4fbe58eb3
Threat Level: Shows suspicious behavior
The file Versatools.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 15:54
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 15:54
Reported
2024-06-04 15:58
Platform
win7-20240221-en
Max time kernel
43s
Max time network
102s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Versatools.exe
"C:\Users\Admin\AppData\Local\Temp\Versatools.exe"
C:\Users\Admin\AppData\Local\Temp\Versatools.exe
"C:\Users\Admin\AppData\Local\Temp\Versatools.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6529758,0x7fef6529768,0x7fef6529778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1440 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3896 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3468 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2732 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3892 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3844 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3968 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2288 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2632 --field-trial-handle=1368,i,13514765542743519454,8625940810412403361,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 172.217.169.3:443 | id.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 172.217.169.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | garry.lol | udp |
| US | 172.67.167.245:443 | garry.lol | tcp |
| US | 172.67.167.245:443 | garry.lol | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 172.67.167.245:443 | garry.lol | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.2.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI21002\ucrtbase.dll
| MD5 | d40325e6c994228a3403f8ba8f24601f |
| SHA1 | 6266b5dc2001ffd75da3588dd7c43027a706589d |
| SHA256 | a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862 |
| SHA512 | 59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI21002\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 92233d5f2057a6c99939e1549c8a63ab |
| SHA1 | 3e9a3b9e362025410d69458727462bb6338198f0 |
| SHA256 | 6fe93c03cb84c7be2e8ef5c12f6c1595861c78edd1e099137f0c0866dc2fa5d0 |
| SHA512 | 9aff968531a3cab229b3b5d216299149bf6ecf03086c5ddbe5a09ed52b62434ceffcf245be6306d7308e478acc5c445e1a6494491c0e8627818ec2472ce052fb |
\Users\Admin\AppData\Local\Temp\_MEI21002\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 7f1ee2e33c903c7ea23dc80a19d6ec3c |
| SHA1 | 5e533f79dd14268c42e426efb1d3c3d29106e47e |
| SHA256 | 2ae12476304e22e7f31c71398fcf0acb626a6b44b37a7f68b6357cd049567d2f |
| SHA512 | 266f0337c1ea2c39b6248c5db9b8f500dca7664c11e72abcf37b3e04b541ec8f7efa84d46980c0bf007cdc8df726703de5bb04bc7c62da4e99d354d7cb4cafaa |
\Users\Admin\AppData\Local\Temp\_MEI21002\api-ms-win-core-file-l1-2-0.dll
| MD5 | e36ac4af8b02564857edaa68e2bbe1c0 |
| SHA1 | b6b379261b5432b019b4182b7be50ae61c1fd06e |
| SHA256 | 4237c0d089329b605d5416dae4005e1c4808a284b51dbaafe07a4b2cc7fcfb00 |
| SHA512 | 61a6b2cd08ee54765d9ec6d2d1ae1b898b40a718eee022c74300a1c640afc7bbb43e7269e3caf42703991507e354566aca6923ea9e32bb513f4a1504feff2e4a |
C:\Users\Admin\AppData\Local\Temp\_MEI21002\python311.dll
| MD5 | 5a5dd7cad8028097842b0afef45bfbcf |
| SHA1 | e247a2e460687c607253949c52ae2801ff35dc4a |
| SHA256 | a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce |
| SHA512 | e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858 |
\Users\Admin\AppData\Local\Temp\_MEI21002\api-ms-win-core-file-l2-1-0.dll
| MD5 | e8bdf021f69a63aa761ee231ace7efbe |
| SHA1 | f1ba959f0c196748c9fd7a81f4b626075fd8afe9 |
| SHA256 | d0d8495562a6c8b7f6d68dcd9dbd096dc5b68a5f337b7fd0b1fea60014c25adb |
| SHA512 | f16dfc423cfa60c11d215db3448b93c7f3b405f96002ba636068f51f2de1971b4ccd8b020fad1b761ab82e8692a80872668d0baf9a560ad012f30ae440d73c81 |
\Users\Admin\AppData\Local\Temp\_MEI21002\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 49100ae18d47b3a944205adb0820ff90 |
| SHA1 | 5ecd49104c4f5c15a4147bfee35c6b9ac1291d0f |
| SHA256 | 53ecaca6e272bb4b283013a76a23004f8fa5bc0340d171b764c2bbd856e26a1f |
| SHA512 | 899a5b3f1b9a93db634507bde71be8157acba6fac4af3d35d08fca598a7cf6dc5c5d16fa122493a0516c13a22466909165ff94ef99ec9f394cbf2f2ced7a82cc |
\??\pipe\crashpad_1788_DNRFAFKYHJVXDGAH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\CabBB55.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBCA4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 533a3d3ebe38e7e7141ab5e41ab61958 |
| SHA1 | 1d7c17c1afcda59897ff4f3521234b5b44197036 |
| SHA256 | 26d76078c84909b1d13e0ad1eb305d691261448d84026d19d2db3f6656795fe3 |
| SHA512 | d45ba00b80746d6791f19c11df1e879c6136012ad86d54fc1695a7860c0b6774e0c4d2a15a71b87ca2d7d690ba6c22debb7d5f643905d3b9564aa9660ea95124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af29491631033a2d8882fdc8ab864c1a |
| SHA1 | e5611eba4e445bce62ad0ead9575096d45cea500 |
| SHA256 | c78b0ace2656ffa9ed4ec207374d2f903b47f0f829712b1df28a4cb365f295ba |
| SHA512 | e46e5f845bd2ef14c1b08d4715670e2a33e4288031e8f1925a233d73992a3c30ee6c432a71e22a2e11928018d9bc0411bbe39017d25ab7c4267d3780b66dc13d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d5891e5fc3fe5df467194c98a9da2bf |
| SHA1 | cdf8e1ff8ba881d882c71716ab37980fe1a5ce6d |
| SHA256 | c0083ca73f266887119c2fe9b2b73e8e848d538eea7688f11ec8e24476314202 |
| SHA512 | 44a6ef4b14b1b5dc89f41dd6541c3d3d8fcd6fd1483c06f91a723c80dc574e18cadfacb0bf5879f4c90b9847e7bb4a7ad55767a48db75fc70112ed257e3c4e21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90989b7b-0813-4910-97d1-b24d40c84216.tmp
| MD5 | 55ed9c0c0021cea46b6682b93d8ddcc2 |
| SHA1 | b8f2edce01d740ccca9579431920561157de9b8d |
| SHA256 | 0e3e4687967055b6a8580e241ec2472ac4bb1b2bb7c3af55b73fa6729b165265 |
| SHA512 | c353eeaec71d9a174e484cf534b641587c596af0b977b289761acb9b2cf770a5963efdd87dcad1c5ddc9a9ee10d10a68268e0817d43c5bbb864b9ed656a8ae0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db0510180e4a848f892bf15326520cba |
| SHA1 | f170195e280dd5d086694c04125ae6aa5fea71cc |
| SHA256 | 7a541732beb014e11f09d053c0cf1891c599376169dfc75d4c90b622f200d5b7 |
| SHA512 | 946b5bb1efa133f7d9b8c15c617b5a7b34f6c25598aff29188455fa3159b834a327080f7ab4d80c15ee1c8f2a768fcf3b1f2ef6f89b51791d184afa94985a2e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03ac12415a8226e1408ec5d51f7046e6 |
| SHA1 | 0b3420bfa485fbbb9e82c8771fe11aef99239a67 |
| SHA256 | c35789b265d01d1d540bf668a067ad6ea47b5ab1a1560ae6e35604ea6eee839d |
| SHA512 | c1774e1efcce5c0936661be6198e32997b49cf17598f4095ed736098e628db96217bbe5c4cac6e40e33d62631d6edc6493f75973ca330506c78c0439d257866c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbf65304c04d2ddfb122032f0c139059 |
| SHA1 | f4968d6dc6c785057d7f6143d2d5954d296400e9 |
| SHA256 | d7aa49384be63d8baa8e12da920cc1da39598403074643909bb83966af58c018 |
| SHA512 | 9518528bcfb1042b348407e6b748cc90980081d35f3d0fb6b0fee637ad846bc6019490f377ad90cb5c0cd91947fa1591a8a1ca528de2285f8add1bbc7809c55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2316b50ae35e84e0da367c75ea82d277 |
| SHA1 | 2aa726d4e39a0d6d4e928d0bd99fe9f8842dc9a5 |
| SHA256 | 8fbafe9e7a4dad094a739c3395fbfb4bb5e75bf816e25ff5bc8b47b7041cf321 |
| SHA512 | 1424cca6a4fd091607295d320f5ea76ee25c53255e79f8e3a6afbe55366355d181e3a82a13354c84a24dc1f7768ab142ba3f03655bc68d4ad329ac629ab58d69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39c0591d178ee6ac3ee7f5fe528fa332 |
| SHA1 | 039c6d942b9ab0e864e3cc3eb90d5d5d5465a730 |
| SHA256 | ee87687d42449ded277445ea9518e141f168e35f490e3eb31317e688acd7b529 |
| SHA512 | c8280ce68719ddef6ba94303d1fad7f84c0cb7cb45b116485202ee4ce21d46f301be05d4dca58eb9784e0ec3c2f0abc879bd5fc84119cd2c7526501acd32e96c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a8bf74cd9fe7e45ea67f927b30b080ca |
| SHA1 | 4799459b9c3138f9dc04e23be69c3898c4c5a85f |
| SHA256 | 561a6e6d6cde71030ddbdc64f1193099ed340f46f760f771408644ed98f57cde |
| SHA512 | 56699e3e26392cbd8ae078ef5e7b1b192664f7fa29bda09b6f6d33bb0ecdad4bd91aa200967d5a3d4813d24a6ba927bd4259551df7ef2d1fcf5d6b6a05e7d93e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f6d288b4e75ac5fc07091a614481333 |
| SHA1 | dc80e2554697fc972f876afd15b9084fb2e9e668 |
| SHA256 | 51759c2c3263bcc32109875e64b87da070c7155956b9df01c6f3a172d38354ac |
| SHA512 | 7f87e277c4f55b5af62afb809c79224f602eb6f360df5e28281c3f369168a4a3e369f5cbf69f4eb4564910aea2c8bb973034983d4de8be1c7a8ed4808cc63ce6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7354181a8bcb94d282a728cad771a49 |
| SHA1 | 5daaef942960585b1e5202ac9824da8bb7ede905 |
| SHA256 | e43da66b7d11d17843085a0367966e630d138ac0413a343c3e4e3be226399c36 |
| SHA512 | 795770f5737830f293ccbea32489653d859b1acff2d02edcc1bbb790100385e84d4e1224f6cc8c9b0df12d0594fb7b5e99476e34bc88797c3954b4cd65f94330 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb14f195f6eb8a10c1ab4a4b682867ae |
| SHA1 | 8684ac22ace3052366eac124a380c60dc2cf9f59 |
| SHA256 | d6bfdb458b3a9f00d1f6e821c25b80841f0d40077259fdb72fce095d8900771c |
| SHA512 | 7292f9ff939ad940463b7e8ce4aeac12871773ce9bdf5fdf35fd92fb266ceb002ba55f3668c8e3d2bd313add427eb2b4e8d1c121f544477c4d40889774d4f4a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7e4d61d29df318ceb1070e658b00ecf |
| SHA1 | 557f9fbb9e05e1761f29654f59d890504ec51c4f |
| SHA256 | 251e2913c6c98f1b4185567561324320bb7dfd749a448a7086a082db2c8c5d00 |
| SHA512 | 8a679ec1d5dc78e723f8c22b5a1ba1db5661f8cfafa6eb88ceda797ed6d51ec28494e0d6bf0b3716d0ab9e219e2218f8368b496969d0e534cc10c4d4ae7adeec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e73b1ea1-a8d4-4295-9f96-bdc3fbd394dc.tmp
| MD5 | 875f3f2308e0ae737534bf8cc91a904d |
| SHA1 | 01c61b92bbb7f6fdcc66a9d2efce171da446351e |
| SHA256 | d4f6baf671b1b27dcc21d6b82cacbce2323d9df2a1b1244ffc880050d9663105 |
| SHA512 | 149c290d9f35be6f6d5693abc299612841e83e4844a1beb14f599a89bf73f4008d39dbf81bb1cbe14d9d86d757656051b8408c18edbe11f34d2cac901105ae76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bc67067273b3ec24917eb5f79065d4a4 |
| SHA1 | c98a33fab206ef343eade034ad65b422ea0a142a |
| SHA256 | b24dd0633afc8177698eaf172cb0f52542e344b59849449a330bee89683620c2 |
| SHA512 | bc13145fce743f267b8035d3697f38baaa15314b23a5f7126b0fe1aa0b76f955148c61c4c77aa411da1f03affa8166c49c6ffd96d3e83e882ae2c76ef61374e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 15:54
Reported
2024-06-04 15:59
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
153s
Command Line
Signatures
Loads dropped DLL
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4432 wrote to memory of 1512 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Users\Admin\AppData\Local\Temp\Versatools.exe |
| PID 4432 wrote to memory of 1512 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Users\Admin\AppData\Local\Temp\Versatools.exe |
| PID 1512 wrote to memory of 4420 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Windows\system32\cmd.exe |
| PID 1512 wrote to memory of 4420 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Windows\system32\cmd.exe |
| PID 1512 wrote to memory of 4528 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Windows\system32\cmd.exe |
| PID 1512 wrote to memory of 4528 | N/A | C:\Users\Admin\AppData\Local\Temp\Versatools.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Versatools.exe
"C:\Users\Admin\AppData\Local\Temp\Versatools.exe"
C:\Users\Admin\AppData\Local\Temp\Versatools.exe
"C:\Users\Admin\AppData\Local\Temp\Versatools.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI44322\ucrtbase.dll
| MD5 | d40325e6c994228a3403f8ba8f24601f |
| SHA1 | 6266b5dc2001ffd75da3588dd7c43027a706589d |
| SHA256 | a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862 |
| SHA512 | 59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\python311.dll
| MD5 | 5a5dd7cad8028097842b0afef45bfbcf |
| SHA1 | e247a2e460687c607253949c52ae2801ff35dc4a |
| SHA256 | a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce |
| SHA512 | e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\base_library.zip
| MD5 | e17ce7183e682de459eec1a5ac9cbbff |
| SHA1 | 722968ca6eb123730ebc30ff2d498f9a5dad4cc1 |
| SHA256 | ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d |
| SHA512 | fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_ctypes.pyd
| MD5 | bd36f7d64660d120c6fb98c8f536d369 |
| SHA1 | 6829c9ce6091cb2b085eb3d5469337ac4782f927 |
| SHA256 | ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902 |
| SHA512 | bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_bz2.pyd
| MD5 | 3859239ced9a45399b967ebce5a6ba23 |
| SHA1 | 6f8ff3df90ac833c1eb69208db462cda8ca3f8d6 |
| SHA256 | a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a |
| SHA512 | 030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_lzma.pyd
| MD5 | e5abc3a72996f8fde0bcf709e6577d9d |
| SHA1 | 15770bdcd06e171f0b868c803b8cf33a8581edd3 |
| SHA256 | 1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb |
| SHA512 | b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\pyexpat.pyd
| MD5 | 9c21a5540fc572f75901820cf97245ec |
| SHA1 | 09296f032a50de7b398018f28ee8086da915aebd |
| SHA256 | 2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045 |
| SHA512 | 4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_socket.pyd
| MD5 | 1eea9568d6fdef29b9963783827f5867 |
| SHA1 | a17760365094966220661ad87e57efe09cd85b84 |
| SHA256 | 74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117 |
| SHA512 | d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\select.pyd
| MD5 | c97a587e19227d03a85e90a04d7937f6 |
| SHA1 | 463703cf1cac4e2297b442654fc6169b70cfb9bf |
| SHA256 | c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf |
| SHA512 | 97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_queue.pyd
| MD5 | f00133f7758627a15f2d98c034cf1657 |
| SHA1 | 2f5f54eda4634052f5be24c560154af6647eee05 |
| SHA256 | 35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659 |
| SHA512 | 1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\pywin32_system32\pythoncom311.dll
| MD5 | f98264f2dacfc8e299391ed1180ab493 |
| SHA1 | 849551b6d9142bf983e816fef4c05e639d2c1018 |
| SHA256 | 0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b |
| SHA512 | 6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\win32\win32api.pyd
| MD5 | 1d6762b494dc9e60ca95f7238ae1fb14 |
| SHA1 | aa0397d96a0ed41b2f03352049dafe040d59ad5d |
| SHA256 | fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664 |
| SHA512 | 0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\tls_client\dependencies\tls-client-64.dll
| MD5 | 6b0b5bb89d4fab802687372d828321b4 |
| SHA1 | a6681bee8702f7abbca891ac64f8c4fb7b35fbb5 |
| SHA256 | ec4f40c5f1ac709313b027c16face4d83e0dafdbc466cff2ff5d029d00600a20 |
| SHA512 | 50c857f4a141ad7db8b6d519277033976bf97c9a7b490186a283403c05cb83b559a596efaf87ca46bc66bdf6b80636f4622324551c9de2c26bebfdbb02209d34 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\libcrypto-1_1.dll
| MD5 | e94733523bcd9a1fb6ac47e10a267287 |
| SHA1 | 94033b405386d04c75ffe6a424b9814b75c608ac |
| SHA256 | f20eb4efd8647b5273fdaafceb8ccb2b8ba5329665878e01986cbfc1e6832c44 |
| SHA512 | 07dd0eb86498497e693da0f9dd08de5b7b09052a2d6754cfbc2aa260e7f56790e6c0a968875f7803cb735609b1e9b9c91a91b84913059c561bffed5ab2cbb29f |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\libssl-1_1.dll
| MD5 | 25bde25d332383d1228b2e66a4cb9f3e |
| SHA1 | cd5b9c3dd6aab470d445e3956708a324e93a9160 |
| SHA256 | c8f7237e7040a73c2bea567acc9cec373aadd48654aaac6122416e160f08ca13 |
| SHA512 | ca2f2139bb456799c9f98ef8d89fd7c09d1972fa5dd8fc01b14b7af00bf8d2c2175fb2c0c41e49a6daf540e67943aad338e33c1556fd6040ef06e0f25bfa88fa |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\unicodedata.pyd
| MD5 | aa13ee6770452af73828b55af5cd1a32 |
| SHA1 | c01ece61c7623e36a834d8b3c660e7f28c91177e |
| SHA256 | 8fbed20e9225ff82132e97b4fefbb5ddbc10c062d9e3f920a6616ab27bb5b0fb |
| SHA512 | b2eeb9a7d4a32e91084fdae302953aac57388a5390f9404d8dfe5c4a8f66ca2ab73253cf5ba4cc55350d8306230dd1114a61e22c23f42fbcc5c0098046e97e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_decimal.pyd
| MD5 | 65b4ab77d6c6231c145d3e20e7073f51 |
| SHA1 | 23d5ce68ed6aa8eaabe3366d2dd04e89d248328e |
| SHA256 | 93eb9d1859edca1c29594491863bf3d72af70b9a4240e0d9dd171f668f4f8614 |
| SHA512 | 28023446e5ac90e9e618673c879ca46f598a62fbb9e69ef925db334ad9cb1544916caf81e2ecdc26b75964dcedba4ad4de1ba2c42fb838d0df504d963fcf17ee |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\PIL\_imaging.cp311-win_amd64.pyd
| MD5 | dc83cb57b9cabcb1e19650e7a82697de |
| SHA1 | f62d681c02c48453ae03733b830c05020f6ba971 |
| SHA256 | f82bd3cf95e02749ff1adff76725e3645e17c2780954bd724ed63ef6827633f5 |
| SHA512 | 54ab930f2309a87e956a7a59a14fb50e16f8d341809e368c0817b9ea54f81b12d96e6975df81b54dfc0ae1372dd7798a1150cf8a62980168727f04d844a50d43 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\simplejson\_speedups.cp311-win_amd64.pyd
| MD5 | c4a494509bf44e06447788b24881c16d |
| SHA1 | e01a29b8e2af102ec2f8c88f9b580f004411f9b3 |
| SHA256 | bc15b60da221f8656cdb201198ab7fa2575ad8d41c357b67b8678f9bbf3961af |
| SHA512 | 2dec6757e4580657fc1a42d1d83fbfa144570508172990d8f2268292542a93ffe498881bd7fdd26ca83b61e5a861a8a1c692c133c599028f23c1878a746f691e |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\win32\win32event.pyd
| MD5 | 8dbff4033a854974ca7a368c89a5e9d6 |
| SHA1 | f856f1e6d574a0397e516442a090d5c400f7b7d3 |
| SHA256 | e800152568bb46f4a0a3417eb749ef45f2e5cc0b33fb9dea55e1a1cd012b54c9 |
| SHA512 | f39174ede2a8c1c03db05c6e408adca8855a9c6a90c9aa039a16ad08c9e65acc21f61bdc18239aadbe7266236fa7d54a1d315056e4a45c422f98e5e84abe6ed4 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_overlapped.pyd
| MD5 | e5aceaf21e82253e300c0b78793887a8 |
| SHA1 | c58f78fbbe8713cb00ccdfeb1d8d7359f58ebfde |
| SHA256 | d950342686c959056ff43c9e5127554760fa20669d97166927dd6aae5494e02a |
| SHA512 | 517c29928d6623cf3b2bcdcd68551070d2894874893c0d115a0172d749b6fe102af6261c0fd1b65664f742fa96abbce2f8111a72e1a3c2f574b58b909205937f |
C:\Users\Admin\AppData\Local\Temp\files\config.json
| MD5 | 8c40f53b5ff573eaec56f527a1b1a6aa |
| SHA1 | ed799b99370a4d803c050cc48343dfe65d38124d |
| SHA256 | a36a289b5365df56cbd7f6f4a38a8d9a547676900b5b68b04353aac7e2186bc0 |
| SHA512 | 2e7403f7d919ca91912838c10ae7806b2a9baa4c6fba92b1b0f82f53226095f245618993c911173c61facafd7ef15bacb37aa6ad37f41ff79775b17ee44147c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_asyncio.pyd
| MD5 | 79f71c92c850b2d0f5e39128a59054f1 |
| SHA1 | a773e62fa5df1373f08feaa1fb8fa1b6d5246252 |
| SHA256 | 0237739399db629fdd94de209f19ac3c8cd74d48bebe40ad8ea6ac7556a51980 |
| SHA512 | 3fdef4c04e7d89d923182e3e48d4f3d866204e878abcaacff657256f054aeafafdd352b5a55ea3864a090d01169ec67b52c7f944e02247592417d78532cc5171 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\psutil\_psutil_windows.pyd
| MD5 | 2c62184e46ecc1641b8e09690f820405 |
| SHA1 | 953db2789d5eeab981558388a727bd4d42364dd6 |
| SHA256 | 43e09408673687a787415912336ac13fcca9a7d7945b73d0c84ac4bb071e9106 |
| SHA512 | 2df440a9bf87345a5a0727cf4ae68592b32324a3a4d4611d047fbca7984a9b8e55487d89e83e80df8e0580c2a1db26db9722dbf18d4b2c8fd2770a55309e573e |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_uuid.pyd
| MD5 | 46e9d7b5d9668c9db5caa48782ca71ba |
| SHA1 | 6bbc83a542053991b57f431dd377940418848131 |
| SHA256 | f6063622c0a0a34468679413d1b18d1f3be67e747696ab972361faed4b8d6735 |
| SHA512 | c5b171ebdb51b1755281c3180b30e88796db8aa96073489613dab96b6959a205846711187266a0ba30782102ce14fbfa4d9f413a2c018494597600482329ebf7 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_ssl.pyd
| MD5 | 208b0108172e59542260934a2e7cfa85 |
| SHA1 | 1d7ffb1b1754b97448eb41e686c0c79194d2ab3a |
| SHA256 | 5160500474ec95d4f3af7e467cc70cb37bec1d12545f0299aab6d69cea106c69 |
| SHA512 | 41abf6deab0f6c048967ca6060c337067f9f8125529925971be86681ec0d3592c72b9cc85dd8bdee5dd3e4e69e3bb629710d2d641078d5618b4f55b8a60cc69d |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\_hashlib.pyd
| MD5 | 4255c44dc64f11f32c961bf275aab3a2 |
| SHA1 | c1631b2821a7e8a1783ecfe9a14db453be54c30a |
| SHA256 | e557873d5ad59fd6bd29d0f801ad0651dbb8d9ac21545defe508089e92a15e29 |
| SHA512 | 7d3a306755a123b246f31994cd812e7922943cdbbc9db5a6e4d3372ea434a635ffd3945b5d2046de669e7983ef2845bd007a441d09cfe05cf346523c12bdad52 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\pywin32_system32\pywintypes311.dll
| MD5 | 90b786dc6795d8ad0870e290349b5b52 |
| SHA1 | 592c54e67cf5d2d884339e7a8d7a21e003e6482f |
| SHA256 | 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a |
| SHA512 | c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72 |
C:\Users\Admin\AppData\Local\Temp\_MEI44322\python3.dll
| MD5 | b711598fc3ed0fe4cf2c7f3e0877979e |
| SHA1 | 299c799e5d697834aa2447d8a313588ab5c5e433 |
| SHA256 | 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a |
| SHA512 | b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84 |
memory/1512-193-0x00007FFA8E030000-0x00007FFA8EFBC000-memory.dmp