Analysis Overview
SHA256
d9b67f8315220dbc2acbac993e05d2e76d84d199f75512fa830815606d89b304
Threat Level: Known bad
The file Surge Services FA Converter.exe was found to be: Known bad.
Malicious Activity Summary
Modifies visiblity of hidden/system files in Explorer
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Detects Pyinstaller
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 21:41
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 21:40
Reported
2024-06-06 21:45
Platform
win10-20240404-en
Max time kernel
77s
Max time network
79s
Command Line
Signatures
Modifies visiblity of hidden/system files in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" | \??\c:\windows\resources\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\users\admin\appdata\local\temp\surge services fa converter.exe | N/A |
| N/A | N/A | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\themes\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
| N/A | N/A | \??\c:\users\admin\appdata\local\temp\surge services fa converter.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\svchost.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" | \??\c:\windows\resources\themes\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" | \??\c:\windows\resources\svchost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" | \??\c:\windows\resources\svchost.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\explorer.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\explorer.exe | \??\c:\windows\resources\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Resources\tjud.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
| File opened for modification | C:\Windows\Resources\Themes\icsys.icn.exe | C:\Users\Admin\AppData\Local\Temp\Surge Services FA Converter.exe | N/A |
| File opened for modification | \??\c:\windows\resources\themes\explorer.exe | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| File opened for modification | \??\c:\windows\resources\spoolsv.exe | \??\c:\windows\resources\themes\explorer.exe | N/A |
| File opened for modification | \??\c:\windows\resources\svchost.exe | \??\c:\windows\resources\spoolsv.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | \??\c:\windows\resources\svchost.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\themes\explorer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Surge Services FA Converter.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Surge Services FA Converter.exe | N/A |
| N/A | N/A | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| N/A | N/A | C:\Windows\Resources\Themes\icsys.icn.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\themes\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\themes\explorer.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\svchost.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\svchost.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
| N/A | N/A | \??\c:\windows\resources\spoolsv.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Surge Services FA Converter.exe
"C:\Users\Admin\AppData\Local\Temp\Surge Services FA Converter.exe"
\??\c:\users\admin\appdata\local\temp\surge services fa converter.exe
"c:\users\admin\appdata\local\temp\surge services fa converter.exe "
C:\Windows\Resources\Themes\icsys.icn.exe
C:\Windows\Resources\Themes\icsys.icn.exe
\??\c:\windows\resources\themes\explorer.exe
c:\windows\resources\themes\explorer.exe
\??\c:\windows\resources\spoolsv.exe
c:\windows\resources\spoolsv.exe SE
\??\c:\users\admin\appdata\local\temp\surge services fa converter.exe
"c:\users\admin\appdata\local\temp\surge services fa converter.exe "
\??\c:\windows\resources\svchost.exe
c:\windows\resources\svchost.exe
\??\c:\windows\resources\spoolsv.exe
c:\windows\resources\spoolsv.exe PR
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Made by sskint and jinx - .gg/cmos
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 5.0.26.104.in-addr.arpa | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
Files
memory/5084-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\surge services fa converter.exe
| MD5 | c2e01daacbc245ba41e9d2a0a8c33960 |
| SHA1 | 9732c397b9c12c087f53433864f108e22ef6b8da |
| SHA256 | c043cecf4babaa47c597b29a90f33f6ac91c5795a1c250af8588319a32258aea |
| SHA512 | 01cff924f3f39f8e8221248359d516739cbf379341e1d28642af8ca3ccc1fa41dd63ef7103bfdf6f07d714771a82425db5cddfcbb4e1164ca1f4340beeedbfc6 |
C:\Windows\Resources\Themes\icsys.icn.exe
| MD5 | 90060d2c4fc536e1a9ed82c4f69cacac |
| SHA1 | c0900773222fc92253c6eb52dda8d393b8b29d88 |
| SHA256 | 06529c3744a91b209d9122060f9e2dee0c7b70fb73a858335d396b9d17c38a81 |
| SHA512 | 20dc80cde5984600b247d55c764662957f4198b5e8bb678f94a22c65b6ad7eda85276db0581d16a1e792c66d50dc748ebeeff1d97ac84b29b3778a3d0fa852fa |
\??\c:\users\admin\appdata\local\temp\surge services fa converter.exe
| MD5 | 096ce25b99b80698932fee3c10609942 |
| SHA1 | f73379dbb8e6cbcdb65234b2f552745209bf6609 |
| SHA256 | 22e7e01371a449ed603dad2654a0f7c26f33bb323dd22e9f8cca12fbb799a1d8 |
| SHA512 | ade1526e771e9a820234fbc9cfaae1a9f30e59b0bdc71c67220e517b3abce619cd18652d5369f7b3de5d819ae0c66a4bea7beb8285558d2df834a45de080b988 |
\??\c:\windows\resources\themes\explorer.exe
| MD5 | eabd61a75c2927bd18bfa389ad1da6b6 |
| SHA1 | 730056f1ed616a8473ef739ff8e1c9e741b50df5 |
| SHA256 | 52631363fe3f1e04a5971a149e6164dd96facd7865162106ba38668fdee89170 |
| SHA512 | b3778ee8c245e5baa0158ba5390e564569552edd6cb8f12e94fe11410b65acfe073e1db1d6b57af5f3161871fff0c8dc99793d43f70697e17add4adb92ad3888 |
memory/4016-47-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Windows\Resources\spoolsv.exe
| MD5 | d0d8d7467af8fd09752e025633fdbf7a |
| SHA1 | 2df7692ddc5f4f125744737feabc1099908b38c5 |
| SHA256 | 2e03c931193d7ba256e9c1044170267e6cbf49dddf0bb7b2d899d3dc5d820d9f |
| SHA512 | 657447fb7ebccb84a0b982d82ba1e5b12eec0f85c72067e01de9130bf117ac589657e9fc9e9974838cf11a4b13b61adbaebd8cf5c5aa42477ebad89a5e116f41 |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\python311.dll
| MD5 | 254a8bd3e2f0adcad38f09b0a594e0bf |
| SHA1 | 8155180c7de1d397479e78287633642a7bcf39b8 |
| SHA256 | e32c25ee561dd82ee48e8f462a3c51b6deb6de86a9c994231ca7aec2d4001163 |
| SHA512 | 912575cfcffc8eb2a03fbaede535298fd49fe76f4ad3f2e57ac2f0be3f7e1dcd70289c105aacb9878472a06ec5536de617712e07b31350e93a8a51faff3b34a8 |
C:\Users\Admin\AppData\Local\Temp\surge services fa converter.exe
| MD5 | d5e27ff37ce1483f000234abc48c5581 |
| SHA1 | c7a0185ae82c5a60cba6afebf30bdf4685f9bde1 |
| SHA256 | 60e356865be2460d0b2c282077e59c6df23024dba601dcce0acbe5d72d101301 |
| SHA512 | ba5b8908af44aacde7da2f1ebfc9b30a05781366bf3df4945e7715a21ea51a7061cff483ee44b65c60048a861a892df871071f69a0efda824509c208ecd20ef0 |
C:\Windows\Resources\svchost.exe
| MD5 | 05efdb3d9b2ac1a7e6f9526ffb7012a0 |
| SHA1 | 1d67275e59a5552eb01a42a0261d65e522568b95 |
| SHA256 | 85fe568578fbff31ffbf6ea4e232eab4bfbc0dc0728255126b0aec0a3d2b5b14 |
| SHA512 | 4ee5a342248de2e81454c343534b0782569cfd0a3caf6c95f7364e320d2f94217b2f098360d42ea7090b62c7ec338d4d6e3a4522aa284431cf1e8a81a2b28195 |
\Users\Admin\AppData\Local\Temp\_MEI45722\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
\Users\Admin\AppData\Local\Temp\_MEI45722\python3.dll
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
\Users\Admin\AppData\Local\Temp\_MEI45722\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
\Users\Admin\AppData\Local\Temp\_MEI45722\_bz2.pyd
| MD5 | 4101128e19134a4733028cfaafc2f3bb |
| SHA1 | 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d |
| SHA256 | 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80 |
| SHA512 | 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\_lzma.pyd
| MD5 | 337b0e65a856568778e25660f77bc80a |
| SHA1 | 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f |
| SHA256 | 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a |
| SHA512 | 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\base_library.zip
| MD5 | 1554eb7b9ac2dfdb7938a9136cda8415 |
| SHA1 | 484c7a604fc93bffe2e2171f6b73bde949d1f491 |
| SHA256 | 53cac6222dce511d34213833488a5babd52b73a61a5c86b842a0b533d5d28bdb |
| SHA512 | 93aea1318935ea29b9765cd0550569132178fe1dd44cdbb2759324b1aa5fc6a018e960e51501bbccb87662398a082f4e460028900a0046e21fd069c640db387c |
\Users\Admin\AppData\Local\Temp\_MEI45722\python311.dll
| MD5 | e0f4c7def1c3a2851aced735ba1afde6 |
| SHA1 | bd48f4e57275ff920e8f8c980298253ab40495f4 |
| SHA256 | 41fae0537d86e240cce55f777350bd32c4e208e0e750a3adae6905d742de05da |
| SHA512 | 8e1166c1e8b3bd39d1374c1771d51738ca6e8b6d8b18e9f87cc58225a513750d2da636a06dbd364354fc8758566fb3d72bb44bcffbe614be14acde0adb48159c |
memory/5084-107-0x0000000000400000-0x000000000041F000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI45722\_uuid.pyd
| MD5 | 9a4957bdc2a783ed4ba681cba2c99c5c |
| SHA1 | f73d33677f5c61deb8a736e8dde14e1924e0b0dc |
| SHA256 | f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44 |
| SHA512 | 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b |
\Users\Admin\AppData\Local\Temp\_MEI45722\_hashlib.pyd
| MD5 | de4d104ea13b70c093b07219d2eff6cb |
| SHA1 | 83daf591c049f977879e5114c5fea9bbbfa0ad7b |
| SHA256 | 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e |
| SHA512 | 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692 |
\Users\Admin\AppData\Local\Temp\_MEI45722\libcrypto-1_1.dll
| MD5 | a94b52441c5188123cc232158070a3c0 |
| SHA1 | 52c51e402146a69335f007186e05d478e5af2adb |
| SHA256 | bfa589ce264d54a4239febb2efb513ebe256529329509ddb6a812d8aae976a3f |
| SHA512 | deeb5358156c1dab802dc0851add31001332f0a8bfdff52bb911e9d38e3406447c5ba3e18e2f19885cecc5bdb86ba2d1fb3f733e332e5372eff858b306379f60 |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\pywin32_system32\pywintypes311.dll
| MD5 | 90b786dc6795d8ad0870e290349b5b52 |
| SHA1 | 592c54e67cf5d2d884339e7a8d7a21e003e6482f |
| SHA256 | 89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a |
| SHA512 | c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72 |
\Users\Admin\AppData\Local\Temp\_MEI45722\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
\Users\Admin\AppData\Local\Temp\_MEI45722\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
\Users\Admin\AppData\Local\Temp\_MEI45722\_ssl.pyd
| MD5 | 069bccc9f31f57616e88c92650589bdd |
| SHA1 | 050fc5ccd92af4fbb3047be40202d062f9958e57 |
| SHA256 | cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32 |
| SHA512 | 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc |
\Users\Admin\AppData\Local\Temp\_MEI45722\_brotli.cp311-win_amd64.pyd
| MD5 | 5eef6175e1ac2d86bf802a521c40923d |
| SHA1 | 7af104821cc5b09ce9be70bcc959aac329d189b0 |
| SHA256 | 4bf82c0775100dfde889c502d08bb3ee1025858733573893bc04505f75fb34d9 |
| SHA512 | 554fe184be245e79d786812e3b2b251f116ba8891b4af8b32ff6226331308878b86b270014917ca8e27e142df07eeb13ac9ae4d59e7a03b2829faf1a23b6a7c9 |
\Users\Admin\AppData\Local\Temp\_MEI45722\_queue.pyd
| MD5 | ff8300999335c939fcce94f2e7f039c0 |
| SHA1 | 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a |
| SHA256 | 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78 |
| SHA512 | f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017 |
\Users\Admin\AppData\Local\Temp\_MEI45722\libssl-1_1.dll
| MD5 | 6075bd65f34a5f46156b302c6c248c72 |
| SHA1 | 054b3970cdfc41f3233b2906a77f15374c2f736f |
| SHA256 | 8efe20ae814ff7b95f28fee56058be7dd63c0381cbf7f50f6ad263e3157458f3 |
| SHA512 | 4bd4442237d7db45bbc54fdcf1093925bb804285200ee1dca66d15e95c806fec765488346b1c5c6351ccfd46ea2d7fde8e8ffeaeba4359197ae7b740e276ee9c |
\Users\Admin\AppData\Local\Temp\_MEI45722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 9ea8098d31adb0f9d928759bdca39819 |
| SHA1 | e309c85c1c8e6ce049eea1f39bee654b9f98d7c5 |
| SHA256 | 3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753 |
| SHA512 | 86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707 |
\Users\Admin\AppData\Local\Temp\_MEI45722\_decimal.pyd
| MD5 | d47e6acf09ead5774d5b471ab3ab96ff |
| SHA1 | 64ce9b5d5f07395935df95d4a0f06760319224a2 |
| SHA256 | d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e |
| SHA512 | 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2 |
\Users\Admin\AppData\Local\Temp\_MEI45722\simplejson\_speedups.cp311-win_amd64.pyd
| MD5 | c4a494509bf44e06447788b24881c16d |
| SHA1 | e01a29b8e2af102ec2f8c88f9b580f004411f9b3 |
| SHA256 | bc15b60da221f8656cdb201198ab7fa2575ad8d41c357b67b8678f9bbf3961af |
| SHA512 | 2dec6757e4580657fc1a42d1d83fbfa144570508172990d8f2268292542a93ffe498881bd7fdd26ca83b61e5a861a8a1c692c133c599028f23c1878a746f691e |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\certifi\cacert.pem
| MD5 | d3e74c9d33719c8ab162baa4ae743b27 |
| SHA1 | ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b |
| SHA256 | 7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92 |
| SHA512 | e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c |
\Users\Admin\AppData\Local\Temp\_MEI45722\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
\Users\Admin\AppData\Local\Temp\_MEI45722\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 723ec2e1404ae1047c3ef860b9840c29 |
| SHA1 | 8fc869b92863fb6d2758019dd01edbef2a9a100a |
| SHA256 | 790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94 |
| SHA512 | 2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878 |
\Users\Admin\AppData\Local\Temp\_MEI45722\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
\Users\Admin\AppData\Local\Temp\_MEI45722\win32\win32security.pyd
| MD5 | 0007e4004ee357b3242e446aad090d27 |
| SHA1 | 4a26e091ca095699e6d7ecc6a6bfbb52e8135059 |
| SHA256 | 10882e7945becf3e8f574b61d0209dd7442efd18ab33e95dceececc34148ab32 |
| SHA512 | 170fa5971f201a18183437fc9e97dcd5b11546909d2e47860a62c10bff513e2509cb4082b728e762f1357145df84dcee1797133225536bd15fc87b2345659858 |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 210def84bb2c35115a2b2ac25e3ffd8f |
| SHA1 | 0376b275c81c25d4df2be4789c875b31f106bd09 |
| SHA256 | 59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf |
| SHA512 | cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\_brotli.cp311-win_amd64.pyd
| MD5 | 2a52af3292622823318a845311fe1318 |
| SHA1 | ea0f12e446bf3b761680fc9911f004a50126bb3b |
| SHA256 | 419d6568aabe5523dac49b7f6847ff75bb14b44eb7511da3a9596ceb55552cd3 |
| SHA512 | 18e4ca2eb8b9d68995a2d5a6d97d44bb1c79e40f1650056fc9beecb95a372b70f7875d276c9fb36df07b40ce2fddfee155ca29f35597f2a7f3c904a8dc31ef76 |
memory/204-106-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI45722\unicodedata.pyd
| MD5 | 79975fc987eaf466e8a0438024d4214a |
| SHA1 | 33bd479e84af238fac0f23c462185ac66a09e381 |
| SHA256 | 887a615aada94e11b4cdfd01d8aaa34192e31bf3b7e7cc16f255721053656227 |
| SHA512 | 9e6d83df6c5494335bd04a943c24f7733aee7d5edffdd32f56c3135d6d736ddb3bb9a12992311272a6b9ee664d8e243f0d8d399fbf34690dbb5041698a86dfb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI45722\libcrypto-1_1.dll
| MD5 | 491880768736420971a42838de422f41 |
| SHA1 | cf4d034ff7594781fb35431b10a4c23a0fe7ea13 |
| SHA256 | 3cdd7473616117b78567607f5114cf8939e2a5a59823afa5bdd7e7dba1aa1f79 |
| SHA512 | 6cfedb0286fbf9d354f3cb19fd4c6f8050384045fe0391d105bd81cbaa5364d7fdbce6dd75595ead0216001a6437016149455abbaa27e44f68d91f327a1fb4c8 |
memory/3716-101-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1892-100-0x0000000000400000-0x000000000041F000-memory.dmp