Malware Analysis Report

2024-11-13 15:29

Sample ID 240606-tbkxysgb51
Target myfirstluagame-worm.exe
SHA256 fd1f253b7e560ca0a80e4645be97f6529eb21080d6b68c7ccb34c0855a99648d
Tags
pyinstaller upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fd1f253b7e560ca0a80e4645be97f6529eb21080d6b68c7ccb34c0855a99648d

Threat Level: Shows suspicious behavior

The file myfirstluagame-worm.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller upx

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 15:53

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 15:52

Reported

2024-06-06 15:56

Platform

win7-20240221-en

Max time kernel

77s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe
PID 2024 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe
PID 2024 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe
PID 1488 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7369758,0x7fef7369768,0x7fef7369778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1712 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:1

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI20242\python312.dll

MD5 fb8bedf8440eb432c9f3587b8114abc0
SHA1 136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256 cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512 b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

memory/2072-1061-0x000007FEF5C10000-0x000007FEF62D5000-memory.dmp

\??\pipe\crashpad_1488_HBYWFUIPBEMYKGAH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 967dd602b12036869c84f2d9493733fa
SHA1 2f33e93b6f38f3b0d5f1ab0bb4cf32cf7f56349c
SHA256 4e45e14f6945dc2ad64bb1dd87d314b5423c8cffa5c8c5b584ac5dcaad3a5822
SHA512 3062673627e222cb651912f12497332a8f8cba529f8129ef05c760d0dee1d5b342184666142236e2cf2cd9d4ff963ec2ec692e5da6e73a4be1e106df9f298fe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14bf5f01b691b7643b6c0290bc50404c
SHA1 61ec2dea571ab5b9b973193f79ceb183edfdcbc0
SHA256 3ed3934a7df5327b66ab38a167b0232a696dcd05e36bf3d6daf898bee0861baf
SHA512 38071095461f6eb6f9a9f31bc89d94020c67321363e055c86316398b3f2adb551c5fefcc42a0a41136559c3c3ffae466da0a2c313d45290e67f90f27cf4bb47c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20480e3cf8d9dbb301293f156adbf116
SHA1 f181dffac98886d88e3ca436d60318953944197e
SHA256 9b5fe343f6228316f4f1bbffecbae71b1da833a069382de807c5f7fd992b82f4
SHA512 5c32118770114f74b8afdecc8f9742ce10c687004eed6f77e8e4208f5af5808313ed2fde36e3aba26490b75cd2e8fa80b62e925cf4a764d7b075a0cff8338c8f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 15:52

Reported

2024-06-06 15:56

Platform

win10v2004-20240508-en

Max time kernel

129s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe

"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
N/A 127.0.0.1:59386 tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
BE 2.17.107.107:443 www.bing.com tcp
US 8.8.8.8:53 107.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 233.143.123.92.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29282\python312.dll

MD5 fb8bedf8440eb432c9f3587b8114abc0
SHA1 136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256 cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512 b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63

C:\Users\Admin\AppData\Local\Temp\_MEI29282\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/4356-1063-0x00007FFA03640000-0x00007FFA03D05000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_ctypes.pyd

MD5 a8cb7698a8282defd6143536ed821ec9
SHA1 3d1b476b9c042d066de16308d99f1633393a497a
SHA256 40d53a382a78b305064a4f4df50543d2227679313030c9edf5ee82af23bf8f4a
SHA512 1445ae7dc7146afbe391e131baff456445d7e96a3618bfef36dc39af978dd305e3a294acd62ee91a050812c321a9ec298085c7ad4eb9b81e2e40e23c5a85f2cc

C:\Users\Admin\AppData\Local\Temp\_MEI29282\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_bz2.pyd

MD5 980eff7e635ad373ecc39885a03fbdc3
SHA1 9a3e9b13b6f32b207b065f5fcf140aecfd11b691
SHA256 b4411706afc8b40a25e638a59fe1789fa87e1ce54109ba7b5bd84c09c86804e1
SHA512 241f9d3e25e219c7b9d12784ab525ab5ded58ca623bc950027b271c8dfb7c19e13536f0caf937702f767413a6d775bed41b06902b778e4bad2946917e16ad4ef

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_lzma.pyd

MD5 05adb189d4cfdcacb799178081d8ebcb
SHA1 657382ad2c02b42499e399bfb7be4706343cecab
SHA256 87b7bae6b4f22d7d161aefae54bc523d9c976ea2aef17ee9c3cf8fe958487618
SHA512 13fc9204d6f16a6b815addf95c31ea5c543bf8608bfcc5d222c7075dd789551a202ae442fddc92ea5919ecf58ba91383a0f499182b330b98b240152e3aa868c5

memory/4356-1078-0x00007FFA18320000-0x00007FFA1833A000-memory.dmp

memory/4356-1079-0x00007FFA12BF0000-0x00007FFA12C1D000-memory.dmp

memory/4356-1074-0x00007FFA1B9D0000-0x00007FFA1B9DF000-memory.dmp

memory/4356-1073-0x00007FFA12C20000-0x00007FFA12C45000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29282\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_wmi.pyd

MD5 db08907bdaee97a5e6e7c710fa7c8c89
SHA1 770dac1472d1680b7cddc65c3e1c95e7231135a6
SHA256 87c83cf09611d382d3886e396819258be29ee5bbcb15924ee9d7611b9aebb24e
SHA512 502a283beef61985b9365731e60a9170672abfb96c925e5d79067233a70498d15af8af2125e8ebfbea3043fed3732ddff46d79ff22182333d5d2c7017653e1a4

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_tkinter.pyd

MD5 45110d54d0eada5ec11e9b2e39ecb3bb
SHA1 9962f19921b1838a542a9c43ddb909da1595581b
SHA256 288bb124bb036e0b79d309fa64743d0bda54ec33ccb365867f92ee1a2629477b
SHA512 5d53e25a7a4545e19058b751be84d6520fba45918934bc9de7b1fc94d6056b0f0022a0da12a054052909d730918f9f408ad6adb32564a4243a39483c8165ccf5

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_ssl.pyd

MD5 615bfc3800cf4080bc6d52ac091ec925
SHA1 5b661997ed1f0a6ea22640b11af71e0655522a10
SHA256 1819dd90e26aa49eb40119b6442e0e60ec95d3025e9c863778dcc6295a2b561f
SHA512 1198426b560044c7f58b1a366a9f8afcde1b6e45647f9ae9c451fb121708aa4371673815be1d35ad1015029c7c1c6ea4755eb3701dbf6f3f65078a18a1daeacb

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_sqlite3.pyd

MD5 3d85e2aa598468d9449689a89816395e
SHA1 e6d01b535c8fc43337f3c56bfc0678a64cf89151
SHA256 6f0c212cb7863099a7ce566a5cf83880d91e38a164dd7f9d05d83cce80fa1083
SHA512 a9a527fc1fcce3ffe95e9e6f4991b1a7156a5ca35181100ea2a25b42838b91e39dd9f06f0efedb2453aa87f90e134467a7662dbbe22c6771f1204d82cc6cea82

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_socket.pyd

MD5 f8d03997e7efcdd28a351b6f35b429a2
SHA1 1a7ae96f258547a14f6e8c0defe127a4e445206d
SHA256 aef190652d8466c0455311f320248764acbff6109d1238a26f8983ce86483bf1
SHA512 40c9bce421c7733df37558f48b8a95831cc3cf3e2c2cdf40477b733b14bd0a8a0202bc8bc95f39fcd2f76d21deac21ad1a4d0f6218b8f8d57290968163effef8

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_queue.pyd

MD5 fc796fcde996f78225a4ec1bed603606
SHA1 5389f530aaf4bd0d4fce981f57f68a67fe921ee1
SHA256 c7c598121b1d82eb710425c0dc1fc0598545a61ffb1dd41931bb9368fb350b93
SHA512 4d40e5a4ab266646bedacf4fde9674a14795dcfb72aae70a1c4c749f7a9a4f6e302a00753fe0446c1d7cc90caee2d37611d398fdc4c68e48c8bc3637dfd57c15

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_overlapped.pyd

MD5 6b2f62d1ab91d4d0abf0f10218cf1ca7
SHA1 d9797eaff4bea253d66339614a9fbaea8400bc74
SHA256 afbe7f4c19a7db42dc45f9f5591602c119fe5064de6607f33ba678f07626426d
SHA512 653a976c885b08a598dee727a2672aabc514d4095879c1b564354acf938197d8d49645f7b9e241b21610a5abf3bbd9d3805c64a158bf7c26f4a13e6be806fd5a

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_multiprocessing.pyd

MD5 1359d06d86e1694c74076b81d265782b
SHA1 9cb55b82f4c2a407357ea0e5e48020a22ad4bf03
SHA256 81acc28672d3d46bdd7113efb2a13ceedbe0009fab5600117db4cad1648f69a9
SHA512 173bb999e680062692c99eaa1743361d65c5cdf7f88380d512717bab9d716b0c8b339bc59fce220336242b75aa70b5521560cb4d1fa857176624d6a73d07e17d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_hashlib.pyd

MD5 89f3c173f4ca120d643aab73980ade66
SHA1 e4038384b64985a978a6e53142324a7498285ec4
SHA256 95b1f5eff9d29eb6e7c6ed817a12ca33b67c76acea3cb4f677ec1e6812b28b67
SHA512 76e737552be1ce21b92fa291777eac2667f2cfc61ae5eb62d133c89b769a8d4ef8082384b5c819404b89a698fcc1491c62493cf8ff0dcc65e01f96b6f7b5e14f

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_decimal.pyd

MD5 ccfad3c08b9887e6cea26ddca2b90b73
SHA1 0e0fb641b386d57f87e69457faf22da259556a0d
SHA256 bad3948151d79b16776db9a4a054033a6f2865cb065f53a623434c6b5c9f4aad
SHA512 3af88779db58dcae4474c313b7d55f181f0678c24c16240e3b03721b18b66bdfb4e18d73a3cef0c954d0b8e671cf667fc5e91b5f1027de489a7039b39542b8ca

C:\Users\Admin\AppData\Local\Temp\_MEI29282\_asyncio.pyd

MD5 47d2494ad68c102fd17022963dd85a03
SHA1 cebf8dbbd9df32c8f7807cef3bebf2d8d336ac78
SHA256 91564632078b61f99ba037122e5def178a0b8807f2ef29e039290e60935ee7dc
SHA512 1461d1c7b58239c23d294359c5200a0dda0ad3965e41c2e9bd6dc8e879469e7cadb752e4d0c6cce58d8a0dd4f105a33bc0baf4f03738aacf442dac2a02f2ce57

C:\Users\Admin\AppData\Local\Temp\_MEI29282\zlib1.dll

MD5 a35d7eeae683a35acb99e72e01cf132f
SHA1 cc37f1e0641f6afc821ef45a65986422eb853366
SHA256 c84547746f4c328daa9637414bbb252ec7124005d0cb7d4a8c62779cf641271c
SHA512 dd7996756a3aed62251f90cd0ae95feafa7bc1cfe7c51e7e2e09bfd30bf0bbb2775fe397a1963f63aed7ad49957b4dd75faed022c6ec4ed9576822f650612f2c

C:\Users\Admin\AppData\Local\Temp\_MEI29282\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI29282\unicodedata.pyd

MD5 27b3af74ddaf9bca239bf2503bf7e45b
SHA1 80a09257f9a4212e2765d492366ed1e60d409e04
SHA256 584c2ecea23dfc72ab793b3fd1059b3ea6fdf885291a3c7a166157cf0e6491c4
SHA512 329c3a9159ea2fdce5e7a28070bcf9d6d67eca0b27c4564e5250e7a407c8b551b68a034bfde9d8d688fa5a1ae6e29e132497b3a630796a97b464762ca0d81bb7

C:\Users\Admin\AppData\Local\Temp\_MEI29282\tk86t.dll

MD5 819a3d6ef6c445a7b01ec6581a853a57
SHA1 f02b0ce4753078da28db5a88a7cd16a716c7980b
SHA256 f4051212fa1a9987cb4fbf4702a4aff0f9dc7eee6b12db6ef95274945b84de43
SHA512 cb62443d2ba3be482cdfcdd861a841bd613e66a1599886d45521a2466b4d153da7bd953826a32717b5549f380540971bb4b2cdeb3f77897a7087498389747ef9

C:\Users\Admin\AppData\Local\Temp\_MEI29282\tcl86t.dll

MD5 9f5f85ae51c17a8c6ce1785e77649535
SHA1 4266b23f3f149ed971564e05a45f0f0b9bb1a60f
SHA256 5ed152863312b3dc3ec3aa8efa875302fc8c1d063e50140dccf8020d0917de48
SHA512 943c16e76a7c6fcdd48a9df501ab1108b7df94093bc44979310cfeaf7bc8f614e4dd64831aafb61a8c6b9c3974132968397bbc63243956ef313715c9b0175928

C:\Users\Admin\AppData\Local\Temp\_MEI29282\sqlite3.dll

MD5 482b3f8adf64f96ad4c81ae3e7c0fb35
SHA1 91891d0eabb33211970608f07850720bd8c44734
SHA256 1fbdb4020352e18748434ef6f86b7346f48d6fb9a72c853be7b05e0e53ebbb03
SHA512 5de56e00ab6f48ffc836471421d4e360d913a78ee8e071896a2cd951ff20f7a4123abd98adf003ce166dcc82aad248ebf8b63e55e14eceec8aa9a030067c0d1d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\select.pyd

MD5 08b4caeaccb6f6d27250e6a268c723be
SHA1 575c11f72c8d0a025c307cb12efa5cb06705561d
SHA256 bd853435608486555091146ab34b71a9247f4aaa9f7ecfbc3b728a3e3efde436
SHA512 9b525395dec028ef3286c75b88f768e5d40195d4d5adab0775c64b623345d81da1566596cc61a460681bc0adba9727afc96c98ad2e54ff371919f3db6d369b0c

C:\Users\Admin\AppData\Local\Temp\_MEI29282\SDL2_ttf.dll

MD5 9f5ece4e13e42058fa5ea65215c41c5d
SHA1 eddcecb4f10f2bb9b61c57b88fb6bd1b1d560a07
SHA256 f5f2690285fc087376ff03edb8849ab5f24c6e9d60ae3661013bea621786582b
SHA512 09cf0927b7cdb84f9ddec465ba10874af6160f947e58e9ff9ead2aa6d10e7d164dd8c5e2df6314f0dd8a84d0b104b48dbac8cc96522f749d54041b3e8ec03400

C:\Users\Admin\AppData\Local\Temp\_MEI29282\SDL2_mixer.dll

MD5 1230b474eca2c4cefb13cf0aaa2fc5d0
SHA1 e23f9cf8cb7dd47e92a02f7508922f01d4d1364b
SHA256 6879a16d963159cb0666e654ea4d5e9a92abffd96cfc6fffe6b39ae81b4ffca3
SHA512 2520fdfbd1370bb9683c29fe1722f771e3d4c7df635987371190be5445237f9e96ae506bbeb79035f6f483ac116995b56bb1e9fc35b6f6a6d49bb940dbf72ead

C:\Users\Admin\AppData\Local\Temp\_MEI29282\SDL2_image.dll

MD5 7174d7a8eec42d7700c5f4adfff39b57
SHA1 b850f0814e77a67f0414a85aae88c9534ca857e5
SHA256 155eab85fe565f6dd1ecb29d6496425539c994bc0d14b52cabd850df5927f9bf
SHA512 9a79cc9661cdab7efeb096f1eb121807ba937b444546d46a321613f6d2792ebf09cc62ff067ece7cb0458b988d6081feadd33e93a52c24faac53dc1539bf32c9

C:\Users\Admin\AppData\Local\Temp\_MEI29282\SDL2.dll

MD5 9684069bb2b8892408ccb50d66abbeda
SHA1 7df5e8f28481c4e7aef128e017a53a36b86c3b7b
SHA256 123c8a0d647e5b866545f8e1cc4cfba5fdadf8c1a247692050355a609d81996b
SHA512 fbe493326da9b582c9c4fa1b16ba02e5befcf5787324116656e108527894f692c3fc21493419a419833ab37a5fa5fb5e38e2c04a8cbdbc3c8afeba08df390697

C:\Users\Admin\AppData\Local\Temp\_MEI29282\pyexpat.pyd

MD5 a8fa7e9e05798ee799f6cc56a3fcf4ad
SHA1 7e1a36eba8eded63f2e409c00b0dcdf47dc9346c
SHA256 0221731a4b1bea7946061321d27d4a2b0b96d7acf0a54ecbacdf11aabecb4268
SHA512 6ea88387d89969f1746c0fe317d8ac3f55c28378fdcc08fcff05e9ddf57e1b034a6a371c0febb7858a0aed74a334b7b8de7d7f08882c650990b2779f946fa799

C:\Users\Admin\AppData\Local\Temp\_MEI29282\portmidi.dll

MD5 1b443fe9c75d57eedcf5fd67493573e2
SHA1 27504e51f5f19d3d73ed2a0ba473dc5cda787679
SHA256 96b2ba3d433b0e0a0ce72c72725e033ca35b570225b55b38fb7d71c716418ee3
SHA512 02f0ee765490d999ac621f54411b039ef42dddeba17d2edbb9970db20e481d29aed4d607d8330a7c5cd7133b214f13dcb427e89903f9baaef20ffc4a431bb0c4

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libwebp-7.dll

MD5 4276d3cb447a08644a2c1d3b7afb9fdf
SHA1 d63f34d0b4e8eb660a92a3843b695eda16294b80
SHA256 cc3831ce9ff18f5ebfde8b20d1ee237e2336e4d9ca6405392ac5ec9c8c948174
SHA512 d3a539176243e31a15877b0a6c40c295036ccac5c3ac13cd7b74a340c4183a661a630bbe6b5b0c0ff54b4b27fc72bc154883c7ba5167cb4baeb4b0a528f514bc

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libtiff-5.dll

MD5 f374796886d56c6c552f3a92a81c3338
SHA1 d61f0297386e9925a6ac0c6469ba40b86d3c98cd
SHA256 e2c5b370bcade6a167dba5dc9bb33107d4ed2612e7e8af8d1035be72f35f90d7
SHA512 b59cd888b41c67bf139c2c78d7968a33c84e9127752b9fa276b7b3b461a01cd71dc72936e51a334ddad7fa8e67dd4c250a3495ce544aa156efacb77e7f1dce9f

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libssl-3.dll

MD5 264be59ff04e5dcd1d020f16aab3c8cb
SHA1 2d7e186c688b34fdb4c85a3fce0beff39b15d50e
SHA256 358b59da9580e7102adfc1be9400acea18bc49474db26f2f8bacb4b8839ce49d
SHA512 9abb96549724affb2e69e5cb2c834ecea3f882f2f7392f2f8811b8b0db57c5340ab21be60f1798c7ab05f93692eb0aeab077caf7e9b7bb278ad374ff3c52d248

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libpng16-16.dll

MD5 8f3bf615136b7241204419fb24c8d5ad
SHA1 d107f0b405c566974c37be20e1abbd365ccbb750
SHA256 a9c4d2443d6de90091eff8a5adfd7a3c207b0c7aefb913b855320866e93f8039
SHA512 a2ced7974c086291e69dce39f841335c771088aecbbc52b049d7af51c81342bd1e8bd0d8c78e62529e2041d15d8f5317e5a41727e299c2d827027bcbb0382aa1

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libopusfile-0.dll

MD5 a729c1b14d695b00ae79472d3fe45339
SHA1 20cd334187fc7297138f014303e5c82b5f918c80
SHA256 57bb8b7dec2bd35ff1031f12c4ba3aa3cb2e8de2445e21ea29ffa3ad13e7be3a
SHA512 1da8060b1767bdf811b005e4a476c18f1c2f93186334aa40ca59937cec7aed37267c45a3b5aaeb8fa13d9b0639959d128d957e6d08fcb9787926df850e42fc22

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libopus-0.dll

MD5 3c2e93c3d2b292a0f489449209f8e099
SHA1 751f18a79c6da4e7162439cef4d481189d17a242
SHA256 b6b32593c0bcecea7b31a900086870bbab039f25b29067170ac461cf2479dea5
SHA512 a0ec68d2a1c650720b4e3e437a5841e8d04d165fc920ce26a41cc20d6ddf4c761b05bbf3426e241c2ee13a9fbe146fc889aa45df70397600b2d962bdaa1bedbb

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libogg-0.dll

MD5 6ffebd7d283079e9029c7f29d8ca7fba
SHA1 b470b09c8aa2f3e42bcff8392d95b6259cb87555
SHA256 0d9a915ea29ed4da271f86dbcfa90b52064a26b5136af590b2bb430d5dd6a67e
SHA512 2b9a9b5f298eefccf0a08af52d7c2c803db19ab9f3cedad2bb19df50466527c05e31f956b6018c9a337565448249465eba8952e9e8397b728b7f76e4f0561c68

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libmodplug-1.dll

MD5 072093b2671589d4ce465de2b92ebee4
SHA1 821d9827286271859640984df28e01b4a37341fb
SHA256 04d07b4dcae8d3998156d563df20881ba790c32389aca23ade91de9cf9f4a3d4
SHA512 522d5faa8d17017f1891374a23d6e653cd62b51818734bf1f7343248d09e1e314ae49821595818fe69af62c9e51debca4ae384e421ad8fa658aced95f977379e

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libjpeg-9.dll

MD5 6e67e46f957f50215b7e68c9091db53f
SHA1 e969fa4858351c95c337352dd0578fe5a83403f0
SHA256 24b25fe9ebe303496973c4d11144b053a5f5a03eabf53f9d8eab0c15fdbfbffe
SHA512 86af5560269ef21490f5343ea3e0522f35e271d42e64f61a2f05471302856de79d34bf00658e1667d7145af48667627fa3897bca2fc479928ab9a62ecba81396

C:\Users\Admin\AppData\Local\Temp\_MEI29282\libcrypto-3.dll

MD5 7f1b899d2015164ab951d04ebb91e9ac
SHA1 1223986c8a1cbb57ef1725175986e15018cc9eab
SHA256 41201d2f29cf3bc16bf32c8cecf3b89e82fec3e5572eb38a578ae0fb0c5a2986
SHA512 ca227b6f998cacca3eb6a8f18d63f8f18633ab4b8464fb8b47caa010687a64516181ad0701c794d6bfe3f153662ea94779b4f70a5a5a94bb3066d8a011b4310d

C:\Users\Admin\AppData\Local\Temp\_MEI29282\freetype.dll

MD5 522257e451efcc3bfe980f56d3fed113
SHA1 f5e12321517f523842943ea7f3ba74d449dba1f4
SHA256 8c74376e7932eebcd084191b40774056b32525ba48e375d942754cdc4fc03c60
SHA512 d590cd813281278be4aec86af3713216dd306399b4910221a2447a3200accbca1b5f8d9495bf21f69ff8e09e5465a71c715a85ce0d87cdc26cbf27b0fae2cc4c

memory/4356-1117-0x00007FFA17660000-0x00007FFA17679000-memory.dmp

memory/4356-1119-0x00007FFA18E60000-0x00007FFA18E6D000-memory.dmp

memory/4356-1122-0x00007FFA17540000-0x00007FFA1754D000-memory.dmp

memory/4356-1124-0x00007FFA12BB0000-0x00007FFA12BE5000-memory.dmp

memory/4356-1126-0x00007FFA16EC0000-0x00007FFA16ECD000-memory.dmp

memory/4356-1128-0x00007FFA13850000-0x00007FFA13864000-memory.dmp

memory/4356-1130-0x00007FFA03110000-0x00007FFA03639000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29282\cv2\__init__.py

MD5 6f043aff1edd20d3c9d6398f936fbf58
SHA1 7149d2d20e1eb8c10c5d2bdb8eda23551fc82650
SHA256 957a91bfd98ffb07a10cd789b7c5c46806568476b61e34c7ad56a00092b981a5
SHA512 7358dba479899dbc3afb955903820d2a7a54b9c398bf5d4565c8dc044241821edd621d7416862af396db4216373b1e8aac00eb78046fcc3cc2396aa02cd6947b

C:\Users\Admin\AppData\Local\Temp\_MEI29282\numpy\core\_multiarray_umath.cp312-win_amd64.pyd

MD5 37e53b4a39673d0a4d828507e64f0415
SHA1 a1b91a60692e352cce0c7f3d348c5a3b02445553
SHA256 a75ab6bac2a74d8f1c6e81c6a50e600d19680deec06a84730ff3febb78a55ec9
SHA512 90f7d07d09e82a424addb1bf7b07fc5b60141f8733cb366c611d0d3701185b3f28aa69274f659e87a212ea18b4e863caa383f35676b8c90a05737b4bb0c9aaa8

memory/4356-1137-0x00007FFA11F40000-0x00007FFA1200D000-memory.dmp

memory/4356-1136-0x00007FFA12A70000-0x00007FFA12AA3000-memory.dmp

memory/4356-1135-0x00007FFA03640000-0x00007FFA03D05000-memory.dmp

memory/4356-1138-0x00007FFA00D30000-0x00007FFA02E23000-memory.dmp

memory/4356-1139-0x00007FFA02E30000-0x00007FFA03110000-memory.dmp

memory/4356-1142-0x00007FFA12A40000-0x00007FFA12A61000-memory.dmp

memory/4356-1141-0x00007FFA17660000-0x00007FFA17679000-memory.dmp

memory/4356-1140-0x00007FFA12B90000-0x00007FFA12BA7000-memory.dmp

memory/4356-1143-0x00007FFA12A10000-0x00007FFA12A32000-memory.dmp

memory/4356-1144-0x00007FFA00C90000-0x00007FFA00D29000-memory.dmp

memory/4356-1145-0x00007FFA12BB0000-0x00007FFA12BE5000-memory.dmp

memory/4356-1148-0x00007FFA09A10000-0x00007FFA09A51000-memory.dmp

memory/4356-1147-0x00007FFA0A0E0000-0x00007FFA0A111000-memory.dmp

memory/4356-1146-0x00007FFA11E60000-0x00007FFA11E90000-memory.dmp

memory/4356-1149-0x00007FFA12680000-0x00007FFA1269A000-memory.dmp

memory/4356-1151-0x00007FFA11E40000-0x00007FFA11E59000-memory.dmp

memory/4356-1150-0x00007FFA13850000-0x00007FFA13864000-memory.dmp

memory/4356-1152-0x00007FFA03110000-0x00007FFA03639000-memory.dmp

memory/4356-1153-0x00007FFA00D30000-0x00007FFA02E23000-memory.dmp

memory/4356-1156-0x00007FFA00BD0000-0x00007FFA00C82000-memory.dmp

memory/4356-1155-0x00007FFA0A0C0000-0x00007FFA0A0D4000-memory.dmp

memory/4356-1154-0x00007FFA10C40000-0x00007FFA10C5C000-memory.dmp

memory/4356-1157-0x00007FFA02E30000-0x00007FFA03110000-memory.dmp

memory/4356-1169-0x00007FFA03110000-0x00007FFA03639000-memory.dmp

memory/4356-1170-0x00007FFA12A70000-0x00007FFA12AA3000-memory.dmp

memory/4356-1167-0x00007FFA16EC0000-0x00007FFA16ECD000-memory.dmp

memory/4356-1159-0x00007FFA12C20000-0x00007FFA12C45000-memory.dmp

memory/4356-1171-0x00007FFA11F40000-0x00007FFA1200D000-memory.dmp

memory/4356-1182-0x00007FFA11E40000-0x00007FFA11E59000-memory.dmp

memory/4356-1181-0x00007FFA12680000-0x00007FFA1269A000-memory.dmp

memory/4356-1178-0x00007FFA11E60000-0x00007FFA11E90000-memory.dmp

memory/4356-1177-0x00007FFA00C90000-0x00007FFA00D29000-memory.dmp

memory/4356-1190-0x00007FF9FFD60000-0x00007FF9FFD71000-memory.dmp

memory/4356-1188-0x00007FF9FFDD0000-0x00007FF9FFDE9000-memory.dmp

memory/4356-1187-0x00007FFA00B20000-0x00007FFA00B37000-memory.dmp

memory/4356-1189-0x00007FF9FFD80000-0x00007FF9FFDCC000-memory.dmp

memory/4356-1165-0x00007FFA17540000-0x00007FFA1754D000-memory.dmp

memory/4356-1158-0x00007FFA03640000-0x00007FFA03D05000-memory.dmp

memory/4356-1186-0x00007FF9EF640000-0x00007FF9F3E9E000-memory.dmp

memory/4356-1370-0x00007FFA11E40000-0x00007FFA11E59000-memory.dmp

memory/4356-1369-0x00007FFA11F40000-0x00007FFA1200D000-memory.dmp

memory/4356-1372-0x00007FFA12B90000-0x00007FFA12BA7000-memory.dmp

memory/4356-1379-0x00007FFA12680000-0x00007FFA1269A000-memory.dmp

memory/4356-1378-0x00007FFA09A10000-0x00007FFA09A51000-memory.dmp

memory/4356-1377-0x00007FFA0A0E0000-0x00007FFA0A111000-memory.dmp

memory/4356-1383-0x00007FFA00BD0000-0x00007FFA00C82000-memory.dmp

memory/4356-1382-0x00007FFA0A0C0000-0x00007FFA0A0D4000-memory.dmp

memory/4356-1381-0x00007FFA10C40000-0x00007FFA10C5C000-memory.dmp

memory/4356-1380-0x00007FFA00D30000-0x00007FFA02E23000-memory.dmp

memory/4356-1376-0x00007FFA11E60000-0x00007FFA11E90000-memory.dmp

memory/4356-1375-0x00007FFA00C90000-0x00007FFA00D29000-memory.dmp

memory/4356-1374-0x00007FFA12A10000-0x00007FFA12A32000-memory.dmp

memory/4356-1373-0x00007FFA03110000-0x00007FFA03639000-memory.dmp

memory/4356-1368-0x00007FFA12A70000-0x00007FFA12AA3000-memory.dmp

memory/4356-1367-0x00007FFA12A40000-0x00007FFA12A61000-memory.dmp

memory/4356-1366-0x00007FFA13850000-0x00007FFA13864000-memory.dmp

memory/4356-1365-0x00007FFA16EC0000-0x00007FFA16ECD000-memory.dmp

memory/4356-1364-0x00007FFA12BB0000-0x00007FFA12BE5000-memory.dmp

memory/4356-1363-0x00007FFA17540000-0x00007FFA1754D000-memory.dmp

memory/4356-1362-0x00007FFA18E60000-0x00007FFA18E6D000-memory.dmp

memory/4356-1361-0x00007FFA17660000-0x00007FFA17679000-memory.dmp

memory/4356-1360-0x00007FFA12BF0000-0x00007FFA12C1D000-memory.dmp

memory/4356-1359-0x00007FFA18320000-0x00007FFA1833A000-memory.dmp

memory/4356-1358-0x00007FFA1B9D0000-0x00007FFA1B9DF000-memory.dmp

memory/4356-1357-0x00007FFA12C20000-0x00007FFA12C45000-memory.dmp

memory/4356-1356-0x00007FFA02E30000-0x00007FFA03110000-memory.dmp

memory/4356-1371-0x00007FFA03640000-0x00007FFA03D05000-memory.dmp