Analysis Overview
SHA256
a0135afc132a7f95cb5ebf4fe806806689338c50572ec36941b88b2dab5be2a7
Threat Level: Shows suspicious behavior
The file boblox.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Event Triggered Execution: Netsh Helper DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Detects videocard installed
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 12:42
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 12:42
Reported
2024-06-18 12:45
Platform
win10v2004-20240508-en
Max time kernel
90s
Max time network
113s
Command Line
Signatures
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\boblox.exe
"C:\Users\Admin\AppData\Local\Temp\boblox.exe"
C:\Users\Admin\AppData\Local\Temp\boblox.exe
"C:\Users\Admin\AppData\Local\Temp\boblox.exe"
C:\Windows\SYSTEM32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\System32\Wbem\wmic.exe
wmic cpu get Name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
C:\Windows\System32\Wbem\WMIC.exe
wmic path softwarelicensingservice get OA3xOriginalProductKey
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI20402\python312.dll
| MD5 | 8f165bfadf970edafd59067ad45a3952 |
| SHA1 | 16c1876f2233087156b49db35d4d935c6e17be6a |
| SHA256 | 22470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d |
| SHA512 | b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
memory/2044-714-0x00007FFF90DE0000-0x00007FFF914A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\python3.DLL
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\base_library.zip
| MD5 | 43935f81d0c08e8ab1dfe88d65af86d8 |
| SHA1 | abb6eae98264ee4209b81996c956a010ecf9159b |
| SHA256 | c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0 |
| SHA512 | 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_ctypes.pyd
| MD5 | fc609234e81821c069d54a7c8d4a7e05 |
| SHA1 | 9aef96aa0276feb2df28ce0abf4ec1f2f766d011 |
| SHA256 | 506cdca8f4cc4754a78edac3be230a5ec7ca4a0d61ef08fe0accab4080b2c69e |
| SHA512 | bea687c1a9ed32db6c99be1c8689ac9e498f0ffce74c0c66c6c7653d58b6ee90e50df66c8a48b49854d47142fa9a930047f4828651193f7a500ae7fbc1882d2e |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\libffi-8.dll
| MD5 | be8ceb4f7cb0782322f0eb52bc217797 |
| SHA1 | 280a7cc8d297697f7f818e4274a7edd3b53f1e4d |
| SHA256 | 7d08df2c496c32281bf9a010b62e8898b9743db8b95a7ebee12d746c2e95d676 |
| SHA512 | 07318c71c3137114e0cfec7d8b4815fd6efa51ce70b377121f26dc469cefe041d5098e1c92af8ed0c53b21e9c845fddee4d6646d5bd8395a3f1370ba56a59571 |
memory/2044-724-0x00007FFFA2050000-0x00007FFFA205F000-memory.dmp
memory/2044-723-0x00007FFFA10A0000-0x00007FFFA10C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_bz2.pyd
| MD5 | ab542da47a7745a2f588ca78d41734e0 |
| SHA1 | d8f1601548510333e35199e3b6bb4eaf994ca9ae |
| SHA256 | 4aba601dd528a85dad5975daf6aa394002c8a38582e4abb05a89684f52130084 |
| SHA512 | d80228ae846c562e08b08b92796e871e546760cd8ed92cbbe526675947ea2a5524ff4a93210e820c9f646912db24ff112ed2a354fc018a53a5161934c7fbd0f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_lzma.pyd
| MD5 | ed15089e3c0c1b2ab5b73354abf0087b |
| SHA1 | f51ade203d249e27ebf9ae2159220fabdb8726c0 |
| SHA256 | 02fe60ad99452d53294514e8c6b8d95d79cc013742e3a4cd74b36601fc3fb09b |
| SHA512 | a9f869b2988057c37d14ee56495ecbf2ec688517203a7e2d1bc1488f4d37c6e3d3fb6fb439442c86679a9cebbbd5b2e7b11d42f64bdbce7212b6411cd27073ac |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_wmi.pyd
| MD5 | 54ba74f0c557b0c0463c08b5d2439379 |
| SHA1 | 8aa3f3f50501962f4a64ead15b24b6a77b06c5c5 |
| SHA256 | 53d4c23bc2ba89ee5050bae9b498eebbcde5a1906e51389742780f0c976b861f |
| SHA512 | fa4b6ca32a635f3a17d1e50b2b0a0c9e184cc104c2632b1d57c2a14db30272e6985a5665c567f49a5d4a6f36bfe80db9b5c591856d1667c024631a7050efb5fe |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_uuid.pyd
| MD5 | 50521b577719195d7618a23b3103d8aa |
| SHA1 | 7020d2e107000eaf0eddde74bc3809df2c638e22 |
| SHA256 | acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78 |
| SHA512 | 4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_ssl.pyd
| MD5 | 318cfedf19856dbbc627e79ed9fd2b9c |
| SHA1 | fb9b5565a033a8c6a4aee3f0a27de047714442d1 |
| SHA256 | efa7fef1f1456e19c44a787b62d047f5d73c6abb6a6d4201d125dc3d101fff09 |
| SHA512 | d5d616400fa33751bec6ce8786d4c29e6307f2042db0602907354734ff72387570201420290f5e99c375059ef7217159e254c44291b36f7f296574f506211e10 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_sqlite3.pyd
| MD5 | 435b49a7f84e7fbe0c6681932de37179 |
| SHA1 | a8a285579de10dacbfd053735c6f0ab930fe0fe2 |
| SHA256 | 5321e5c26a9bcaebb58f11241121bd0d1e45f98dcfbb4d8457eae42f17b8328a |
| SHA512 | 13d7d7120a7a150d789b92964acbe6d2ea7ebb130d6cb1833456ea1cdd6654cdd1d8841165296b3f077935dbaec4a37ca7e45c395c0b72d9b6dc970dbb76136a |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_socket.pyd
| MD5 | 552d390e9c359bf460b87cfb9a24a48b |
| SHA1 | d4920c3355b18087e9a392bea152cef90cc04a60 |
| SHA256 | f11b57f08a31e172cabae66830f9ef936e322a4df03ba5230d1621db4e7a24b6 |
| SHA512 | cfc59e43ab855f1c571db92c0df1258e88bc6db9d8569c2a5242b90d22f327503f4b4402f79f816f53f12a43f3d1ca84066231f0a3e719758340813f79528d8e |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_queue.pyd
| MD5 | 6cff25f6eb2872a07d52591cffe97ed7 |
| SHA1 | 1e51fc338bcf4e868a827c8dd2d3573a60ec9a73 |
| SHA256 | b58694a5585645827ce1f0aa285e176e9328584917a36434132fd71c3f017d8d |
| SHA512 | e847437f88dfd473272ed89f06fc9939c2e58e71f309275afa89599b4d79365459f763815660499be69b93b2440f3ed0dec88192d7d5b2be6ac2b79009a6442a |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_overlapped.pyd
| MD5 | d2b3134bae2e401e1753aac8b9ca577e |
| SHA1 | 3b4c4fe61c724a6bc4ee423ee7a1efb007a1f515 |
| SHA256 | 2386cf6ceaef4c6aa13974f913d6b3e6cde3b48e2fbb73f5c63ae6fe4384836f |
| SHA512 | 215609827121d9da6fa0bc884bd388391c46a799c22d54762775d591d9ae5e6bbce70011bc5f5237b6e526b79416c00f5daa8fc6baf70450ce37ced17fafa1f6 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_multiprocessing.pyd
| MD5 | a2de86f88aad5c050f86d258b1f05617 |
| SHA1 | 11824bbb09e5ee9865cadcbbfda1e0664c6d98ff |
| SHA256 | f10fc80b19740eceb7fdce89c30d6670c9af7ed600fa7f881d27b8b5a054495f |
| SHA512 | 3662a8e6afa6b385a3e2682a49b0ae57f0f2aefc029eaaf841a228ec76c0f79c4e963b6f22eb345f4cad72b35bd72576a79a282d9816cf9b37b762773c10a80b |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_hashlib.pyd
| MD5 | fa6ae459e8a2c3071bd373da5a4cfe18 |
| SHA1 | dbf6462e952efe70f4ad72c0c8688456833462d5 |
| SHA256 | 20af24170652420bc06adbb2fc159ae9e61e71f2cad5370b423c9ce4c57ad5e1 |
| SHA512 | 9846f7fcf86fd67b03080a6ec270e4c6ecb0fee7bd0019fddd976c26e062c5d41f35691384a2307ca80289010f73cecf7326d7f446971639698b2948c4f67c08 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_decimal.pyd
| MD5 | e3245ba10c125de02593c0a67669ab17 |
| SHA1 | 6b846b98ee8f663aa39d3c6c960df8bc84d82193 |
| SHA256 | 306cc1df8631d632e9831d6a710c8776784c4655b107424290338c385e743026 |
| SHA512 | 26c4d7280a93dc004b0a92689c43b9bcb6c0afa282d24581051fd18d0037499c2c77431636ca20a9225af002f254526cf66ff466b3b7fad0d73b8096ce1594fc |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 5225e3fc11136d4ad314367fa911a8b1 |
| SHA1 | c2cfb71d867e59f29d394131e0e6c8a2e71dee32 |
| SHA256 | 08005b24e71411fc4acdb312a4558339595b1d12c6917f8d50c6166a9f122abe |
| SHA512 | 87bdeacaca87dc465de92fe8dda425560c5e6e149883113f4541f2d5ecc59f57523cde41ad48fa0081f820678182648afbf73839c249fe3f7d493dcf94e76248 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\pyexpat.pyd
| MD5 | 7291100352b163626455abf2252f2a96 |
| SHA1 | 3c4d13bbf5fb69fe6f2af70f675ed2e437cea893 |
| SHA256 | 01974148486d569e9f1ad62d36d4d54b5396b07c853bd50f358d5580fde331f4 |
| SHA512 | fc384703828bb7a38b51dcf1a131b49283808b5658395e1d1c5ee9a204f895da0c29b12a7b1fc9aa468babc5d6f03be638fecf519e41911bf015a481f95458bc |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\select.pyd
| MD5 | 3b214dfb6ec4ca67be55b3aa52922827 |
| SHA1 | f665ffeab25d2bab506b873be944280586eb50f6 |
| SHA256 | 7507a92c4787e9e7936a0b4a8eeb0a3f24e5ee12ae58cd7988543581d99817ac |
| SHA512 | de4e9b9d79b01d21aca74179c6a3e8fc6fe041f71cdd78910fd893cda90c2cfe7e54ade91064333f37ffc880d446879a64dd8bb790677039df56df1f80ec6b45 |
memory/2044-759-0x00007FFFA0E80000-0x00007FFFA0E8D000-memory.dmp
memory/2044-758-0x00007FFFA0C70000-0x00007FFFA0C89000-memory.dmp
memory/2044-755-0x00007FFFA0E90000-0x00007FFFA0EC6000-memory.dmp
memory/2044-754-0x00007FFFA16A0000-0x00007FFFA16AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\libcrypto-3.dll
| MD5 | 63eb76eccfe70cff3a3935c0f7e8ba0f |
| SHA1 | a8dd05dce28b79047e18633aee5f7e68b2f89a36 |
| SHA256 | 785c8dde9803f8e1b279895c4e598a57dc7b01e0b1a914764fcedef0d7928b4e |
| SHA512 | 8da31fa77ead8711c0c6ffedcef6314f29d02a95411c6aacec626e150f329a5b96e9fdeae8d1a5e24d1ca5384ae2f0939a5cc0d58eb8bdbc5f00e62736dcc322 |
memory/2044-763-0x00007FFFA0C60000-0x00007FFFA0C6D000-memory.dmp
memory/2044-765-0x00007FFF908B0000-0x00007FFF90DD9000-memory.dmp
memory/2044-764-0x00007FFFA0C40000-0x00007FFFA0C54000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\_asyncio.pyd
| MD5 | 6880e3d5872fefa9810753e181cf3033 |
| SHA1 | e875467792bbe3c4117040f6cf935a7a60a21d55 |
| SHA256 | c7000207e8c406f3a18b006649248906963834ff901c7b8b9f627d534e31575b |
| SHA512 | f501bfe8300b20a621d587d9a86e1228ab90da5f4cab8ed47a2822617ca5eeaf66691756228745ff24084ba481f6b3eedcddfc4a4869cd56334e8ca53a92148d |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\unicodedata.pyd
| MD5 | 97f08bbcf9903c768668b1cd1e30aada |
| SHA1 | 84e2dc5c3662bd39ac09b5f682a59104ffec16d2 |
| SHA256 | c5c2997c3b16eb8b89fe230582a579a753efc8317ffd95d9795ec2762aa54ed9 |
| SHA512 | 076ca0017ae252d62d4a3bd7a42af95800e39a164bda990a0ca651aa2f0df2736c0dfdc086d8328a1834ae89f17716c5f76e798460a90263d1d8b6f2c233c686 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\sqlite3.dll
| MD5 | b26fa7619d82c7272b7279eb7aae801c |
| SHA1 | fa6a3240a531615a0853306f3b3d66aed98a04d8 |
| SHA256 | 74dc76a2a2d06d61f9f06bd3b0972bfb30ab57b0e5cb8c3011e79ce4a52924f0 |
| SHA512 | 20b0d6cf3e07ca0d565f140c9f9c1e218406ed9bdaaf75433858acb250bfb71bb134a6479fdcf6d4d0e0252707b1fb14f9c9d3e4d6a40824c3fdc7a43dfad0ee |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\luna.aes
| MD5 | 317423404233dd16512405b7b18c4baf |
| SHA1 | 884ad410710e2d49eb5cb75c0282c45da0645396 |
| SHA256 | 9f47ea291c38cc6aa357a18f4b8120a5f88fb028150fe2e3edd5843662393962 |
| SHA512 | a36c16f3a65052de9c15ccfd480fa429ec8a431d801062bdf95bdb5525965aacc82307e6023bce55093c1dfc7a24e884d096ea3343def2e42fa61cb38c7a6b85 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\libssl-3.dll
| MD5 | 7e87c34b39f3a8c332df6e15fd83160b |
| SHA1 | db712b55f23d8e946c2d91cbbeb7c9a78a92b484 |
| SHA256 | 41448b8365b3a75cf33894844496eb03f84e5422b72b90bdcb9866051939c601 |
| SHA512 | eceda8b66736edf7f8e7e6d5a17e280342e989c5195525c697cc02dda80fd82d62c7fd4dc6c4825425bae69a820e1262b8d8cc00dbcd73868a26e16c14ac5559 |
memory/2044-728-0x00007FFFA0F00000-0x00007FFFA0F1A000-memory.dmp
memory/2044-730-0x00007FFFA0ED0000-0x00007FFFA0EFD000-memory.dmp
memory/2044-768-0x00007FFFA0C00000-0x00007FFFA0C33000-memory.dmp
memory/2044-769-0x00007FFF907E0000-0x00007FFF908AD000-memory.dmp
memory/2044-771-0x00007FFFA0BD0000-0x00007FFFA0BE6000-memory.dmp
memory/2044-774-0x00007FFF92D50000-0x00007FFF92D62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\zstandard\backend_c.cp312-win_amd64.pyd
| MD5 | 4dd9c42a89ddf77fef7aa34a71c5b480 |
| SHA1 | fc4c03ffcf81fb255b54c4f16f6ed90d5a1f37d4 |
| SHA256 | f76dc6f9ace0d356dbfdea443c3d43232342f48384f4afc7293b2ace813477e7 |
| SHA512 | 02c04fa2fa1d8136730f2596740049664a4f9343fb56de195988d80151cb38e67e7fee1c140d2c5d7c439f19df377cc6e253f5178711f72b821eae3076b4e142 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\charset_normalizer\md.cp312-win_amd64.pyd
| MD5 | e4fad9ff1b85862a6afaca2495d9f019 |
| SHA1 | 0e47d7c5d4de3a1d7e3bb31bd47ea22cc4ddeac4 |
| SHA256 | e5d362766e9806e7e64709de7e0cff40e03123d821c3f30cac5bac1360e08c18 |
| SHA512 | 706fb033fc2079b0aabe969bc51ccb6ffaaf1863daf0e4a83d6f13adc0fedab61cee2b63efb40f033aea22bf96886834d36f50af36e6e25b455e941c1676a30a |
memory/2044-781-0x00007FFF90DE0000-0x00007FFF914A4000-memory.dmp
memory/2044-786-0x00007FFFA10A0000-0x00007FFFA10C5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\certifi\cacert.pem
| MD5 | 2a6bef11d1f4672f86d3321b38f81220 |
| SHA1 | b4146c66e7e24312882d33b16b2ee140cb764b0e |
| SHA256 | 1605d0d39c5e25d67e7838da6a17dcf2e8c6cfa79030e8fb0318e35f5495493c |
| SHA512 | 500dfff929d803b0121796e8c1a30bdfcb149318a4a4de460451e093e4cbd568cd12ab20d0294e0bfa7efbd001de968cca4c61072218441d4fa7fd9edf7236d9 |
memory/2044-785-0x00007FFF92D20000-0x00007FFF92D47000-memory.dmp
memory/2044-784-0x00007FFF90630000-0x00007FFF9074B000-memory.dmp
memory/2044-783-0x00007FFFA0B50000-0x00007FFFA0B5B000-memory.dmp
memory/2044-782-0x00007FFF90750000-0x00007FFF907D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
| MD5 | 5c643741418d74c743ca128ff3f50646 |
| SHA1 | 0b499a3228865a985d86c1199d14614096efd8a0 |
| SHA256 | 2d86563fdfdc39894a53a293810744915192f3b3f40a47526551e66cdb9cb35c |
| SHA512 | 45d02b854557d8f9c25ca8136fa6d3daed24275cc77b1c98038752daed4318bd081c889ff1f4fa8a28e734c9167f477350a8fa863f61729c30c76e7a91d61a97 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\psutil\_psutil_windows.pyd
| MD5 | 8a8e3fdcafb2d8f07b54028edafb5b09 |
| SHA1 | 9eccb4d95d1e700109e3c786713b523958b14c25 |
| SHA256 | a1a297c62345f33d3bdb7db4e4b23b3aad75057440d1218d34291b57b1538423 |
| SHA512 | a32dc4e508e0b844fa7fd1efade9af999b3bd9116bc93657d6718608b8cdee3e3b1b753ea52549d2f36a831f7bf0edd661f57693d1fa5b1b84bc0d894fcff258 |
memory/2044-791-0x00007FFF92920000-0x00007FFF92938000-memory.dmp
memory/2044-795-0x00007FFF901B0000-0x00007FFF9032F000-memory.dmp
memory/2044-794-0x00007FFF919B0000-0x00007FFF919D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20402\Cryptodome\Cipher\_raw_cbc.pyd
| MD5 | d9f0780e8df9e0adb12d1c4c39d6c9be |
| SHA1 | 2335d8d81c1a65d4f537553d66b70d37bc9a55b6 |
| SHA256 | e91c6bba58cf9dd76cb573f787c76f1da4481f4cbcdf5da3899cce4d3754bbe7 |
| SHA512 | 7785aadb25cffdb736ce5f9ae4ca2d97b634bc969a0b0cb14815afaff4398a529a5f86327102b8005ace30c0d196b2c221384a54d7db040c08f0a01de3621d42 |
C:\Users\Admin\AppData\Local\Temp\_MEI20402\Cryptodome\Cipher\_raw_ecb.pyd
| MD5 | 768559588eef33d33d9fa64ab5ed482b |
| SHA1 | 09be733f1deed8593c20afaf04042f8370e4e82f |
| SHA256 | 57d3efc53d8c4be726597a1f3068947b895b5b8aba47fd382c600d8e72125356 |
| SHA512 | 3bf9cd35906e6e408089faea9ffcdf49cc164f58522764fe9e481d41b0e9c6ff14e13b0954d2c64bb942970bbf9d94d07fce0c0d5fdbd6ca045649675ecff0f2 |
memory/2044-807-0x00007FFF919A0000-0x00007FFF919AC000-memory.dmp
memory/2044-806-0x00007FFF92900000-0x00007FFF9290B000-memory.dmp
memory/2044-805-0x00007FFFA0E80000-0x00007FFFA0E8D000-memory.dmp
memory/2044-804-0x00007FFF92910000-0x00007FFF9291C000-memory.dmp
memory/2044-824-0x00007FFF90600000-0x00007FFF9060C000-memory.dmp
memory/2044-823-0x00007FFF90610000-0x00007FFF9061E000-memory.dmp
memory/2044-822-0x00007FFFA0C40000-0x00007FFFA0C54000-memory.dmp
memory/2044-821-0x00007FFF90620000-0x00007FFF9062C000-memory.dmp
memory/2044-820-0x00007FFF8FF10000-0x00007FFF90155000-memory.dmp
memory/2044-819-0x00007FFF90160000-0x00007FFF9017C000-memory.dmp
memory/2044-818-0x00007FFF90540000-0x00007FFF9054B000-memory.dmp
memory/2044-817-0x00007FFF90180000-0x00007FFF901AE000-memory.dmp
memory/2044-816-0x00007FFF90550000-0x00007FFF90579000-memory.dmp
memory/2044-815-0x00007FFF90580000-0x00007FFF9058C000-memory.dmp
memory/2044-814-0x00007FFF90590000-0x00007FFF905A2000-memory.dmp
memory/2044-813-0x00007FFF905B0000-0x00007FFF905BD000-memory.dmp
memory/2044-812-0x00007FFF905C0000-0x00007FFF905CC000-memory.dmp
memory/2044-811-0x00007FFF905D0000-0x00007FFF905DC000-memory.dmp
memory/2044-810-0x00007FFF905E0000-0x00007FFF905EB000-memory.dmp
memory/2044-809-0x00007FFF905F0000-0x00007FFF905FB000-memory.dmp
memory/2044-808-0x00007FFF908B0000-0x00007FFF90DD9000-memory.dmp
memory/2044-803-0x00007FFF97E30000-0x00007FFF97E3B000-memory.dmp
memory/2044-802-0x00007FFF9A6C0000-0x00007FFF9A6CC000-memory.dmp
memory/2044-801-0x00007FFF9FE20000-0x00007FFF9FE2B000-memory.dmp
memory/2044-800-0x00007FFF9FEA0000-0x00007FFF9FEAB000-memory.dmp
memory/2044-799-0x00007FFFA16A0000-0x00007FFFA16AF000-memory.dmp
memory/2044-862-0x00007FFF907E0000-0x00007FFF908AD000-memory.dmp
memory/2044-863-0x00007FFFA0BD0000-0x00007FFFA0BE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\BackupUndo.bin
| MD5 | 41ea0340b802f291a8fce5d3d2f5c39c |
| SHA1 | 4832c12c5c704549c456f91d97643394919581f3 |
| SHA256 | a93d24ff5cb7a562fcd79eb4d1bdc9eab9e08bdc75ea0a358528a500f56be96e |
| SHA512 | db24130ca9b4bde8200d858aaa343c8b7e3c602ca1ad521bafd1931eaab16e99fc8d17c2073a0765264329790d1e0ff9daf12020c5b3877a92ceccc9eb482afe |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\ExportBackup.dotx
| MD5 | 1a0139ca62b7a4ea410ffb0b44c47cc1 |
| SHA1 | d0bef29febe4ec1bc2fe58192810678452fad960 |
| SHA256 | 08915258e6fe2b336e94e16ef0de45ddfe25a9b558642b91c1550672556007f9 |
| SHA512 | 97b0b9df218afdc801ae87e4b646e3d33525f8539b3206eebe04ba81126cf94e64d2079fd6a340bada7773c2fab86d1e7fb8ce9724077b92a15e7c13620173e2 |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\Files.docx
| MD5 | 4a8fbd593a733fc669169d614021185b |
| SHA1 | 166e66575715d4c52bcb471c09bdbc5a9bb2f615 |
| SHA256 | 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42 |
| SHA512 | 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\BackupUnlock.DVR-MS
| MD5 | aeb504c1a9be5743cf819d9de57c9109 |
| SHA1 | 6e3039c6cd4f3b501f3bc50fff70950e98ba21d3 |
| SHA256 | 9c3d0b8d3626aac519ffc8b7e0abcc94e3b7027f8b8a1dd622952852b41fb901 |
| SHA512 | e899adb9e0393bddf9185e43602398ce1e781c6ca7513e517be28b65e45ba2d760fba2312c11deb4fbf4c2fd20578e7fb3b1c58318e66af3042fb453e91afeb9 |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Browser\history.txt
| MD5 | 5638715e9aaa8d3f45999ec395e18e77 |
| SHA1 | 4e3dc4a1123edddf06d92575a033b42a662fe4ad |
| SHA256 | 4db7f6559c454d34d9c2d557524603c3f52649c2d69b26b6e8384a3d179aeae6 |
| SHA512 | 78c96efab1d941e34d3137eae32cef041e2db5b0ebbf883e6a2effa79a323f66e00cfb7c45eb3398b3cbd0469a2be513c3ff63e5622261857eefc1685f77f76b |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Browser\cc's.txt
| MD5 | 5aa796b6950a92a226cc5c98ed1c47e8 |
| SHA1 | 6706a4082fc2c141272122f1ca424a446506c44d |
| SHA256 | c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c |
| SHA512 | 976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\FindSet.csv
| MD5 | 3bfde5e15494ef4a56e6040b0af506f2 |
| SHA1 | 3cd175913003211e04282144121e0eea06124588 |
| SHA256 | 77939cbc28fc01ccddffb3b1ddd9a87ed025aa3b8a03b96d5d65a7f0d4a77216 |
| SHA512 | 245bacb1f4c50d206e6e0908629a56bc214334de2290c01c2050b5afefc62a7784caae105051f94d0e046c3d5364cdc482a92137e14588fb04337019c73b7f5d |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\LockMount.rtf
| MD5 | 38eb2dda29f3671ebd127309164a61f6 |
| SHA1 | 18a6bb6f2425046eb785cca3a0479fdda5d8ec00 |
| SHA256 | 495f41764759024318ea8823e2ed127e4a400d17157795fc639f9227a79d97c1 |
| SHA512 | ea51bfa2288786eab9804ab405508eea9da2131b52b678b010a77763d430cc30349a9c2c5e64fd7d81bc36bf7ae5468978700911a1c4b837eeec66485ccfce81 |
C:\Users\Admin\AppData\Local\Temp\MK2d7fwA0d\Common Files\WaitWrite.xls
| MD5 | 0a06b1ad7adc6461eaacb2a7f663995b |
| SHA1 | de11d1133d7f3186189a3e7f18391d04db9bca32 |
| SHA256 | 30cbe6752ca3a24337604238e53c49ac8d7da9d038ad1c4b13829ce264208684 |
| SHA512 | 4dcde8b7a54887770f0d43df8cae686f2ff9dc86535a11556a36fbcac943786f52b0fe98078fc083bb1e8d437498b4f2feffebdbfe46c15772227c4f4333eaf5 |
memory/2044-924-0x00007FFF92920000-0x00007FFF92938000-memory.dmp
memory/2044-936-0x00007FFF92D20000-0x00007FFF92D47000-memory.dmp
memory/2044-935-0x00007FFF90630000-0x00007FFF9074B000-memory.dmp
memory/2044-926-0x00007FFF901B0000-0x00007FFF9032F000-memory.dmp
memory/2044-925-0x00007FFF919B0000-0x00007FFF919D4000-memory.dmp
memory/2044-916-0x00007FFFA0C00000-0x00007FFFA0C33000-memory.dmp
memory/2044-905-0x00007FFFA10A0000-0x00007FFFA10C5000-memory.dmp
memory/2044-904-0x00007FFF90DE0000-0x00007FFF914A4000-memory.dmp
memory/2044-943-0x00007FFFA63E0000-0x00007FFFA63EF000-memory.dmp
memory/2044-996-0x00007FFF90630000-0x00007FFF9074B000-memory.dmp
memory/2044-1005-0x00007FFF9FEA0000-0x00007FFF9FEAB000-memory.dmp
memory/2044-1017-0x00007FFF8FF10000-0x00007FFF90155000-memory.dmp
memory/2044-1016-0x00007FFF90160000-0x00007FFF9017C000-memory.dmp
memory/2044-1015-0x00007FFF90540000-0x00007FFF9054B000-memory.dmp
memory/2044-1014-0x00007FFF90180000-0x00007FFF901AE000-memory.dmp
memory/2044-1013-0x00007FFF90550000-0x00007FFF90579000-memory.dmp
memory/2044-1012-0x00007FFF90580000-0x00007FFF9058C000-memory.dmp
memory/2044-1011-0x00007FFF90590000-0x00007FFF905A2000-memory.dmp
memory/2044-1010-0x00007FFF905B0000-0x00007FFF905BD000-memory.dmp
memory/2044-1009-0x00007FFF905C0000-0x00007FFF905CC000-memory.dmp
memory/2044-1008-0x00007FFF905D0000-0x00007FFF905DC000-memory.dmp
memory/2044-1007-0x00007FFF905E0000-0x00007FFF905EB000-memory.dmp
memory/2044-1006-0x00007FFF905F0000-0x00007FFF905FB000-memory.dmp
memory/2044-1004-0x00007FFF90600000-0x00007FFF9060C000-memory.dmp
memory/2044-1003-0x00007FFF97E30000-0x00007FFF97E3B000-memory.dmp
memory/2044-1002-0x00007FFF9A6C0000-0x00007FFF9A6CC000-memory.dmp
memory/2044-1001-0x00007FFF9FE20000-0x00007FFF9FE2B000-memory.dmp
memory/2044-1000-0x00007FFF919A0000-0x00007FFF919AC000-memory.dmp
memory/2044-999-0x00007FFF901B0000-0x00007FFF9032F000-memory.dmp
memory/2044-998-0x00007FFF919B0000-0x00007FFF919D4000-memory.dmp
memory/2044-997-0x00007FFF92920000-0x00007FFF92938000-memory.dmp
memory/2044-995-0x00007FFFA0B50000-0x00007FFFA0B5B000-memory.dmp
memory/2044-994-0x00007FFF90750000-0x00007FFF907D7000-memory.dmp
memory/2044-993-0x00007FFF92D50000-0x00007FFF92D62000-memory.dmp
memory/2044-992-0x00007FFFA0BD0000-0x00007FFFA0BE6000-memory.dmp
memory/2044-991-0x00007FFF907E0000-0x00007FFF908AD000-memory.dmp
memory/2044-990-0x00007FFFA0C00000-0x00007FFFA0C33000-memory.dmp
memory/2044-989-0x00007FFF90610000-0x00007FFF9061E000-memory.dmp
memory/2044-988-0x00007FFFA0C40000-0x00007FFFA0C54000-memory.dmp
memory/2044-987-0x00007FFFA0C60000-0x00007FFFA0C6D000-memory.dmp
memory/2044-986-0x00007FFFA0E80000-0x00007FFFA0E8D000-memory.dmp
memory/2044-985-0x00007FFFA0C70000-0x00007FFFA0C89000-memory.dmp
memory/2044-984-0x00007FFFA0E90000-0x00007FFFA0EC6000-memory.dmp
memory/2044-983-0x00007FFF92910000-0x00007FFF9291C000-memory.dmp
memory/2044-982-0x00007FFFA0ED0000-0x00007FFFA0EFD000-memory.dmp
memory/2044-981-0x00007FFFA0F00000-0x00007FFFA0F1A000-memory.dmp
memory/2044-980-0x00007FFFA2050000-0x00007FFFA205F000-memory.dmp
memory/2044-979-0x00007FFFA10A0000-0x00007FFFA10C5000-memory.dmp
memory/2044-978-0x00007FFF90620000-0x00007FFF9062C000-memory.dmp
memory/2044-975-0x00007FFF92900000-0x00007FFF9290B000-memory.dmp
memory/2044-965-0x00007FFF92D20000-0x00007FFF92D47000-memory.dmp
memory/2044-958-0x00007FFF908B0000-0x00007FFF90DD9000-memory.dmp
memory/2044-952-0x00007FFFA16A0000-0x00007FFFA16AF000-memory.dmp
memory/2044-947-0x00007FFF90DE0000-0x00007FFF914A4000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 12:42
Reported
2024-06-18 12:45
Platform
win7-20240508-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1596 wrote to memory of 1776 | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | C:\Users\Admin\AppData\Local\Temp\boblox.exe |
| PID 1596 wrote to memory of 1776 | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | C:\Users\Admin\AppData\Local\Temp\boblox.exe |
| PID 1596 wrote to memory of 1776 | N/A | C:\Users\Admin\AppData\Local\Temp\boblox.exe | C:\Users\Admin\AppData\Local\Temp\boblox.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\boblox.exe
"C:\Users\Admin\AppData\Local\Temp\boblox.exe"
C:\Users\Admin\AppData\Local\Temp\boblox.exe
"C:\Users\Admin\AppData\Local\Temp\boblox.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI15962\python312.dll
| MD5 | 8f165bfadf970edafd59067ad45a3952 |
| SHA1 | 16c1876f2233087156b49db35d4d935c6e17be6a |
| SHA256 | 22470af77229d53d9141823c12780db63c43703dd525940bc479730d2e43513d |
| SHA512 | b3af95dc9a68e21e8eca98e451b935f72663c2552ebf26de299716f17193f238d55c292df953d641defcbcec3ea18eb37cd4b839800804efa8f40658427263ae |
memory/1776-712-0x000007FEF5BF0000-0x000007FEF62B4000-memory.dmp
memory/1776-713-0x000007FEF5BF0000-0x000007FEF62B4000-memory.dmp