Malware Analysis Report

2024-11-13 15:24

Sample ID 240619-a87nfavdln
Target pypyp.exe
SHA256 f8a453ef88b89d9616b215f56a149e2a2dec681afa02cbe92df39e2689ca8b06
Tags
discovery persistence pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f8a453ef88b89d9616b215f56a149e2a2dec681afa02cbe92df39e2689ca8b06

Threat Level: Likely malicious

The file pypyp.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence pyinstaller

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Checks installed software on the system

Blocklisted process makes network request

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 00:54

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-19 00:54

Reported

2024-06-19 00:56

Platform

win7-20240508-en

Max time kernel

118s

Max time network

118s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\pypyp.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyc C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyc_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyc\ = "pyc_auto_file" C:\Windows\system32\rundll32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\pypyp.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\pypyp.pyc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\pypyp.pyc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 bf934375b70bdfeb5d49841281baa0a6
SHA1 a96dcd7e7a6566b6c0525c4774889cb417fd88a7
SHA256 e533a8722ee3ecdb9f6fb62e591b2da43f300b6f608a304e39415163927a7723
SHA512 48c7d3468918f8f24dc13a497b024299017b362baa50a9c1acf18cfe0d33c41e15605b6c9860bb8621adb8dc0853d9afb589e4f6cac0f49e70f4917fe1a2ee6e

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-19 00:54

Reported

2024-06-19 00:56

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

156s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\pypyp.pyc

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{fb355cb0-c07e-4095-85a7-81c5a2838da6} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{fb355cb0-c07e-4095-85a7-81c5a2838da6}\\python-3.12.4-amd64.exe\" /burn.runonce" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\SourceHash{AC669800-A797-444D-A450-A5109BBC74DE} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF49C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA476.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599e9c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICE08.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599ea1.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599ea6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e96.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e9c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599e8d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{754A267E-52AE-4A9F-AFF4-F67EDC4B3610} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e92.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599e92.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599e97.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e9b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e8d.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599ea0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA213.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599ea6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e91.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA0CA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e8c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e97.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599ea1.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{AC7F58DC-CF45-4B28-9EAE-AE152C588907} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{71BC2876-3319-44FC-B5C5-1C0B86FC2733} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA58.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e599e88.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{62DD7DAF-6279-46FA-A06B-C4A541244045} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB109.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599ea5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e599e88.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632321323049212" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{71BC2876-3319-44FC-B5C5-1C0B86FC2733} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045}\DisplayName = "Python 3.12.4 Standard Library (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}\DisplayName = "Python 3.12.4 Development Libraries (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12 C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907}\DisplayName = "Python 3.12.4 Documentation (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{71BC2876-3319-44FC-B5C5-1C0B86FC2733}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12\DisplayName = "Python 3.12.4 (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\CPython-3.12\ = "{fb355cb0-c07e-4095-85a7-81c5a2838da6}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\ = "{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{71BC2876-3319-44FC-B5C5-1C0B86FC2733}\ = "{71BC2876-3319-44FC-B5C5-1C0B86FC2733}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE}\DisplayName = "Python 3.12.4 Test Suite (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045}\ = "{62DD7DAF-6279-46FA-A06B-C4A541244045}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}\DisplayName = "Python 3.12.4 Core Interpreter (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\ = "{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}\DisplayName = "Python 3.12.4 Executables (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC669800-A797-444D-A450-A5109BBC74DE}\ = "{AC669800-A797-444D-A450-A5109BBC74DE}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{AC7F58DC-CF45-4B28-9EAE-AE152C588907}\ = "{AC7F58DC-CF45-4B28-9EAE-AE152C588907}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}\Dependents\{fb355cb0-c07e-4095-85a7-81c5a2838da6} C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}\Dependents C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{62DD7DAF-6279-46FA-A06B-C4A541244045}\Version = "3.12.4150.0" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{71BC2876-3319-44FC-B5C5-1C0B86FC2733}\DisplayName = "Python 3.12.4 Tcl/Tk Support (64-bit)" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Installer\Dependencies\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}\ = "{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}" C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1204 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 1060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 2780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 2780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\pypyp.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe587ab58,0x7fffe587ab68,0x7fffe587ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1916 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5396 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5416 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5156 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3924 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4136 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Users\Admin\Downloads\python-3.12.4-amd64.exe

"C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"

C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe

"C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=572 -burn.filehandle.self=560

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5484 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3404 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5596 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6088 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5488 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4472 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5588 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5088 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2808 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2708 --field-trial-handle=1872,i,11159569168114833150,15514351481421820490,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 172.217.16.225:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.python.org udp
US 151.101.188.223:443 www.python.org tcp
US 151.101.188.223:443 www.python.org tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 143.244.38.136:443 plausible.io tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
GB 216.58.201.106:443 ajax.googleapis.com udp
US 8.8.8.8:53 media.ethicalads.io udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 104.26.5.62:443 media.ethicalads.io tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 143.244.38.136:443 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 console.python.org udp
US 8.8.8.8:53 2p66nmmycsj3.statuspage.io udp
US 159.89.245.108:443 console.python.org tcp
US 8.8.8.8:53 region1.google-analytics.com udp
IT 108.139.229.32:443 2p66nmmycsj3.statuspage.io tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 223.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 62.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
GB 172.217.16.232:443 ssl.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 32.229.139.108.in-addr.arpa udp
US 8.8.8.8:53 108.245.89.159.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.26.5.62:443 media.ethicalads.io tcp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.187.238:443 consent.google.com udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:443 gofile.io tcp
FR 51.38.43.18:443 gofile.io tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 ad.a-ads.com udp
DE 148.251.152.47:443 ad.a-ads.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 static.a-ads.com udp
DE 78.46.32.91:443 static.a-ads.com tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 47.152.251.148.in-addr.arpa udp
US 8.8.8.8:53 91.32.46.78.in-addr.arpa udp
US 8.8.8.8:53 cold1.gofile.io udp
FR 31.14.70.248:443 cold1.gofile.io tcp
FR 31.14.70.248:443 cold1.gofile.io tcp
US 8.8.8.8:53 248.70.14.31.in-addr.arpa udp

Files

\??\pipe\crashpad_1204_ENWWRLQLMEIHKDKK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir1204_642856465\c29a2cbd-dfd5-4266-8ee9-8b717ac47f10.tmp

MD5 f8e609603d53c701422bbc4e026740c8
SHA1 5d08ba917111a8fce835be950477156720e57437
SHA256 aea99c066addc7157626d59326d8e5589402f6aac551a0560b92710ba68ded8a
SHA512 5cbdfc06d076665752b4a1aefd697f8af7dd2f673c2a65d363dde5e27e97451bbf6d6097c0b9003cccc886b1ec0cc3cd66be58c57076c181d2749249395462bc

C:\Users\Admin\AppData\Local\Temp\scoped_dir1204_642856465\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8fa72b4cec5f5587581e014f66514aa6
SHA1 6323c7d3585dea776af32f31a9251b71f5ec7ea5
SHA256 3e70790c3c87030ccb02681e254c8c26029311a356a2bd930af9b4f9c019d376
SHA512 c9189bd08895916cf5f1597f74a396e63679aff0592013a03ba57dd278fec7a20d2d1c8bd745affe08db265b7633effe665828b06342b291ffac40ebb657e2c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1e41ebfb78b6a2bec0561ab323f9ae7
SHA1 9e144aab7e9c41a4ee24c53a02be86722fc7e85f
SHA256 4b8cf43fffd8a644c1cf757e645c15db824e466881a6c084f70a54a082928bc6
SHA512 530bfca5d1d07236becdcc7c8ba7c66281de20799fa3258787397ac7e3ec8cb1860472fb70bd8e9869c4ed9b43ea09585737d173bbb687005b0024a9e282d0f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0ce7fd46c092ed3ef3f9e7341aac8f2
SHA1 b47cf049e16567f17baafab6140414846f75b4c0
SHA256 9d2c628b02dd9735abf44aed988c5854417024da512ffb386f79f2c387281ed9
SHA512 24bc8ae3c1b5bd01263250f3cc351ee0e7034ff8e576d675c46ca6dcdfaca5ce27dd1dbee6db155b74a96fa35cd18f2a347d7ac7ccd8bb6ea83ee27fe48dd594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 07dfbc062e530a0db0a439d876f2fb67
SHA1 0464fa6406e8182253d8ca38167bed3b34a0a23e
SHA256 cfa16e52feb713952d14a16ab85f0f3702ba6d2b2eb784454bcdb6be8a1f3220
SHA512 8977ac5cc8b380266b74a583c2d2e7bd659c85dd2a08fd223bcabeb070ac8ecf093450c96e6dd89ea54736198ece3be7e5289e5a7160ea6bfc6f2f2a3fdaf22b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 b582b2eca79a750948dbb3777aeaaadb
SHA1 bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f
SHA256 04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82
SHA512 35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 33411bb179575dfc40cc62c61899664f
SHA1 d03c06d5893d632e1a7f826a6ffd9768ba885e11
SHA256 274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f
SHA512 dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fe315852f4470e5d6e32629ddb6aff41
SHA1 61e82b7cbdb29f81bde86c02721d48fe17090b66
SHA256 5345a29e06b3d0568f758080332748ed97e1c417b2abd507679f94a7e4168906
SHA512 56ba13c87798b67b78141db20c649441327352f266e5237627d803473a27a7d715803ceaf072009d7e1efd0e6f46b88281ec9dc9383e34bb8147a21a506f4d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93847ec7-9553-45ff-9c5a-41747de69b04.tmp

MD5 072cfa8f99271a4a295721f29680e0dc
SHA1 77e484513f6794e40fa4c0f3ed7c6c43efc5a170
SHA256 65ad4f099e6f6e4b099736e3cab13e8d63211a7afd9d33db1c93b93bf074070c
SHA512 a8fd473008a64c475e550d8a3cd12baa4118bced4e259168ddb1805c3623a421d38be20c383dfe3a8d7ae9b05796989fc24c2f0ffe552e2f8f35b83d1234c6aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595683.TMP

MD5 9a557b39bf59530a048f1d12c278dd27
SHA1 c1ecc179d377367fd8027bd76be0dcdea245d3c2
SHA256 e39e602fd2a231c2d058a87dda2159f4847d905d749c675b1ec019db790ad2db
SHA512 b75cdf97ffba5c897bdc5bf90995f89954594da40857062aea3601ae8c6a5e0b31a08a1c02c44cd9f250f7153812591d3e5145ce3ef3fa1bf23b480fe5aaeecd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 75b21afd6716348812efb04f7676c284
SHA1 417ae40537e41fb845354bfcb36400a47e9ccc73
SHA256 857e19c2d1581bdfa6e1d9d95da8bf2202f55a164db7eb2dc1332f7e2d0b1bb0
SHA512 604d9d8defe6bd315a3cd1ce91cb16aa1bce099149994571bd0dfda5b0297d64ae7fa243e260eccd922046006d04f8a9d69b53cc371471e79578efc14482e3e8

C:\Users\Admin\Downloads\Unconfirmed 445237.crdownload

MD5 f3df1be26cc7cbd8252ab5632b62d740
SHA1 3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
SHA256 da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
SHA512 2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 27e08c9bae2233f42ff93cbe54b1c568
SHA1 32a987514ef5ab25f5be35aae47df88d57f709f3
SHA256 65c5a7430d2838dc8968bde35633783e76c8c601bf89ea3920b37ff6900a88e8
SHA512 b0c019e8d413a737632dcd03b5db34b905343b4e36ae56c4dcddc7bb5548208b9f325a72c93905a7df3358e383386512bd01e3914e83f383157ed925f96b587f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1f9b110799d13fa0559351ddbce4c3c
SHA1 f4bcb27c698c85baf09c33838642d50c0a79c840
SHA256 8530f520474dfc214bf80f859fe493cd078efbfa016a16356d0be6764fa9dcfe
SHA512 0a3454b8ad65dec34349ce1767af3370fd03a1eca3cede16caa9a50dabdd038380d19de752486be236110308a7c03281bdc1145af4ea8e3d8476cba964ae7d54

C:\Windows\Temp\{EB2345FE-FEEE-4C1E-9E32-4100344254B2}\.cr\python-3.12.4-amd64.exe

MD5 504fdaeaa19b2055ffc58d23f830e104
SHA1 7071c8189d1ecd09173111f9787888723040433f
SHA256 8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb
SHA512 01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

C:\Windows\Temp\{526DE0A6-58DD-41F4-A4C7-8922AEE5DBD0}\.ba\PythonBA.dll

MD5 e58bf4439057b22e6db8735be19d61ad
SHA1 415e148ecf78754a72de761d88825366aaf7afa1
SHA256 e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058
SHA512 8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

C:\Windows\Temp\{526DE0A6-58DD-41F4-A4C7-8922AEE5DBD0}\.ba\SideBar.png

MD5 888eb713a0095756252058c9727e088a
SHA1 c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA256 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA512 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 406440087b0127875748956f840dbeb6
SHA1 0f564c3c11b1f079ecaae03cad835944027a4c1e
SHA256 0b22713f21b60f9d0867214f3483d77cdc6e77e7b72cbbc8ac757cc304ddfdb4
SHA512 bad537c70639754993b38e21f54e3680ee4590ed6dfaa633b553c436364c359c0689b02e459495801342033ed1e7d7decd5dd7fb36502ceb9858680bcedc6711

C:\Windows\Temp\{526DE0A6-58DD-41F4-A4C7-8922AEE5DBD0}\pip_JustForMe

MD5 79d86625b64b0fcfc62e65612f1d8f48
SHA1 8980df9ee6574cc2e9e2290d015a42023b8279ea
SHA256 0c79f5d2c62a344f0b7ea382d30912addff3fec3a6c8f905dbdc7de6e305d557
SHA512 2bcd9d3f8ac3139c946ca182b5697ab88926378e613140ec17d1e2c641fe6708acd3246376047a069282260aeae70fb22f0bee077e0799940ff9cc0fd31ba9ae

C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe

MD5 43f337178c43edf715fbdf2e959e15d0
SHA1 b353117b01441b63fa40fb65ca07f30d501ef2b6
SHA256 4ff22c3f02870389ff042b3014847e8ed2dd49306bb61437967066fd524446d8
SHA512 994def9f953d8e33073c04ffb6d5b0e5eac38c7430616823d8cbccdd76f38aad2bd56784526d6bf6385cc385947591b207f095840535e5a477186e0732b9e755

C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe

MD5 e6d634b254c818bc36e0359538cb7ace
SHA1 02ec6b1121223b455b4672f850ca752ec7371c5a
SHA256 6a6200c6a8441d667d25c52750b0b7a3e48367c3b6343ed1e0d3edd5e43f8539
SHA512 1350dbfbdb2038ae22213cf643904f01150f3b89f226f20fdb72055e03766386464920086ce447c250f13a3a494aeb340626553b5acabedc1c63740c88d53859

C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe

MD5 d81b5f1043ece3954de5a7c9d7f930f8
SHA1 9d57a77752e2b54bb6947d92f33c97e37e251008
SHA256 190e5bdd4c77c164106728ba1818e5dee4da832ef40884c39deb73fcf3c63a32
SHA512 33134875864013c87b7a80338560b1e845c85064a947df0dffe09c5814fe02ad2009885ce0017f7cd0a1b1725b8b6860e8fbd2b2a30b4659b58652114c5478fc

C:\Users\Admin\AppData\Local\Package Cache\{4F815F87-CE9F-45CF-AEDE-EDF03728F8E6}v3.12.4150.0\core.msi

MD5 922be790a111acce21e21dddb2b346a0
SHA1 44abc66e873d291d2123fcd54a98471267369ab9
SHA256 9e6da1e5d4cfcef4b6c463c2606473cd2a7b1cb3fb428857b39639c73e73ae4a
SHA512 36f9403beb2566e048aab3091052d52ac058c2152998ddb28de35b3ac0fd760c8027fbec0ad060d1f872fb79e1782ff35e4debc77e6268b4bffb6b9b8eedadea

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_000_core_JustForMe.log

MD5 6811645ee31c93b54801c0564fa1736f
SHA1 5948e8ea6504fae719720b7382973178a92ca412
SHA256 e44b31445180153a6a3511fd7ec7ed3c0dea57fbb8e178cf1b6b2836cdaaf10e
SHA512 74cecd106b6ae8e97227f3beac8d302465e59d49f687fe0cc6e161b351857accd5ad2ed838322ffc83d56181ced8f3e744c452a8c26c9c6f3bf922e3e9a6ee9a

C:\Config.Msi\e599e8b.rbs

MD5 a4c9fafc6227e3bf378fcd67140ac00d
SHA1 6123f784900835fa3f292e219920a9c86e2dd980
SHA256 2f008bc595e9a2c2b86adb96580880ce811e7afd7c9e84c53cd12850d62b6f72
SHA512 4f86e3ca6394add74b8164b1651d4422fd5e4eb6b6d7469c54172ddbcc68b9dae81d65e314803efdb6c9423dc8412bafdd9b12f3523276898956f91a33a66890

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_001_exe_JustForMe.log

MD5 ad006217fd7f3fe1a03afa75551e618d
SHA1 88fe35572ec16f0cad32f9290d729fb0082949ec
SHA256 07e36ce101c5bf7946f26d963d21a3cca6762ced92bbb8e92aa0646dac54a248
SHA512 e6cdf27f0a132d149dcdfc8af955d4de1494934e8d55c00c2d76edd4ea4ab32721dec77f3238cdcd39d194a917acf6e54bc67573f3597819ab15068ee1abcf23

C:\Users\Admin\AppData\Local\Package Cache\{754A267E-52AE-4A9F-AFF4-F67EDC4B3610}v3.12.4150.0\exe.msi

MD5 74caed2618cab1c21fdd9746d688cb2a
SHA1 fa64f4fb6b82431171b0e725d9fab082f75c13e4
SHA256 a2a3db80d4c8d1ee9c52a3620df099ffb5e56eadbba010ac71d94588773e92f4
SHA512 d806199e2a5d852695c321ed56a79da6e583e8a877c41a9ef29ca9a76513fa388cc2058e539bc91b701e4de6191871c97fba8689ced14d6013180a3b5dae7b6a

C:\Config.Msi\e599e90.rbs

MD5 ff141244796dc0e93bf7dba620c6f6dc
SHA1 d776fd0aa20dfa2e536ed1c8480af73dc720166b
SHA256 b89264bffbee18f868b5d230c5132819a00f27ad94c5b34cebc7cd8771300b6f
SHA512 5f6340106efca9e69c8b0778fd439edf21a2d7561e8ab498c2b83b9135bafe0c7c3a6aae03335a7338e5999edccb66475674a7d7a9ce4dfd1e9f761faea6a85b

C:\Users\Admin\AppData\Local\Package Cache\{7BFF8368-33A0-4DB3-9442-F5C881FE1B4D}v3.12.4150.0\dev.msi

MD5 229230103408fb024f3b0202aa03b89d
SHA1 ac1c74602d0266c354b8aa9d5f80212f169a4e77
SHA256 99d874c055615ac8c7012ccaf4b6e12a6b469ddee1d3422d20fccb2041877fd7
SHA512 0c11122e94c363b97362eb331d1ef166e37ff55beee90c3bfb9f41cd70c9967ce0099d6d1d5020f5439dd13a71545abb94ccab4148dbd499ecafb191367d416b

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_002_dev_JustForMe.log

MD5 343c72c2e12b74031aad4fe449d6a788
SHA1 4478cb4b778119781cd04f1839e5482a45e4c19f
SHA256 26b24e1afd9a83f7d526ce475a61c61fdfe22dff4393867aad0e3eaac63e2828
SHA512 cb387de14d243fb5f0e7f9bd3815f1ccce39ec41d0c8f53cd6d3cca9aac03e1fc4315025186cd6b75cca8053fd3ca9a5d81ecaf4813c0d26daa6fa5c3cfd1330

C:\Config.Msi\e599e95.rbs

MD5 6d80cffc734b84629723bbdff0355f5c
SHA1 5fe1caa7bcbf9d509940fc14f0faf893aaf307cd
SHA256 ef33f9f8c58136a1640c82e887f90b787cf7fb57730c77a620c6a2248d14c558
SHA512 e720ea0448786af074406fda8e188b6ca1859bbeeca03793996053c6bfa874cbcd2de31fe6fc8cae2b1c8990bd046f595d5f1cb9ec3edf272e921d1359bb32f6

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_003_lib_JustForMe.log

MD5 ee4ccd55af7aa0e6d0d17ba1229e2210
SHA1 85fe2ba6299abeb955e25fd0959d3e8d222c0dca
SHA256 73da586f8cf1666e2442c9a322073fa916162f0e955107b13ddb1af76a1c5d45
SHA512 07c49c17d59d19d4c405143140df942e11d6889b9f04edb335087d910db0c1f37a893f2870c907f82ea58cea703e5077b03fb147819b3f1e6fc2bbf3b8a21894

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f2b3905f9539e8ad63e2e180098c1a26
SHA1 8c7ce10f09fdca52936e863b7162b629b3a4f1d2
SHA256 582fcf27ae48306aed36961a17a0f076dc018cc55473b1abe93e6f9e7574df1c
SHA512 ad337961bcfda51e9aa6504acc63603d74912b541a1a974f65b3bd6e5421fbef6737319b5b91fa357d106c32d3beeef392d361a4ed2c9277c3e3cece3b4aacc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59bb47.TMP

MD5 886eefbfde5787531940cf34534058bf
SHA1 e66e0b33e06cca232e3d5d2a600c8992f13633d0
SHA256 9c2162269afec1b61b998b11e50a9e90c702dc60b766a1ff3d7be08b49cde59f
SHA512 8a1c2c07401f8b71198c2be30f01c138c90a3484d9a7b0fb33393e8bf16c2080331231a76bf1dc78de0b740d3fe65fe2a7fd09c088da3e028679fe2779dcdf29

C:\Config.Msi\e599e9a.rbs

MD5 3152b7a3b17dacf60ffa2095bb199890
SHA1 f0ae11b84e2f88dc35a2ace11727ddfcb04b58b9
SHA256 0ab1d5487f6b969d9bb702548f0644591bded208009cfd4fbd85bf9898513c64
SHA512 899b78d7f79873b2d5aee212b9a0e89f55729473f23e501d71a0ee7c127ffceab73a6d9948cb96f4dda9920f16aaa618a6b9456180a9c79a1a0444112345fbae

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_004_test_JustForMe.log

MD5 e98413d814d4d763a4d3706149f59dc9
SHA1 d1f1df95a3066b15b60193709f3e0babe6a29149
SHA256 90c3a4993ce12ba9aa52395a5a6beddfb86c0417208c7bea3ee8bfe98aed8b38
SHA512 124a14abf0071dc8e27c04d271f55cbf83bd2f7e9d64c2429fed3f305707ad9cf858accd7344b815f2c97cff64bc10809eabf46b937c14003ad1d538e105ee10

C:\Users\Admin\AppData\Local\Package Cache\{AC669800-A797-444D-A450-A5109BBC74DE}v3.12.4150.0\test.msi

MD5 12e9ecedd11898d5ab631466857dcbe2
SHA1 502c9f232f403f94721f1d0a0f87d2f9baaf5f29
SHA256 cb87751ac6ddd7cd61e84ccfb0f5b88fa5dd58e79fefe5b2d64ed0967d6a76a8
SHA512 6bf6e681fb55f7578cd1b28284fc06c9c5edc6c0093dc0214949bcdf3624e2598a93bafd200faf020cc3b5840acd60f46290f022036d852195571c6d040e61ca

C:\Users\Admin\AppData\Local\Programs\Python\Python312\Lib\test\test_importlib\extension\__init__.py

MD5 c3239b95575b0ad63408b8e633f9334d
SHA1 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc
SHA256 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225
SHA512 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

C:\Users\Admin\AppData\Local\Programs\Python\Python312\Lib\test\test_importlib\frozen\__main__.py

MD5 47878c074f37661118db4f3525b2b6cb
SHA1 9671e2ef6e3d9fa96e7450bcee03300f8d395533
SHA256 b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216
SHA512 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

C:\Config.Msi\e599e9f.rbs

MD5 dd4aeb7ca21edb03331162eefb1cc2c3
SHA1 b64550694cd4478294ab4d56798225a16ba332c9
SHA256 32c219b49efb23e9cd5cd992938d6531f06271677d47e0e142930aa0737e6554
SHA512 95172955147a7cbccfb81ad0204ad0c2027207c3a45ce5b9d15348db0c64af4a1361a0cea967a0640851eca21fe8a7125c5cd1c21e26508bed52c5fb1c251245

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_005_doc_JustForMe.log

MD5 ae747c2b33df05ebe0cb768116a3e472
SHA1 1c38c837a051529d01603ec783a2564a04e9abf0
SHA256 0cd5ae931f710a592bb171b33ef18997c6305cb672c1b24e7144d85dbacc2db6
SHA512 18bf322b1e760be267b7ccf0b67866a0e558f9121fa271891448df2147c0b8f5557462685dd643ca81da299046592f297cf1e98f50fd96f751b48e22a3054c52

C:\Config.Msi\e599ea4.rbs

MD5 e285ed60baeea45edc3931c4ed620769
SHA1 4f4b08bc453e6626a2a9492f7170bfbc5cf20bb0
SHA256 a36d03019ec863f8f38b7e331fa186c2ad9c74eb197d6e5a9c998a0d7d35a7f0
SHA512 78da1baebb9f8e19bce3b7cf260a333bc19fb7271c760dc9c18dda2ecab71593d3b3a04a877000bd5e1f3546f03aa4af804f5fa7ca08a4311e23ab436f575c8d

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_006_tcltk_JustForMe.log

MD5 8d19e9cd107b39243fedfa853ea7bb6e
SHA1 013d9e01031f04a8e1a56a914e2f00a1a0b44368
SHA256 3f502554393bc5eae8ba58c7620a2025cf8f2f0a2ad17f9fcd1dee4c2429c108
SHA512 b79a70375adefa551cdd86921533780c49c03a17d7d127dabfd82467c1f989b0709f9143c1dfaf024eb1d75c5615757a753973399aa0320e364af03a1404e45b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f3672f2739560854c6cccbad94fa622
SHA1 9d5be4dabd207d793b261e1629cec88ad5bca4a7
SHA256 04373574a0af1d26f448f196ea98453749d798c13732c9eba678902fa2b08c61
SHA512 e36e4c465227c77bed930c3518ef9aa042037e89fea425bf9c5d370369ad5c0e4c8bdea9807e4d415fd8aa1aa5d62872569040845666b19e8fc4293dd3e673db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e5827dcdc9f184444cede9793edc97c
SHA1 4130d5240518eedc7504bf76b8c43b6aef289f90
SHA256 36fab1550032c59cd6353d403592606a72415d4eb0c930336db96daa33f4d0a4
SHA512 8a6ea05a9d3a771c2ae76d8e4fae04548321b672cee677419fb74e09bc1e5613cc08f704612c056c2afcf21f71de6ebf5daa36ace69f062f7401b5bd93db0dac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 46767cb8cee729be7733369d1324bdcb
SHA1 8ba15739c23e7ac56c3f03947b013a13d8d74376
SHA256 03d2b951fce57ffa79e59865f1a59667aa58a47590c027d84453be445e1aa2eb
SHA512 967b238df03632d8ebdcafca742d88550b2e309da5cd24f3b767d8af09670ac16e02a8d44f03e85bd8d8377a17ceb9df5ce1d0da1b1f5f7bc23988ec3a9f7721

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f60aaf96830ad6e419cbf47c6a213b97
SHA1 c22f33f971a041d3aa6b9270183ee384672f49fa
SHA256 564884d4db1666c4c99cda2094d55fb2dc9cf415c6d0e9e15010d6264d65c91b
SHA512 2ace10b3a9f6cfd75f7f6644350afcd041902333d529150f30284ba7462332250cdbe8bf01adf033a09bc8b026ba493fd9a6dc35cbc8037c60a6f87e706e27a7

C:\Users\Admin\AppData\Local\Programs\Python\Python312\python.exe

MD5 67d2e7c2c9737e21717a4d2336493adc
SHA1 46c8683e323c49c7093c7394c992420d37376e6e
SHA256 fd5c46d73d29ba21b04c844bbaf9096066136526911230645a2a040d23fb612b
SHA512 36f7e98fcca905f8207d6165dec4e75f17afc139c29ed3c44d29726cb1978ac6451dd28ddc2d65a1333eb10856410c6b6ec7ae802f54d8fd54de79be31f20c4f

C:\Config.Msi\e599ea9.rbs

MD5 df32718ef6406ab19e3957786bd610db
SHA1 73d60e1f1218193750b30f4a6293a8a6ae89adb7
SHA256 9ed975decb16c9744cc22319ce5693f9db28af761f36a97de6d6ba8555f112e5
SHA512 305e57e7b672fb3a6a84fb3e83a70d2e26c135fb48aaa423de9872f0a0fe6097977447bf655a3c7d8e589de3661b959bbd90bb5b094293b74ba43e1dd93fb729

C:\Users\Admin\AppData\Local\Temp\Python 3.12.4 (64-bit)_20240619005609_007_launcher_JustForMe.log

MD5 b7f254589f1b9f1e2c3412740d9c9f44
SHA1 427d06a98be2a2810e00a6d175bf7e9f2a95d4e1
SHA256 bfa19088dd8f2336c16b5d3d8649cf38d6b183bce57d1efab63bea527935ad3c
SHA512 35f1b67a2603e050a214669fcdf54839192415c5471b638c3c470f9769387fe011d04cb693c5d0a4f0bbba95501fb471895ef87c01dbf519daa0466fe1b13076

C:\Users\Admin\AppData\Local\Package Cache\{3C4935A5-B72E-4DA4-809E-0287A0BC046F}v3.12.4150.0\launcher.msi

MD5 9321731c44fb531cdceaefe14fd13489
SHA1 ddfd199d4cbef87439dab4add0ef4980fa272b77
SHA256 434f0b25b56b853c26bc04e365aa2eec3563a2d1e83a39b471c18a8cc2ddf5e3
SHA512 188712f7f6be4f2f6e381cebcec90e789a3207751bdf1e448ddbde4c77c0bf92a5c4f3556ed9d0dffe99964377aab54004e0176d8cfb7cf30afb526245a7ea61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 15b4eb5fca4bfb8cdc90e8b757eeb7e5
SHA1 8e6b9b5a81e98410cba5b878983d0d35f86a488a
SHA256 f8a453ef88b89d9616b215f56a149e2a2dec681afa02cbe92df39e2689ca8b06
SHA512 df2494fa7129ed06cbb825db20b08f8862ae6ed5e53c3c2415f34c5757c960261bc9dceb2d043e58026ae1a7f7b53b5cbe5bbd90d68fcd4e1d8239eb6c1c44a6

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 00:54

Reported

2024-06-19 00:56

Platform

win7-20231129-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19762\ucrtbase.dll

MD5 b0397bb83c9d579224e464eebf40a090
SHA1 81efdfe57225dfe581aafb930347535f08f2f4ce
SHA256 d2ebd8719455ae4634d00fd0d0eb0c3ad75054fee4ff545346a1524e5d7e3a66
SHA512 e72a4378ed93cfb3da60d69af8103a0dcb9a69a86ee42f004db29771b00a606fbc9cbc37f3daa155d1d5fe85f82c87ca9898a39c7274462fcf5c4420f0581ab3

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-localization-l1-2-0.dll

MD5 9d8e7a90dd0d54b7ccde435b977ee46d
SHA1 15cd12089c63f4147648856b16193cf014e6764f
SHA256 dc570708327c4c8419d4cced2a162d7ca112a168301134dd1fb5e2040eee45b6
SHA512 339fe195602355bce26a2526613a212271e7f8c7518d591b9e3c795c154d93b29b8c524b2c3678c799d0ea0101eabea918564e49def0b915af0619e975f1c34b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d399c926466f044f183faa723ba59120
SHA1 a9534b4910888d70eefba6fcc3376f2549cb4a05
SHA256 19b018be16afe143fb107ef1dd5b8e6c6cb45966806eb3d31ec09ff0dc2b70d1
SHA512 fc55f4cfe7c6c63e0720971d920c5c6ead4db74a671f7bb8dc830aa87cb54459a62e974456875bdfda449d82a0acb368e3b6c2cc20c32b1b407e8de7cc532057

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-file-l1-2-0.dll

MD5 b59d773b0848785a76baba82d3f775fa
SHA1 1b8dcd7f0e2ab0ba9ba302aa4e9c4bfa8da74a82
SHA256 0dc1f695befddb8ee52a308801410f2f1d115fc70668131075c2dbcfa0b6f9a0
SHA512 cbd52ed8a7471187d74367aa03bf097d9eac3e0d6dc64baf835744a09da0b050537ea6092dcb8b1e0365427e7f27315be2145c6f853ef936755ad07ef17d4a26

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-timezone-l1-1-0.dll

MD5 ea5f768b9a1664884ae4ae62cec90678
SHA1 ae08e80431da7f4e8f1e5457c255cc360ef1cac0
SHA256 24f4530debf2161e0d0256f923b836aeccc3278a6ff2c9400e415600276b5a6d
SHA512 411db31e994ebbc69971972e45d6e51186d8f8790e8c67660b6a846e48a5a5c53a113916a5a15d14c33d8c88037d7f252135e699cb526c4bb3b5abd2e2dfee7c

C:\Users\Admin\AppData\Local\Temp\_MEI19762\api-ms-win-core-file-l2-1-0.dll

MD5 4c9bf992ae40c7460a029b1046a7fb5e
SHA1 79e13947af1d603c964cce3b225306cadff4058b
SHA256 18655793b4d489f769327e3c8710aced6b763c7873b6a8dc5ae6f28d228647f4
SHA512 c36d455ac79a73758f6090977c204764a88e929e8eaa7ce27a9c9920451c014e84ae98beb447e8345a8fa186b8c668b076c0ed27047a0e23ad2eeaf2cbc3a8d8

C:\Users\Admin\AppData\Local\Temp\_MEI19762\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 00:54

Reported

2024-06-19 00:56

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4952 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4952 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4752 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4752 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4752 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4752 wrote to memory of 440 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 440 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 440 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 440 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 440 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2948 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2948 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2948 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2948 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4664 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4664 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4664 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4664 wrote to memory of 748 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3268 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3268 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3268 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3268 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1936 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1936 wrote to memory of 3472 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1936 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1936 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4280 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4280 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4280 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4280 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2232 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2232 wrote to memory of 1808 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2232 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2232 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4612 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4612 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4612 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4612 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 748 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 748 wrote to memory of 864 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 748 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 748 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3472 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3472 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3472 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3472 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1736 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1736 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1736 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1736 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4624 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4624 wrote to memory of 3140 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4624 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 4624 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3592 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3592 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3592 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 3592 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2108 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2108 wrote to memory of 3660 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2108 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 2108 wrote to memory of 632 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1300 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe
PID 1300 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\pypyp.exe C:\Users\Admin\AppData\Local\Temp\pypyp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4752" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4752" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=440" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=440" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2948" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2948" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4664" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1936" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4664" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3268" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3268" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1936" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4280" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4280" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2232" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2232" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4612" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4612" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=748" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=748" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3472" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3472" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1736" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4624" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1736" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4624" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3592" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3592" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2108" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2108" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1300" "pipe_handle=492"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1300" "pipe_handle=488"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2228" "pipe_handle=576"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2228" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=632" "pipe_handle=516"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=632" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=396" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=396" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2128" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2128" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=864" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1280" "pipe_handle=528"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3832" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3832" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1280" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=864" "pipe_handle=464"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1092" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2084" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2084" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1092" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1808" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3140" "pipe_handle=648"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3176" "pipe_handle=320"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2432" "pipe_handle=504"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2432" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=528" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=528" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1860" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4484" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4484" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1808" "pipe_handle=504"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3176" "pipe_handle=528"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3660" "pipe_handle=576"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3660" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3140" "pipe_handle=624"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1860" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3720" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3720" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=208" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=208" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=640" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1440" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2592" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2592" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1440" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=640" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3232" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1480" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3232" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4376" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1480" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4376" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3432" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4352" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3432" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4352" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3484" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3484" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4780" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4780" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4564" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4564" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2104" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5052" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4592" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4592" "pipe_handle=536"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2324" "pipe_handle=496"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2324" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3084" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2932" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3528" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3528" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2868" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2104" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5052" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1904" "pipe_handle=476"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1904" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3084" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2932" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2868" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5208" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5208" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5376" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4600" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4600" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=404" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=404" "pipe_handle=504"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2080" "pipe_handle=492"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2080" "pipe_handle=528"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5376" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1636" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=468" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=468" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2508" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2508" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=432" "pipe_handle=612"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3188" "pipe_handle=480"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3188" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=432" "pipe_handle=620"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4164" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5760" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5760" "pipe_handle=476"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4080" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4080" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4364" "pipe_handle=492"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4364" "pipe_handle=348"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1636" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=860" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=860" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4164" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4148" "pipe_handle=620"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5604" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4908" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=940" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4468" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4468" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=940" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5604" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4908" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4148" "pipe_handle=624"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5308" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5308" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5500" "pipe_handle=372"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5500" "pipe_handle=496"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5456" "pipe_handle=304"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5456" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3888" "pipe_handle=156"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5192" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5192" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5344" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5344" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5416" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5368" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5352" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5352" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5800" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5800" "pipe_handle=576"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5240" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1556" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5240" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1556" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5752" "pipe_handle=628"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4536" "pipe_handle=488"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4536" "pipe_handle=496"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5480" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4924" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5448" "pipe_handle=364"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5448" "pipe_handle=368"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5384" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4384" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4244" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2512" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2512" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5408" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5408" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5200" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5216" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6116" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5904" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5904" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6116" "pipe_handle=576"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5300" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3212" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3212" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1988" "pipe_handle=496"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1988" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5392" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5428" "pipe_handle=464"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5428" "pipe_handle=476"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5316" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5316" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5324" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5324" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5048" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5632" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5632" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6084" "pipe_handle=468"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6084" "pipe_handle=504"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2368" "pipe_handle=536"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2368" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3888" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5416" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5368" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5752" "pipe_handle=632"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4924" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5480" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5384" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4384" "pipe_handle=492"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6364" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6364" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4244" "pipe_handle=600"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5200" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5216" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5300" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5392" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5232" "pipe_handle=480"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5232" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5252" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5252" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5048" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5280" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5280" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6136" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6136" "pipe_handle=528"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3872" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5288" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5260" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5776" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5548" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6436" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6436" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5288" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3872" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5260" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6356" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5776" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5976" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5548" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6700" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6700" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7480" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7112" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7112" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7512" "pipe_handle=508"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7512" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7536" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6076" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6076" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5960" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5960" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6356" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5976" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7244" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7588" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6788" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6788" "pipe_handle=508"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6736" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6736" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6840" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6868" "pipe_handle=512"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7044" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7044" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7480" "pipe_handle=480"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7172" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7536" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7608" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7608" "pipe_handle=488"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7872" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7872" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6760" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7244" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7588" "pipe_handle=580"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6840" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8200" "pipe_handle=524"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7336" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7336" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8200" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7072" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7408" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7408" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6868" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7500" "pipe_handle=536"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7172" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5784" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6760" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5784" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6820" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6820" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7072" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7012" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7012" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7696" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7696" "pipe_handle=508"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5624" "pipe_handle=556"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5624" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7500" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8860" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8860" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8492" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8492" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8888" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8888" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8660" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8660" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7036" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9144" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9144" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9504" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9504" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6104" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5952" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7324" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7020" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9108" "pipe_handle=516"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7020" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9108" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7036" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6008" "pipe_handle=488"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6008" "pipe_handle=476"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8836" "pipe_handle=576"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8836" "pipe_handle=528"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9468" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9468" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6104" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5540" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5540" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8172" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5952" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6804" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7344" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7344" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7388" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7388" "pipe_handle=516"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6944" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6944" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6964" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6964" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7324" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7092" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7092" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7132" "pipe_handle=560"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7132" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9424" "pipe_handle=536"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9424" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5528" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6192" "pipe_handle=524"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5528" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6192" "pipe_handle=568"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9552" "pipe_handle=532"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9552" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=9608" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=8172" "pipe_handle=596"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6812" "pipe_handle=484"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6812" "pipe_handle=496"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6804" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=10364" "pipe_handle=588"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6284" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5324" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5240" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5208" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6284" "pipe_handle=572"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6876" "pipe_handle=468"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=10276" "pipe_handle=416"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=10276" "pipe_handle=428"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6876" "pipe_handle=476"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5300" "pipe_handle=564"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4600" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=3872" "pipe_handle=588"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 676 -p 7344 -ip 7344

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5208" "pipe_handle=472"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5480" "pipe_handle=592"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4364" "pipe_handle=348"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5760" "pipe_handle=472"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 856 -p 7500 -ip 7500

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5408" "pipe_handle=552"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 732 -p 7172 -ip 7172

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5480" "pipe_handle=596"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 356 -p 7012 -ip 7012

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5776" "pipe_handle=644"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=432" "pipe_handle=672"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5752" "pipe_handle=632"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7608" "pipe_handle=540"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 620 -p 7408 -ip 7408

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5240" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2868" "pipe_handle=604"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5904" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5232" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5632" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=7480" "pipe_handle=480"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6736" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6700" "pipe_handle=540"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2512" "pipe_handle=520"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6364" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4924" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4384" "pipe_handle=492"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5752" "pipe_handle=628"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1556" "pipe_handle=544"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=2368" "pipe_handle=536"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5280" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5960" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4468" "pipe_handle=500"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4924" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5604" "pipe_handle=584"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=1988" "pipe_handle=552"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=4164" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=6116" "pipe_handle=576"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5240" "pipe_handle=548"

C:\Users\Admin\AppData\Local\Temp\pypyp.exe

"C:\Users\Admin\AppData\Local\Temp\pypyp.exe" "--multiprocessing-fork" "parent_pid=5324" "pipe_handle=544"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49522\ucrtbase.dll

MD5 b0397bb83c9d579224e464eebf40a090
SHA1 81efdfe57225dfe581aafb930347535f08f2f4ce
SHA256 d2ebd8719455ae4634d00fd0d0eb0c3ad75054fee4ff545346a1524e5d7e3a66
SHA512 e72a4378ed93cfb3da60d69af8103a0dcb9a69a86ee42f004db29771b00a606fbc9cbc37f3daa155d1d5fe85f82c87ca9898a39c7274462fcf5c4420f0581ab3

C:\Users\Admin\AppData\Local\Temp\_MEI49522\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

C:\Users\Admin\AppData\Local\Temp\_MEI49522\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI49522\base_library.zip

MD5 233953bfcff6d7e5891adbf237f12ad7
SHA1 f69ee1bf7bf6687493b8fc766ad884cb9f0c0999
SHA256 7afc8c0abdd86c924fb3ae1d5009660053f68bec7b33848be4b1e343fd720ce8
SHA512 589f48d53f64fada442f4a1023f695c2996793415aa270b6b3ad44343771398100485734f560a6da323e036d79c75a6f72e373a2705ee4be940726d6bb18199f

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_ctypes.pyd

MD5 ca4cef051737b0e4e56b7d597238df94
SHA1 583df3f7ecade0252fdff608eb969439956f5c4a
SHA256 e60a2b100c4fa50b0b144cf825fe3cde21a8b7b60b92bfc326cb39573ce96b2b
SHA512 17103d6b5fa84156055e60f9e5756ffc31584cdb6274c686a136291c58ba0be00238d501f8acc1f1ca7e1a1fadcb0c7fefddcb98cedb9dd04325314f7e905df3

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 c148a26d3d9d39777dabe28dc08cee60
SHA1 4f7537ba8cee5ff774f8d7c3fe4174fc512b70d4
SHA256 085968d938ea924827c4740697713674850218a8fe91dd9982e93b0effacc820
SHA512 6689dfb19898f420632295fb9982668919011784278dc6840716c91ca8dcb434057096640a15fab7a93edf722530451da274d02bb344cd429388412ad11a79e0

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-interlocked-l1-1-0.dll

MD5 5f2e21c4f0be6a9e15c8ddc2ecdd7089
SHA1 1282b65a9b7276679366fe88c55fab442c0cc3a1
SHA256 ea60d03a35ef2c50306dbbd1ad408c714b1548035c615359af5a7ce8c0bd14a8
SHA512 a32c5ed72d4bfda60b2259e5982e42a79040225a4877246f3a645e05bfb8be395555fa22b2f0ed884f5fd82a8021bba85637727544c9adbb3a8c97b80e7a30f2

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_ssl.pyd

MD5 9ddb64354ef0b91c6999a4b244a0a011
SHA1 86a9dc5ea931638699eb6d8d03355ad7992d2fee
SHA256 e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab
SHA512 4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_socket.pyd

MD5 0f5e64e33f4d328ef11357635707d154
SHA1 8b6dcb4b9952b362f739a3f16ae96c44bea94a0e
SHA256 8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe
SHA512 4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_queue.pyd

MD5 52d0a6009d3de40f4fa6ec61db98c45c
SHA1 5083a2aff5bcce07c80409646347c63d2a87bd25
SHA256 007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75
SHA512 cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_multiprocessing.pyd

MD5 62733ce8ae95241bf9ca69f38c977923
SHA1 e5c3f4809e85b331cc8c5ba0ae76979f2dfddf85
SHA256 af84076b03a0eadec2b75d01f06bb3765b35d6f0639fb7c14378736d64e1acaa
SHA512 fdfbf5d74374f25ed5269cdbcdf8e643b31faa9c8205eac4c22671aa5debdce4052f1878f38e7fab43b85a44cb5665e750edce786caba172a2861a5eabfd8d49

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_lzma.pyd

MD5 0a94c9f3d7728cf96326db3ab3646d40
SHA1 8081df1dca4a8520604e134672c4be79eb202d14
SHA256 0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31
SHA512 6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_hashlib.pyd

MD5 d856a545a960bf2dca1e2d9be32e5369
SHA1 67a15ecf763cdc2c2aa458a521db8a48d816d91e
SHA256 cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3
SHA512 34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_decimal.pyd

MD5 6339fa92584252c3b24e4cce9d73ef50
SHA1 dccda9b641125b16e56c5b1530f3d04e302325cd
SHA256 4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96
SHA512 428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

C:\Users\Admin\AppData\Local\Temp\_MEI49522\_bz2.pyd

MD5 bbe89cf70b64f38c67b7bf23c0ea8a48
SHA1 44577016e9c7b463a79b966b67c3ecc868957470
SHA256 775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723
SHA512 3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

C:\Users\Admin\AppData\Local\Temp\_MEI49522\unicodedata.pyd

MD5 4c8af8a30813e9380f5f54309325d6b8
SHA1 169a80d8923fb28f89bc26ebf89ffe37f8545c88
SHA256 4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05
SHA512 ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

C:\Users\Admin\AppData\Local\Temp\_MEI49522\select.pyd

MD5 c119811a40667dca93dfe6faa418f47a
SHA1 113e792b7dcec4366fc273e80b1fc404c309074c
SHA256 8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7
SHA512 107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

C:\Users\Admin\AppData\Local\Temp\_MEI49522\pyexpat.pyd

MD5 43e5a1470c298ba773ac9fcf5d99e8f9
SHA1 06db03daf3194c9e492b2f406b38ed33a8c87ab3
SHA256 56984d43be27422d31d8ece87d0abda2c0662ea2ff22af755e49e3462a5f8b65
SHA512 a5a1ebb34091ea17c8f0e7748004558d13807fdc16529bc6f8f6c6a3a586ee997bf72333590dc451d78d9812ef8adfa7deabab6c614fce537f56fa38ce669cfc

C:\Users\Admin\AppData\Local\Temp\_MEI49522\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI49522\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-utility-l1-1-0.dll

MD5 e79464524fbc2c266da52d0a903d85d3
SHA1 6bad715617992277751a8ddfc180ba291ba75d59
SHA256 6c78d4aba91877c5bb33e545b6a69a818f377e07ff62e791b804fa5b4d2bcf02
SHA512 def71789e238ecd3b2d68dbd204acc62537ad39ce50a5bf09f320fc8cacc1b3f561822784d006ab2145eab5ab7be3f74c1c773fbe814efa040a1dbb3ffa6744e

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-time-l1-1-0.dll

MD5 ed44b4aac3c881a9bc524d15ae3f3944
SHA1 a87983d6c714aac9242bb60037864139863b1848
SHA256 f3e6f692cec86adb3985b929345c731469777aeaeb088e3ce070957df481f924
SHA512 25513c666f228365ce7e092782a92fb7eb144f6b3293f896b08317c36323006ba10f4133bbfdadd2576053c1d6ac0e28cc3ad5798b92eec34fc8fa36e8d83047

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-string-l1-1-0.dll

MD5 535d1195f493f7d92fe9007258494ebc
SHA1 1bf95ec546a6c1a8832d9002b7cd01265a1bbdad
SHA256 4429b8e6707645fb503ebc3bd50ce2a84f559b6a2ed778196835808bdfec2f48
SHA512 cd47f34032fc59a89dd286115db2cc2d1918f6ecc069fa37d2295126876fc5c931d6272892fb22db5eff1f810de818e64e6140617786a4d3fb153fd80c107468

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-stdio-l1-1-0.dll

MD5 a3f3ffcde3dd59cc94fb7dba16715671
SHA1 bbf272dab014d4cde1a57831a2daf4fde03b4884
SHA256 c1541ed4dc6879a136bf532393f7cefd3c48ad371d2ed9965e7cbd44c87a1137
SHA512 0e323b44b4ed7959c5f6409e565707e6e402382c950d2a0fc18d18f56ab588a49a260c99ecbda1bdb3778be131fb71b1b1158d852981e2e86d0b989b05496e02

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-runtime-l1-1-0.dll

MD5 01380df01b9e61fc241f82f8fb984c2d
SHA1 18f92390b292af0db8aaa7c7e6f6aa24463f9b84
SHA256 698fa887c5b994375c9271222e21d0d4c74810e73d377ad898927549fb69dcb3
SHA512 743d45fae759d8ff3ef862ffa70584696824b86991f262ddc897f6f469fbb4264cf7da3fe001f33c6305523753d37a7a64874c5010cc7fe63252c53cd96b06f0

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-process-l1-1-0.dll

MD5 437e85738168dd8a2894005b01451001
SHA1 49b20fdc8e6287e684af3877352408bfea71a624
SHA256 cfc12dd7c1deabf35c8e0fbe01248171c49555fe2d1bed72c5fdba2102090870
SHA512 025148a7278c06e20d00fb0287d0168d4c367bef21ea8334f746b094250e488711cdb5780f8e08ebf501784b151c4bbe8caca925f7b7268f3324dfd9f49e5612

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-math-l1-1-0.dll

MD5 0936c89e36a8bac313de187e50c61078
SHA1 7f0e64a66301e1926fa9acdc36ad728958ce6d78
SHA256 5ba8f9c2842990ccdb447fc6d22023103b03f5387f341d3375809f060b5bb4ef
SHA512 a72fcadc55d12c97770f1222bb3b605b7d58157f6f55814d900fe0f1b5ff8075f84914c7ac66d4b0e59ef41c01504a35c391bfb182e2e9019d152037ef4ec20f

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-locale-l1-1-0.dll

MD5 fb992bbb73e0127c70d075f81e52aaf9
SHA1 e9d326d436e2e55c521261ad9a5b73d2e998f644
SHA256 6011ece89f4833dcb4cefb02ea366b828725205eae6f25ab704b76fd9e5d86eb
SHA512 f568898a660c3850998b71a854fb5b8ffee59f02ebe7bc8c12ad9bc68f5472a0c812cf0a8ebc096fcc462e941a86a2a46619d4f03030e7ab69a0e4a9e7b1e0b6

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-heap-l1-1-0.dll

MD5 bacc491eb1dee4786ade841e7b480cd8
SHA1 84cb8f770cdf873415403edf48e625514aecad02
SHA256 43c80120970be1efed3ea60bf7aa37b46fcce946b94fb11ca6e3ffff2f16bb29
SHA512 7832912f38cd6ba145af57548c2a1d4da3bed9392a0ab3a0faffe18fab40087e1d74676e2af004627a37f7e079b9146dccf7aaa04e360a88443196fede4ccadc

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bbbf361746440219a3f7933ced5234bb
SHA1 1e3ededaa28e41f51e903c2ca66e7bd048fbaee7
SHA256 42a99227775e85ca8c197811a86aad0e2af496bd21623e4c9a2dd747571c8990
SHA512 f6681875bc02903676cd3ea3303920202c563a1a6e82dd687ed9bd0fafe92c9abba4a6df3e9c93f2bb0da9dccf0abb4543b6a5e5f0c92fa06e809b30b84085aa

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-environment-l1-1-0.dll

MD5 71407c52ff12b113cc0498fdd42db8dc
SHA1 f0c6a3c1308177b090b2a94fee90156e1df6bb9b
SHA256 5a2ae5b270c1eaf467878e7f5dbdc689b71914bdf30293d7d46c01d9dd11bdd4
SHA512 b9bb29d76a144c10b234835b6006637c84103abeb8f5db19991f3ab2baaabe3ea3fc1a87132263d097addd01afcad08e77c9834dccd4c6723b3ca204f50aac1e

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-convert-l1-1-0.dll

MD5 cf95a8f66313283f046ba9e6e5cdbba4
SHA1 b25c686fcc6729a88a8776cdb75ff21cbceb1c5d
SHA256 2ccb01b62188ddc051a582c128bf880608111c602534e487ec09a7cf67c22d17
SHA512 59f5901e513aceeeb819c73c5b9fe2504e80af28df54db19775d7c0e0481f14c21ce38e6db207672cc10facfdd217638829af2d3f0f85a0a413d10e3a81dae9c

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-crt-conio-l1-1-0.dll

MD5 a5daf7d2dd7d447196f5aa65c3b48755
SHA1 847c75d74be334298a8cdb414905cad66bbf0b49
SHA256 1368b9af85f186a2b35e2a744eb2103555234b32fdfbfdb94c0f5e525c588e46
SHA512 32b1463dee8cbc4ccb5296b22281e014f432887eec07773e41477ecebbd1fb85087ff6adc6b7ac68d5fee818f3289daceb2817881bdbe2838cc104d2166a9607

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-util-l1-1-0.dll

MD5 7fcf9a2588c1372d6104333a4cfc4603
SHA1 8c1ea131a30178c4f250d0cef254557fded0d132
SHA256 2e1cc12f93837a4e1fe95e0c640b147be29793705628f9c6cd91a0b5c0c50262
SHA512 2fb84dcedfeddbf41109dbadb59ede86ceeb168db08955dbf9395fab7a18941cc7313bcb47cb31cfd2978540e9beed346044e6c5b5defa61f59b9b78535e784b

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-timezone-l1-1-0.dll

MD5 ea5f768b9a1664884ae4ae62cec90678
SHA1 ae08e80431da7f4e8f1e5457c255cc360ef1cac0
SHA256 24f4530debf2161e0d0256f923b836aeccc3278a6ff2c9400e415600276b5a6d
SHA512 411db31e994ebbc69971972e45d6e51186d8f8790e8c67660b6a846e48a5a5c53a113916a5a15d14c33d8c88037d7f252135e699cb526c4bb3b5abd2e2dfee7c

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 6971c41c21eb35668520f0bb949b3742
SHA1 5de3a45c15afb7c2038dc7fc0d29275b7fb90a36
SHA256 3513cffa44c88ec13d6a8c9b63e5d505a131b46746d13ee654144f08a96f20c3
SHA512 dd9914f547d5c34efd0f2879ebffd2d3ec9daf7465dffb7644ae0f4bc05f9f75df8b49ca8d692a8de7a92854a1b44c81e6f1b15ee691bf1995a1da76d3c3b82a

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-synch-l1-2-0.dll

MD5 da5d400ade0d2288b17dcc11ed339e25
SHA1 f4a340079477a2c91e091968fe2d252cb01eeae2
SHA256 69dd52caffe1ea6e0900fb9604a57a87618f8468dc68cbb2a9bcefd1265f3f49
SHA512 3bfa3b4f93a0a68e1c0ac17c74c91c0a01b779961af4811756223fd1f47a86ce1f3ebd7ee4190a2edb84a50b1b444318965cad3a74d1ed4acfa014d0f5bbe34a

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-synch-l1-1-0.dll

MD5 6dbc816b9aef0f91b57bfc9a3ab18972
SHA1 e88cb7a5955630d29d24d2f05f540403ed9498e3
SHA256 a981a24c9231e0230031bb1cba8f2509565ece1f53ebdb4d0a50efd722ab4330
SHA512 bfb4cfc89eb8b1409a826e59699f2c3f4af765f114281bb30026dad02d2353ca95ec3b544f522833e657be4cf69b1070dc9bd3767b7a6014c2cbacba38c023e3

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-string-l1-1-0.dll

MD5 82fa7c54d034123805b57c96a5bced7f
SHA1 bbc6ebffbf21996f187345b7e28b9dfeca31829e
SHA256 9b071b842445a5dd90148445af148d024674085927d079864f7893807fd1b305
SHA512 715b2e794b2c2af5cdec22653d569ed33cf91bc092fae49449111cf7450385d1e5a1c713feac231bcedfa12fab7af57005c53f7721330400aef7c17dabddafff

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 d6fc6c9da69334221c5438f5c7444336
SHA1 ac385fee49c6a4f7ff918fa93ef3324e71943505
SHA256 bcb9a6dd2cc0caaa700d95fa3af5163a8246388c2efefbbc4cf6e1fe2687c72e
SHA512 646d23590974acf8ea523018b97d994df4d760500c5bbddc9d6bcbb5c0fc5665b82b40b49b7636050b83269aea4fa802b3be016a02403fe189cbe72fc1de0ed5

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-profile-l1-1-0.dll

MD5 7b746cda44a5773455c455690ba26a4f
SHA1 d6ff8a5ac6c71e0b037236fad32f9bbecfc68aec
SHA256 cc3c609193f2e99f80a6a21064d10c5c591101e386338879326775ccdd77dcb6
SHA512 25fd04facb3ddabbcb0265cd7a306d6c159ac6419a3e2ff4de7bb9fe41eb9a1e3afecea6558771b9e4b3f912227dda65021822fbe1ab52d7dcf6cd115bea84f3

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d399c926466f044f183faa723ba59120
SHA1 a9534b4910888d70eefba6fcc3376f2549cb4a05
SHA256 19b018be16afe143fb107ef1dd5b8e6c6cb45966806eb3d31ec09ff0dc2b70d1
SHA512 fc55f4cfe7c6c63e0720971d920c5c6ead4db74a671f7bb8dc830aa87cb54459a62e974456875bdfda449d82a0acb368e3b6c2cc20c32b1b407e8de7cc532057

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-processthreads-l1-1-0.dll

MD5 42e99c89e241f21bf2fb20f3ff477eba
SHA1 e3b0012cd6d74f0ac2bf0c34997a87333c895834
SHA256 6e5bd110a2f4dc345b68e9a8fb081783586c8c25f46027c58443ade2d3e1bf01
SHA512 8eed3b21695cccae0dbf2db844efa11ad4957cd7bcd6c8ab7cfd4f0653bbacfd6bedd82ac27c3995f6418ae38ed0b8d46afa0bdfc627c16619aab775c5f8da16

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 88916eed5164cb8884ebba842cd540cc
SHA1 f15674fbfef5b09cc02c924336554c17b715db00
SHA256 9c1afc7cd0b0e0d136d09b65dd082ace136fc306f8f116f3d13956211ec146c8
SHA512 2929c3ab67b364a7caf6c8fe1a42309917a0620f36c5d7194ca8a41ab7703a564ded32a4f9291a4f8fdd7d3a35383715fd8bef10ff603554b95519d109469617

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 f08cd348ac935ac60436ac4cb1836203
SHA1 fd0608e704677fd4733296c2577647057541f392
SHA256 e8382a73730c2f7f873b40e2fcc5e1cd4847e7cb42fef3c76bea183af5891d65
SHA512 595e08301a0cbfd4f943ea3555dbce27d37b16c340b6972b054097b889285bbf942cc0314797a714a2e393956075c5dd95a5d2c2d4bde143b5f5387793e7a8de

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-memory-l1-1-0.dll

MD5 e56f2d05d147add31d6f89bcd1f008ca
SHA1 dde258c7b42b17363bca53b5554a5e13ea056f80
SHA256 8a4b66cea7b474506fbdbe4c45e78923645f5f0a13f7f4e43449649f50ea38b8
SHA512 9fd1afd32fda24a92af4bb24661f7cf791cc6686b65f13dae97c56a1e83b25f0f2710c77167e6a9a491001877a0712c9a011833bb6026e08ae536744f0b40905

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-localization-l1-2-0.dll

MD5 9d8e7a90dd0d54b7ccde435b977ee46d
SHA1 15cd12089c63f4147648856b16193cf014e6764f
SHA256 dc570708327c4c8419d4cced2a162d7ca112a168301134dd1fb5e2040eee45b6
SHA512 339fe195602355bce26a2526613a212271e7f8c7518d591b9e3c795c154d93b29b8c524b2c3678c799d0ea0101eabea918564e49def0b915af0619e975f1c34b

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 7b828554daa24f54275b81dfa54e0c62
SHA1 03fa109c21c0dc2e847117de133a68c6cd891555
SHA256 929298566ba01d1c3e64356a1f8370c1e97f0599f56f823c508cde9ae17f130b
SHA512 1f4f030d4a1cd3f98ba628dee873978b3797a4a7db66615fc484270a2b3fa68f231d9d12142840cfb52d7592c1ae7af6e35ae7a410878774a9fb199d7a647985

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-heap-l1-1-0.dll

MD5 f2c267153db0182cca23038fc1cbf16a
SHA1 10d701ab952cacbf802615b0b458bc4d1a629042
SHA256 dd1e8c77002685629c5cd569ee17f9aa2bcb2e59d41b76ae5bc751cae26d75bf
SHA512 84f3c587be5a91752eeffd4f8e5ded74877930515fd9f4d48021b0f22a32feb3a4ddb9a0f14748e817f8c648bd307942ec026fc67eea922247499b5f412b4914

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-handle-l1-1-0.dll

MD5 f90e3b45c7942e3e30ecf1505253b289
SHA1 83beec2358de70268bc2e26ed0a1290aaef93f94
SHA256 7e45a1b997331f4d038f847f205904d6ec703df7a8c5c660435697e318ced8fc
SHA512 676450eb70a5ceae1820a978412ef3df746f14790322122b2de3e18ef013802c27867ad315950fc9b711e66f36628b062e57a7ec44d1ddc06f443655383cdc14

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-file-l2-1-0.dll

MD5 4c9bf992ae40c7460a029b1046a7fb5e
SHA1 79e13947af1d603c964cce3b225306cadff4058b
SHA256 18655793b4d489f769327e3c8710aced6b763c7873b6a8dc5ae6f28d228647f4
SHA512 c36d455ac79a73758f6090977c204764a88e929e8eaa7ce27a9c9920451c014e84ae98beb447e8345a8fa186b8c668b076c0ed27047a0e23ad2eeaf2cbc3a8d8

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-file-l1-2-0.dll

MD5 b59d773b0848785a76baba82d3f775fa
SHA1 1b8dcd7f0e2ab0ba9ba302aa4e9c4bfa8da74a82
SHA256 0dc1f695befddb8ee52a308801410f2f1d115fc70668131075c2dbcfa0b6f9a0
SHA512 cbd52ed8a7471187d74367aa03bf097d9eac3e0d6dc64baf835744a09da0b050537ea6092dcb8b1e0365427e7f27315be2145c6f853ef936755ad07ef17d4a26

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-file-l1-1-0.dll

MD5 e933cdd91fd5725873f57532f262f815
SHA1 e48f6f301a03beb5e57a0727a09e7c28a68e19f3
SHA256 120c3afed9ce2a981c61208757fca0665f43926751ec8d0d13e10ef1096a0d48
SHA512 d1c598f964a98a30c6a4926f6b19f8213884224861c36aba839f5a91acefaa8c0e8b3d7cd555103885520432a343b489044e4ad3a1c33d77cf3fda4493eb48fb

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-fibers-l1-1-0.dll

MD5 ee3f0d24e7e32e661ac407c60b84b7db
SHA1 09107fb9ace59a1ac3a8b8dbb4ff00b91182929b
SHA256 c86ebc9f48e2db659e80d9c7ad5f29e6b6c850eea58813c041baeff496ae4f18
SHA512 c3fbba7fad4fe03a3a763ad86681655f1bb04d6dd9f64c0083aaa0262ce18f82970365532337825d44ec92b3d79b3212817b25f188537a3771807ad17e7f8d05

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-debug-l1-1-0.dll

MD5 a998282826d6091984d7d5f0bf476a31
SHA1 b958281ad7b861e0adcbeb0033932057082ae4fc
SHA256 263e038363527b7bed05110f37f7e5b95f82aab9c0280c9c522cf7bfce10fd7d
SHA512 ba46b6e7649cded62e9c097c29d42a8ea3da52109d285b8ed7aaea9a93c203efcfd856d25cee9bd825c0835b37a1d7a37a8ae55e0e10dc237f0da7013056cf5d

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-datetime-l1-1-0.dll

MD5 b71c18f8966cead654800ff402c6520f
SHA1 a6f658ea85ad754cf571f7b67f3360d5417f94bd
SHA256 a94b80a5111aabefb1309609abdd300bb626d861cd8e0938b9735ab711a43c22
SHA512 17867aaa57542c1cd989ca3000f3d93bbb959eb5a69100c70c694bde10db8f8422d3e86e1a5fc0848677e4343c424013cdf496b8bb685f8875c3330271242369

C:\Users\Admin\AppData\Local\Temp\_MEI49522\api-ms-win-core-console-l1-1-0.dll

MD5 39852d24acf76cf0b3a427f46663efdf
SHA1 92b9730c276c6f2a46e583fc815374c823e6098b
SHA256 191e08dea0ad5ac02e7e84669d9fffa5aa67dc696e36077c5fa20d81c80b6a56
SHA512 e6f0898871b769244818d93117fe3cb82cc8f12bb24d6b3406ffcaa2a26f0b5754246b5c739e9cbcf07cb94aabba2fd934e7054607b4086b2f4c5592607e8385

C:\Users\Admin\AppData\Local\Temp\_MEI49522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

memory/7036-132-0x00007FF9C5590000-0x00007FF9C55FB000-memory.dmp

memory/9856-138-0x0000022AE1800000-0x0000022AE1900000-memory.dmp

memory/9856-136-0x0000022AE1800000-0x0000022AE1900000-memory.dmp

memory/9856-163-0x00000232E4AF0000-0x00000232E4B10000-memory.dmp

memory/9856-152-0x00000232E43E0000-0x00000232E4400000-memory.dmp

memory/9856-141-0x00000232E4720000-0x00000232E4740000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

MD5 fb5f8866e1f4c9c1c7f4d377934ff4b2
SHA1 d0a329e387fb7bcba205364938417a67dbb4118a
SHA256 1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170
SHA512 0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c