Malware Analysis Report

2024-11-15 07:46

Sample ID 240619-qrrhwswbnm
Target https://github.com/Wolfmyths/Myth-Mod-Manager/releases/download/1.5.2/Myth-Mod-Manager.zip
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://github.com/Wolfmyths/Myth-Mod-Manager/releases/download/1.5.2/Myth-Mod-Manager.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Detects Pyinstaller

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 13:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 13:29

Reported

2024-06-19 13:32

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Wolfmyths/Myth-Mod-Manager/releases/download/1.5.2/Myth-Mod-Manager.zip

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Wolfmyths/Myth-Mod-Manager/releases/download/1.5.2/Myth-Mod-Manager.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3860,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3872,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5144,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5320,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5416,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=4296,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5908,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=6624,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=5840,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5180,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Myth-Mod-Manager\" -ad -an -ai#7zMap27431:94:7zEvent15158

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5740,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8

C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe

"C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe"

C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe

"C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.21.189.233:443 www.microsoft.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 dl-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.72:443 www.bing.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\Downloads\Myth-Mod-Manager\Myth Mod Manager\Myth Mod Manager.exe

MD5 214730d2d6b9bf7867342bd9d4a5eb69
SHA1 4a9130011e127e25c58c1dbb5887a3e14840379d
SHA256 662d84d1d1ddbcd070339fd5814cc7a98135ea62566ec3af3f133aac6129146f
SHA512 1307935c402de01d596d92c80704d105a941abd29e7cc95ac87b60c77d1e01d5311813096f897de3b0e00f3103a10338de440c6625801568f118e686899826ba

C:\Users\Admin\AppData\Local\Temp\_MEI24442\ucrtbase.dll

MD5 637c17ad8bccc838b0cf83ffb8e2c7fd
SHA1 b2dd2890668e589badb2ba61a27c1da503d73c39
SHA256 be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed
SHA512 f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

C:\Users\Admin\AppData\Local\Temp\_MEI24442\python311.dll

MD5 387bb2c1e40bde1517f06b46313766be
SHA1 601f83ef61c7699652dec17edd5a45d6c20786c4
SHA256 0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364
SHA512 521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

C:\Users\Admin\AppData\Local\Temp\_MEI24442\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI24442\python3.dll

MD5 7e07c63636a01df77cd31cfca9a5c745
SHA1 593765bc1729fdca66dd45bbb6ea9fcd882f42a6
SHA256 db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6
SHA512 8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729

C:\Users\Admin\AppData\Local\Temp\_MEI24442\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI24442\_elementtree.pyd

MD5 e31fd445c65aec18c32a99828732264a
SHA1 1e7e9505954b8143faeee6ce0b459712f73018b1
SHA256 02e30b6a2bee5be5336e40a9c89575603051bde86f9c9cdc78b7fa7d9b7bd1f0
SHA512 20802cae1b75f28a83e76b529caf16c8d00bc050e66f6d8665c4238c4579e391c78f121dccb369f64511fdf892619720f8c626a39a28c9aa44f2bff7472cf0f9

C:\Users\Admin\AppData\Local\Temp\_MEI24442\_decimal.pyd

MD5 c88282908ba54510eda3887c488198eb
SHA1 94ed1b44f99642b689f5f3824d2e490252936899
SHA256 980a63f2b39cf16910f44384398e25f24482346a482addb00de42555b17d4278
SHA512 312b081a90a275465787a539e48412d07f1a4c32bab0f3aa024e6e3fe534ac9c07595238d51dc4d6f13c8d03c2441f788dff9fe3d7ca2aad3940609501d273bd

C:\Users\Admin\AppData\Local\Temp\_MEI24442\_bz2.pyd

MD5 aa1083bde6d21cabfc630a18f51b1926
SHA1 e40e61dba19301817a48fd66ceeaade79a934389
SHA256 00b8ca9a338d2b47285c9e56d6d893db2a999b47216756f18439997fb80a56e3
SHA512 2df0d07065170fee50e0cd6208b0cc7baa3a295813f4ad02bec5315aa2a14b7345da4cdf7cac893da2c7fc21b201062271f655a85ceb51940f0acb99bb6a1d4c

C:\Users\Admin\AppData\Local\Temp\_MEI24442\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI24442\unicodedata.pyd

MD5 fd9132f966ee6d214e0076bf0492fb30
SHA1 89b95957f002bf382435d015e26962a42032cb97
SHA256 37c68617fa02a2cadced17ef724e2d450ef12a8a37215da789a4679fde1c5c02
SHA512 e35729abc45e5561aae1fb9e0e7c711dd7d3c1491520aa5c44fcc50c955f549f81d90897959327e930d02a5356afe08d6195adf002c87801a7a11235670639b5

C:\Users\Admin\AppData\Local\Temp\_MEI24442\select.pyd

MD5 e4ab524f78a4cf31099b43b35d2faec3
SHA1 a9702669ef49b3a043ca5550383826d075167291
SHA256 bae0974390945520eb99ab32486c6a964691f8f4a028ac408d98fa8fb0db7d90
SHA512 5fccfb3523c87ad5ab2cde4b9c104649c613388bc35b6561517ae573d3324f9191dd53c0f118b9808ba2907440cbc92aecfc77d0512ef81534e970118294cdee

C:\Users\Admin\AppData\Local\Temp\_MEI24442\pyexpat.pyd

MD5 79561bc9f70383f8ae073802a321adfb
SHA1 5f378f47888e5092598c20c56827419d9f480fa7
SHA256 c7c7564f7f874fb660a46384980a2cf28bc3e245ca83628a197ccf861eab5560
SHA512 476c839f544b730c5b133e2ae08112144cac07b6dfb8332535058f5cbf54ce7ed4a72efb38e6d56007ae755694b05e81e247d0a10210c993376484a057f2217c

C:\Users\Admin\AppData\Local\Temp\_MEI24442\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI24442\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-utility-l1-1-0.dll

MD5 3138b144c99759b77dbd488dc91134ae
SHA1 664718852f84ad49623ffd401fac7959eda57704
SHA256 3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835
SHA512 4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-time-l1-1-0.dll

MD5 7e767ac571d63bcaeb64e243b2600b8d
SHA1 995ce687f655ff937fdf80c1ac7bae043e23e45a
SHA256 c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab
SHA512 10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-string-l1-1-0.dll

MD5 017cd4317c9ff229fe723b4cef459e06
SHA1 d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75
SHA256 9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf
SHA512 513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-stdio-l1-1-0.dll

MD5 7f21f2ae857b6ed53ba086feca60e4d9
SHA1 abf957cf28b85c48a86ae255c36a978b4f1e0744
SHA256 479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2
SHA512 1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-runtime-l1-1-0.dll

MD5 9206d6bb749266ac31da559029003fbb
SHA1 496d3051b66d93951253686b73023b64350b521b
SHA256 19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814
SHA512 cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-process-l1-1-0.dll

MD5 e9208bf204cc2f705533328fa24f3a8b
SHA1 d2d6549d7a85dfb4d5877c59f3ba110985a202c9
SHA256 c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86
SHA512 fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-math-l1-1-0.dll

MD5 0d517e23b98b6e465214a25b0e73a49b
SHA1 8900d523d919a42ef4750eee7ce87cfb835fa455
SHA256 90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a
SHA512 d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-locale-l1-1-0.dll

MD5 ed7e63157d241abb713998265b3987d1
SHA1 00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f
SHA256 3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657
SHA512 3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-heap-l1-1-0.dll

MD5 dd79fe03815d8d96a70955257b85d025
SHA1 d98f5a2d2d52fc361064427fdecffbe1620b1d68
SHA256 505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638
SHA512 3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 442a686b00c22cc9affcecb15a569267
SHA1 10f02b15493737d30aacebad19ecadb8bab81817
SHA256 cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05
SHA512 3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-environment-l1-1-0.dll

MD5 0ed33abfad3cedf07f538e2152443683
SHA1 78eed147eb33efd14f03d8e2fbe0ec0f41ae4056
SHA256 f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a
SHA512 42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-convert-l1-1-0.dll

MD5 d360a829d5376ff0961f62bbe5ac9e06
SHA1 7965077b47bf9949570656df5160f55d27eed1a4
SHA256 6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe
SHA512 aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-crt-conio-l1-1-0.dll

MD5 218334da1ed369d2b694d3dff42da6ce
SHA1 afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a
SHA256 b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff
SHA512 9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-util-l1-1-0.dll

MD5 fa11fa74380735a5b8d4b309de4854be
SHA1 328959db39043cf7591cb18faec351957695f788
SHA256 167e6e08e570e1ce34854781463c218bf14124a4112216b5f93d38d3c204e62a
SHA512 a82f457868374c92322f7508f2ed98504e62b670621ba17ad636044a8198f5be56be46b25426bec1b85dd79b3de7c2a00bec33bd9246bc136a208a6d6e5f335f

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-timezone-l1-1-0.dll

MD5 59f3aeb2eda80ffc000b99f27ec99d14
SHA1 2961c514b480424b3512d424dcd7d295477b243a
SHA256 e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab
SHA512 ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c7368f2e472ca3e428ce9793d69fa3cd
SHA1 8064438a9d36f6b4bae2931ffaacb512c9e52e82
SHA256 c5a070567d238a43818fcabe6f0a99c470f03ec54042b3c95e91a548be20bf38
SHA512 0303c632b61b2b51950a45df7c0de6c215e950f7845dde6b58cb0f6a9af2b74cc77d49bcf79615e9a4a15ee2b2a4fa43a4a3a0adb2005b89ab16ab00e3717e72

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-synch-l1-2-0.dll

MD5 c64289ca3db488fd15f25a8762221633
SHA1 b61c550bbe975b3841d8f201a967c8c227512ce4
SHA256 726155c1d1e1f1778bca4d3952f54ab50035b65750d69e3bdf73cf9c52213c22
SHA512 81f7866185b3a7971ef4cf7c98dc6326c17191c36df753b57174c6766fe0b4a49d7ab7954f08d472d0bc9dcbb3329b6309475ec092cf4a174f0b8958847aaf3c

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-synch-l1-1-0.dll

MD5 de86a7505497ecf1be8c7aa6e8b1cb8d
SHA1 66220266ccf36a03b36f57b1f63f2e446349fbbd
SHA256 493072a7a15b11c5382394e98fa0007004f90aa533373e64f109273808d5251c
SHA512 07e323ad892304e4052fc46f2384c94dab4bb462ac9a5a2a7b6f8a411d98639324bd06146338d66cb295e4afd30942b5bd138bcb225496774b920d51572117dc

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-string-l1-1-0.dll

MD5 d5cc0ab1fe05976d71ae09911cef5a67
SHA1 16c7af053e6b6d128a5d9c14479b398537e1e1b0
SHA256 689c682fc9030ce9e228c8dea5fc981956bf78229ee8f30c5f63b2b9df813766
SHA512 843634364539a861eb38c5516c8c18ee00173cff5f24ad567a17430b1b53132db06a4ccd18f041972b11956a85dbdefc18ad11c9a9b3a2954e2c93113099877b

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 d3167bbc7d02d30bf9e5d60abd7bb05f
SHA1 33a5e59103d2049140f35945b377e6ee07e06b64
SHA256 2c2851d20158b0023eda056c477a57853b6d648053d4d57cad49e5ed574843b4
SHA512 243c55b57eab36bb468a187a973e1cbbc430ad29f5ed627d3f127817885704df57a3e9865b5e28c3811bada14e1942e5293b4ff8b382ea2ba242aec82c6c51c4

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-profile-l1-1-0.dll

MD5 d3291c9be1092f7d29018e7e45eb41c8
SHA1 8140fa723f59675ea8292b273edbc8892cb4b5bb
SHA256 edf1d0a1c9175c0392be3f15a6ed0be753b6df2b303876117becf47563db6f7f
SHA512 bc4626df89df4aad7e2524bf515934ab3b8bd7bba50853b8c6faec65967222feadce56a2f333758cea1b7b3a93eddde2865feab453c5f3bb9bdcc5a0cd3105f5

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-processthreads-l1-1-1.dll

MD5 81a255549e9b3467276810f94a67512d
SHA1 c3bf694f5d030d5a29ebb9ae70010be4571cec17
SHA256 8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2
SHA512 05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-processthreads-l1-1-0.dll

MD5 4039d2c04c32fa423cc6ce766f0532d9
SHA1 a8d0cac1bcfdc94289b2073c2a14422d929df62f
SHA256 979c28aab88b3a45eed546e2a857e1e9eb41cb035d78446ee668feb918227238
SHA512 c1a0f9920ce28d4a15e5543458f68cc64125dd1b24e7c9caad3eed2b13b8c903ca9f76c0ab82f5a688843626150d321c4353fab81697eae604acbfb920b464e5

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 cb39b789091823bbe8ea7c9a84343dcb
SHA1 4d0f56a3833abb4a52e9af6d8631ea443a407b3e
SHA256 3f5a60c6772417f286c89cc45fe97eeae69d1705fa65445230b71b53a0a1eee8
SHA512 23d393de9f9d7092f7eb79dd4aa45bca386b454caa9e91d1f09699a79b3382adc0a7b7d972fb9dc41e1e082adde8640edcef7cf444f50e4f14df93b89c823ecf

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83d560d0c8844cd047ea818414ee43ab
SHA1 11fd30a76f3e0a0af294a4da15890a55a0de3528
SHA256 93d08d10dc60968fe6df4257ad79911045aabce0d6babd9d0714abb104ac1309
SHA512 06a293264dca9bf12309fbc56c3d5a0f62c3bc7a04986e55c8553b778c491d78f27f9bfbd22ad2ee6317bc985b41066db6e9cbc25b93d5137ae5da012afb55c2

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-memory-l1-1-0.dll

MD5 a241d82577b25ed4aa54ab02da7d82c9
SHA1 6cbc888c22a104109af2f084678b15576edbe465
SHA256 1b72a9b95e7d62c923f6b791c4251b63e6331660caf0f44385e6eb1901a9933e
SHA512 e51c246b80b56ea3912e849e18dbe7ff40a4a3e189475c96c570e71e05acdf89e97ffc533810a65172fc05f742b39ee9ef90e3fa0e4c9488f839c4c82fbc8560

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-localization-l1-2-0.dll

MD5 2395f675152f25bdc501c1b698b3f70a
SHA1 829eb4dee9604330072c124b9bddf4a4e96a7c98
SHA256 4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563
SHA512 7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 06ec6d562b0609529e615e795f093512
SHA1 db7c78e4b3f8a0eb4b392c9eef5774a571719f15
SHA256 b120d94a585170f84230d2a6826e3f02d0eb7bde37f965c1fdaf2ba52c5d82bc
SHA512 10773d831d4096130305ee10d611fb28caec213dfe5dd109115c86f7c26df34d7daaea0e6b2eb9eac8f4d59421485e90d6e722c78a55132c25d7b3c7c7222ef5

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f438ac3307c0de580adf6fb3d4ef57f8
SHA1 5d10ea60e004e583940a082b9157e801aa3c4674
SHA256 03ccd250ed3ef09013114094068dd08c96f0763778e94523e020241f7b16312b
SHA512 c323aae5bb8ce58f92fb8beceb5c60f1bec12f5aaac0c1a435e38de9a10226bdb92808bb2f4e7bf069aec435cb4aade6182d541de2174b8007f8a69a8aa0d264

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-heap-l1-1-0.dll

MD5 df603cd6cb0fe53fd77c065f2766b5e8
SHA1 0698b7b97a6f5174cdca0849bec001127f9f0b16
SHA256 e488e688b75b9f95451ad9c65586783e37c32b9952cb48286572c90b150ebbdd
SHA512 929f4868015306e5b84a1e2f341c12a792fe98d82cbcfabbbe79f932f80d81b98f1b6543da7d23e9153a68b00a3768fa9cd112382092104bd4810e3071723933

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-handle-l1-1-0.dll

MD5 7141a2a1640ac67e686778130ad8dd7d
SHA1 8f4ba743bc5df04b3075535507983cede7ed249d
SHA256 4a2265e71cd5c9b85f5c705755c23323c1c33aecd9ff72b6ba1b425b8170cf08
SHA512 6906bcdf8474e1fc9f69457cbae6635b18ddda69e3e42ac3b2eaa26aadd717e11b4fcd14e6ed6b5c4e318705c203498d77af8717becf94fd159075093f431440

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-file-l2-1-0.dll

MD5 621a34a36c202e4c4e59a6077c22cb5e
SHA1 ec696fd4e8e5935a722e88a551593593a12e882e
SHA256 746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079
SHA512 04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-file-l1-2-0.dll

MD5 fa6953700659b11c2d82fb521d2e8664
SHA1 07c7d14fdfd1686a424820f77733d1d4f3c75e31
SHA256 4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e
SHA512 1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-file-l1-1-0.dll

MD5 8b03d7c248a3b8d5a3ad1029af37c889
SHA1 868a0dde330fdcbf6d0d23900f2c65720ddf9a90
SHA256 4358b538205e9637e8ded05e8490dc0b673e0f756803da451e933411b0e0cb9e
SHA512 76d7e1ea0762a51cd5597e06e98dbd6af17124af57d1729e71ac994ffe7bbbf8be02e57dde31f76a5ea5e7194cceb24185d14fe378780dd1f1afd228fc012d9a

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 da9189023a6b7872de881052f3b990f9
SHA1 55bcebcfd6805ee5bdad78a425ac5e123ab7e807
SHA256 f38193429c05622df65bfa1428895197b851d981875737c55f1cfe04a88664ef
SHA512 b9d60a5588d835fd7eea7b9bec6564377505b53169db281bf80fc994657e5a3dc506d58fdcdec5b6f79346fd7c172546b59315d276fa691d2b7b495ecc23c2e2

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-debug-l1-1-0.dll

MD5 9936abac26b97057e61a5a8346bc26c9
SHA1 16f37a510ecc2a9119e99797e99c4d2468eb39f6
SHA256 d4de4b05b001028456087425ff66044b62bfda3076bff084f9be7843f517c584
SHA512 7404c4a2f884c952a9d0bca9dde757d05db9a74892823d239e70afa40360220896e22853dad19f6d3e8a130ef6a936ded1d53af99d0afd7fd23babd2e0b0842a

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-datetime-l1-1-0.dll

MD5 faecbfdacc6dc01b0455ea7b4576de99
SHA1 62fe4962a5900ffb94a05e6577dc5d63d90b3000
SHA256 2b2ed0fe1be4713b33d150828ec0813fd4ecdcac8021a39e37fd8fe64bd21157
SHA512 68dca96b1cf711e5fa283c355183a3f8f2db84081f07fd534d36dc68b4ea6e32e58b9be38fd51d743212d2d698ae656474b30c85a86321d58d1c0947911602e6

C:\Users\Admin\AppData\Local\Temp\_MEI24442\api-ms-win-core-console-l1-1-0.dll

MD5 feb41d426bf3cdfcc7d21464c26aed53
SHA1 97a56392ec04e202d59978dc6670d5e76a2be6c1
SHA256 299bf8705f61598548975e0b122debedf5dc928fc874801d8988d64b7d623da1
SHA512 2b962112bad1a754e2cbd3f3f29538dcf1132fa59e298bfa18d1b706d967735e02c524c3a993a2040a9ae94e387ede394c7f67d348e50e0ef40815ce67630866

C:\Users\Admin\AppData\Local\Temp\_MEI24442\_ctypes.pyd

MD5 565d011ce1cee4d48e722c7421300090
SHA1 9dc300e04e5e0075de4c0205be2e8aae2064ae19
SHA256 c148292328f0aab7863af82f54f613961e7cb95b7215f7a81cafaf45bd4c42b7
SHA512 5af370884b5f82903fd93b566791a22e5b0cded7f743e6524880ea0c41ee73037b71df0be9f07d3224c733b076bec3be756e7e77f9e7ed5c2dd9505f35b0e4f5

C:\Users\Admin\AppData\Local\Temp\_MEI24442\base_library.zip

MD5 4b011f052728ae5007f9ec4e97a4f625
SHA1 9d940561f08104618ec9e901a9cd0cd13e8b355d
SHA256 c88cd8549debc046a980b0be3bf27956ae72dcdcf1a448e55892194752c570e6
SHA512 be405d80d78a188a563086809c372c44bcd1ccab5a472d50714f559559795a1df49437c1712e15eb0403917c7f6cfaf872d6bb0c8e4dd67a512c2c4a5ae93055

memory/3424-275-0x00007FFC7CEF0000-0x00007FFC7D516000-memory.dmp

memory/3424-276-0x00007FFC7BA20000-0x00007FFC7C04B000-memory.dmp

memory/3424-278-0x00007FFC7D5D0000-0x00007FFC7D969000-memory.dmp

memory/3424-277-0x00007FFC7B5E0000-0x00007FFC7BA20000-memory.dmp

memory/328-396-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-398-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-397-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-408-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-407-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-406-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-405-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-404-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-403-0x000002788D0A0000-0x000002788D0A1000-memory.dmp

memory/328-402-0x000002788D0A0000-0x000002788D0A1000-memory.dmp