Malware Analysis Report

2024-11-30 13:00

Sample ID 240812-s56abaxfnm
Target Smooth - Software.exe
SHA256 519ad11288a07081daec0243750492d5b4333ebbd772b5ac5123d487e8aff031
Tags
pyinstaller pysilon discovery upx evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

519ad11288a07081daec0243750492d5b4333ebbd772b5ac5123d487e8aff031

Threat Level: Known bad

The file Smooth - Software.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon discovery upx evasion execution persistence

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Loads dropped DLL

UPX packed file

Adds Run key to start application

Unsigned PE

Detects Pyinstaller

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

NTFS ADS

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-12 15:43

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-12 15:43

Reported

2024-08-12 15:48

Platform

win7-20240704-en

Max time kernel

55s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe
PID 2108 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe
PID 2108 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe
PID 1548 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 3060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 2560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 2560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 2560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1548 wrote to memory of 1880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60a9758,0x7fef60a9768,0x7fef60a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1888 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1296 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1132 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb37688,0x13fb37698,0x13fb376a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3884 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=580 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1736 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2896 --field-trial-handle=1268,i,14997925316501192891,10266510785340211369,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.0.1927058336\1980328641" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1160 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28ae5066-da92-47aa-82b6-adefc377eaa1} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 1300 10aefa58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.1.1861913936\109398763" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c6fc8f7-3afb-43df-8731-abbd20fd87a1} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 1540 d70c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.2.432363232\1738713017" -childID 1 -isForBrowser -prefsHandle 2188 -prefMapHandle 2204 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a886c821-c28b-4413-8c84-2b628127d22b} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 2180 10a64658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.3.1023389695\367065908" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b5e02b1-e5a5-41ee-9001-23dead2e0027} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 2836 d66b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.4.778981266\386858285" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9dbe11-c538-4419-9dc1-f04b3c180527} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 2972 1bb75758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.5.1894400301\1577987923" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3828 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d9e8da8-aba5-4251-8595-684fd7d30d7b} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 3808 1d721358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.6.1351930709\817025001" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3808 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc71b26a-3d31-4562-a4cd-e1b45bec8b88} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 3924 1e607858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.7.833930666\1335849249" -childID 6 -isForBrowser -prefsHandle 4116 -prefMapHandle 4120 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43481f87-6e2f-4b2c-9f5d-51b7322fbea9} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 4108 1e609c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.8.84718627\1810183882" -childID 7 -isForBrowser -prefsHandle 4408 -prefMapHandle 4404 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b4449e3-89c3-419f-bbc6-92e424e8d765} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 4420 2225fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.9.980857186\1920506173" -childID 8 -isForBrowser -prefsHandle 1904 -prefMapHandle 4372 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0d7785-7f13-4685-afd5-c20af0c2aa4d} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 2460 21fe8858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3060.10.1240744604\1248480" -childID 9 -isForBrowser -prefsHandle 8584 -prefMapHandle 8588 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f7259b4-ac25-4c85-af31-0b1fd253dcf5} 3060 "\\.\pipe\gecko-crash-server-pipe.3060" 8572 223fac58 tab

C:\Users\Admin\Downloads\python-3.12.5-amd64.exe

"C:\Users\Admin\Downloads\python-3.12.5-amd64.exe"

C:\Windows\Temp\{24FB0179-109E-45C3-A07C-05D489F11081}\.cr\python-3.12.5-amd64.exe

"C:\Windows\Temp\{24FB0179-109E-45C3-A07C-05D489F11081}\.cr\python-3.12.5-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.5-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 172.217.168.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ac.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 www.python.org udp
GB 146.75.72.223:443 www.python.org tcp
US 8.8.8.8:53 dualstack.python.map.fastly.net udp
US 8.8.8.8:53 dualstack.python.map.fastly.net udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 media.ethicalads.io udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 8.8.8.8:53 media.ethicalads.io udp
US 104.26.4.62:443 media.ethicalads.io tcp
NL 142.250.179.202:443 ajax.googleapis.com tcp
NL 142.250.179.202:443 ajax.googleapis.com tcp
NL 142.250.179.202:443 ajax.googleapis.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 3.5.128.140:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.128.140:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 8.8.8.8:53 media.ethicalads.io udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 8.8.8.8:53 plausible.io udp
US 3.5.128.140:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.128.140:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.128.140:443 s3.dualstack.us-east-2.amazonaws.com tcp
GB 143.244.38.136:9443 plausible.io udp
NL 142.250.179.202:443 ajax.googleapis.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 8.8.8.8:53 2p66nmmycsj3.statuspage.io udp
DE 3.160.39.4:443 2p66nmmycsj3.statuspage.io tcp
US 8.8.8.8:53 elb-status-us.statuspage.io udp
US 8.8.8.8:53 elb-status-us.statuspage.io udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
NL 142.251.39.104:443 ssl.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21082\python311.dll

MD5 ffd85743633296368dcc81c9ff0e8554
SHA1 ccf28c70bbf853dbd6cd258f59836f25774f1c34
SHA256 286483910be593ce685c0377463aa3250528fa22a08e1d38e831659ed81f12c1
SHA512 65b9baaf31abd0a71571c6567290fea86b986c6dba2f747cd24158226ef4a32af37ccf4ea461658c5822fda9de1525d8f4e19ed473c349c6d2db664d8d4c2b07

memory/2708-1261-0x000007FEF6430000-0x000007FEF6A19000-memory.dmp

\??\pipe\crashpad_1548_JGSQGJDLHFZFNZJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dd63d8202460a9eb8877eb7fe9ef5b3
SHA1 26d41b4b495e357f11732e5f350d09c9342d1eb5
SHA256 2bf9d7fac7337549f9c51c18024fa2295354ff60b737f9c50eed0f39a47404d6
SHA512 a8c265497832ca92ff1a5dab72f9dffdc87b525cab2037612cf7e0a8e059e26f4255cabeb73875329dc672012a3f51c4ea79b3d9b8dd9b7c70690c1d54af2190

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7b2c6b935f5ee5e45eebde4fd40694be
SHA1 b5a529791e597fee67d556d763d572170c334f6c
SHA256 dfa73d196b0716ae6e733af24e0833f69795d341b54cc75e54c4eb05f6cb5939
SHA512 8a73b8dfc2c2b167e843e2549fbc5a2157a373c20c46c354ae6852b2debf59b402e85208c4485256862de1b0500b039c60da2997599e851fdf343980c89acbae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3145bef61b63a0703f25c728fb6a0c3b
SHA1 68f2785a1d533573c41f90df313c0d418bb86085
SHA256 9b5b90a54ee25da28014c8aec23dc33cfe20b7f29afb3cc006c617ae7e0d4d56
SHA512 fd0ed2c577106f4fbb512197734fa2336beed0201c6b6ad88c2c65d7a96baabba91e10e2c350e44aba2b6c6e1a771af210d8faa9ab849ee54ce5047603c2ff67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b079ac8b308f2c6d1f2c4723d1d4f9c4
SHA1 ca08c7960529685a1c726cf28366a7c4a7a90fee
SHA256 14890eaa629f77da2462711674174f6ba5170d17485d0477178ec21f88fc7a18
SHA512 f40b709cb0604911f1188ff2300322fb40029edca5f8654aebcc6871acab8eb6f8cfdb19f3bcffbfa32b77fccf1eb01e815ab19b793845499e580cc9556f74f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5c11b804b265e8769b38fbc693cfba1
SHA1 5fd7852b6316bd9f6e5e1c1c9afb62df57003190
SHA256 0ee59a9aac935b51f0fd27a672ed2a4e8893a675a4256b38c84787eba8f63ce8
SHA512 3f54845cfc4fcd179cb3bda346fff7a5ccd39fb6fb72c93243ed16288ca1f09847676f76f3db3b2703c935ebbcbb4b26ec5cfe063aa50e667857a97181265dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60c3cfb379838115832ed1e9b27cbbfe
SHA1 b2d15feebbd38794ed68bf3156b817d91cbbff06
SHA256 1ca4664e76358ae12ffbec6d72b380c70c66b3e1e5b5a0e76e0a2c54b589c6d2
SHA512 fa253c7ce0213877c68fe17b6a85e5efea1721f8708930ac4a2d64170d9a58760191273bd00996c5173477753ebe67c6d5e6f6be2f8e7760f22ab67d2e813175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bf5dbce6712ec5bb5d016d20de671c6
SHA1 ebdf2dfff4153c1cf27b302b7c70ccd317a4b9a9
SHA256 bdf458bfd35a815e50303eda010f983a337863354fd3d2ea459d3e26b1f502d2
SHA512 e4b2e735d8922524c6b04339e17eb19b99565e24ee54f6ecc53b49a2c740f52de0ede9f22da07b540d00bf46f1c67a2ec978cdb59751578afc00e6d49b414dfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 482005e2a2ca9961cc7f850fe6920a08
SHA1 2a1fe7494f0c37d474f96eaba0e1a55c5b67f09c
SHA256 fc2480c0e1bed6366d7e0678cfab9f7531fb0b42170c5a9228a6cbb87cc8e1f9
SHA512 51ec4a953138406083d8f095930d0b6404b5b43f9949cb1387f85b691dffd9ff93084d94ac585f83b8eed86ce4a4106452cc0be4a930d93d2a9b697da1d04c4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2f91112e96f8753d7b1f8c1ba152842
SHA1 77226580bfc7f29c9250cc9c2d4f295a0a55b640
SHA256 c603743b32ca549f5f468a3a238589b4e6abe07df95ec676e7310f84731b1477
SHA512 22678d0081a4dcc1db6ed3ce94679ec444cd102d4fbea3146e8656c54ed7658f8a3b2c0284a7b481290e020ca04749a703151ff66ebbf13f61df2a224af39e38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 44881972231a3ce9a7d45ff8c5b85d1b
SHA1 3ff36375003389668c90ebc34e1c8ba54a5e0597
SHA256 bf5e1bbcc78ad6055bec71d946e86cd571335579787e455aef15aa8d5edd8f49
SHA512 2082b494e77d8f636c27e19105f5a4993fb4cd0b52b04022c7e25bfcee73c768ecb8f84685ff025bb56385227cdb851758b31adcdb07d043e3d0b7ab62341198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e732f051466136a52f26a7ad29ca8cd0
SHA1 fd3c26bb4f4f4ede6bb9e38400bf05c335068822
SHA256 929e86e7766ed5cc44d10342d9493dfc686207efca85d69ceadc31fe02e22ed2
SHA512 db68551200af44d9619140663b7bc4b6c7ac5dad9004e6cf2eafda07d3f57e5959eac66df3c371a120c31d1cb88f0cd3a6fef9c2d57efaf487c2dda467932bca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eae820a5-ca3b-47d1-baa9-f64824a4d327.tmp

MD5 d0f68e96d8adcbc130069b8a3ac20cf2
SHA1 d26b5b11b4f5273368ad873ce0bb15217292cdfa
SHA256 98a3d53482315b9ff3efbbb9c6a4de72e6365035cae073315d22d53d76d19b37
SHA512 f2c3f1798a2cd9de0ad15c786f1db8895198501ae151b2788b90bd5f2c035083edbba5a8ec1d9bdbe085fb0751bcba01b22c2bd19500305e40881293be970525

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin

MD5 70209b78c5c1e8ecc52b026cb90ddc7f
SHA1 80c31235173a5e579ff02a9647092b4a0720eeeb
SHA256 8508db56c14e9fa44c01fdb5671e9ba7bac49223a87a84cd4cec3f0f5f10270c
SHA512 96b813c278cca3812e714ca0971d6002e707f07905a722cbab7fd6a38f970062126e865a85d2c58e8bd2aa986d2fab4c6e2082d8b14a0c12109240ddc62f638f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\aa3b7a07-48da-42ea-b14c-b6516ccbddfb

MD5 303d1cace4c53c5c924d1831756bf8d2
SHA1 ea41995ee84e847de50633edce5a4c43075e2d54
SHA256 56f420116724b61a8ee2d7f46d010195579347e0cd0625b4cee2468bf3b2e719
SHA512 ce470df543bbcab8a140baec83e62e078b75a1c41b71f89527a78957856f3792746106b8fe19b3d116e5c96c1f920f3a468cad1c088b6943d2e24d6b0ae944d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\62bcd7c2-ff8c-4932-8ed2-7c9392065a37

MD5 d6e8a735e6d131908de980c9d839e955
SHA1 6128596f89476f74f6e2db6854bc756cfab29dec
SHA256 34b83cc56ed2dfc29b79e3782a398d48701359e1d6abe1d17eed22f8b08a3f07
SHA512 afa090dd5a708880e2c811222521cdd9fb1efc4fd0bf6cd8af8c5bccc9c079fa42dba9a0c518b5c38e83a03397a01efdf19e1f169cd81a0e5a4a2d17d8db787d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 7acf5ce9f7acf8394bd4cf592b914ed5
SHA1 53828beefe4fa3a31368587c736177eda57900eb
SHA256 a4167ca514cc71d6adc9d750be4cac6080e5c23f15e6a1af8444be13ced4d17e
SHA512 32171fe8664e3b077eae0d2022c310b1b421c86f74492c4dd8f1177d8f0b80c7015f64ea91aab544363ecf95e3afbcee244b6dc112026f17102f79aa9b53e9e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp

MD5 4db7bc00ba8553f32a3769242d99c1d7
SHA1 f710540d03a4778307ea35002e4ab6a242597383
SHA256 671d432fb1ff0e15aa83cbb7c83b63f52a9ccb862917eb8a8f81b194d1341e3d
SHA512 b9487b70a17b963ba1e704a5e473ed56e789682d62c558479b04dc6baf9d870c9cc755f361a772b0bdfb631d3ece55cb33481ffac7cc0067e65e04b34c843d48

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e9fa8713a62a0a535b9e6fae9f3b6b7d
SHA1 29406f8b012a1699b847923de3b4ad6c88f37fb7
SHA256 6bcb4717b051587d2e9fecb1889a45a2952e52e9c512cb5fa7dd335704d1f35a
SHA512 dd0e7048014f0982f2dbeae7fea45779d7b2ba93d2c779b978a58cf49f5bc4096f8c29df4b975f890f523a4cfbab5b72439428ab91322f2330896eddba0f6e66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 03dcfac8b60a91ee171e23c240e05c8a
SHA1 6be3b003c7675ac3b22246b49d6da9db65857bc5
SHA256 50208e0464a81d479a76ea1791d828bc7d4bd8b9b3d2f298818500d86603eb1e
SHA512 d530b3a524e238bfd4a899ca8d85e7edaaaf3f8d5c04e0f2fc1fba8772e3f040568ae0799f415433f8524725817ae9498478c32cf9b4fcd6fa69765ca5a12d2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7bbd4b13ff370c7b043551d435697284
SHA1 6ceab305abaa48db9e46e9ce89258e2d16b80b7c
SHA256 0bd8ad684ee9093b333e6ad7d47c2cbab3a89f75b00bcc2aedd0f99e11e3be9f
SHA512 203041d44903d00f809d9c37b624c58be0cc4bb51a80775b51ceca05d35451ee62f9806ffb9b76cfc296ad1397392ba503ffeb2249f14089bc2aa3275ff87a4e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8af3004f80bf71250f5aaa1c310d7a54
SHA1 45cdfc5739aacfa1f0b042663e85d070f854c9b6
SHA256 aa7684cad5aeb6b7d16a4ee6d9b9c98e6aa60b3f45b7b7cbd75940613201b602
SHA512 648882eb979086b48285fef7f40fe28c8608e59bc855212973fed16e9bcfb1774f9ced3e2cc2855c97958d71b152527297e3bb6023d6ec4813ff727084f9ca7b

C:\Users\Admin\Downloads\python-3.mMMzF6An.12.5-amd64.exe.part

MD5 b2467202049ba08e08ffec7acc578948
SHA1 13e63c84267ab20c875deb52dcbfd5a2e265a396
SHA256 d1f0c53fdb638938cf4c82418fa84d214d414c8721b525b8c3793c3995ce3d72
SHA512 50dd6a1143090cf00018f927a4bb240fa46ee8630b6001e665c6eaef59ecee2b248f4c07d552d7d9da77592603432aa9120f37a9eb32e2c1a479447395c39ded

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 ba77aba93fb9cbcb322c24fc54712b79
SHA1 dfdc9ec1d71f56621fd4cc8a8b001d4f9216029f
SHA256 e076097d813c3a7dd5d2d415efbbd537bc8260dce43a21392c943005446259b3
SHA512 fd4c7245b00c1dcb58d973d08f59aa87c8c9b07996f37dc9a664a101079274ac7fe3283f7b556af1845bf4ada03810d71c95ab8c074468d714ef6c77869c67d2

C:\Users\Admin\AppData\Local\Temp\CabB39.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB3C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\Downloads\python-3.12.5-amd64.exe

MD5 bbcb2fcf9d739f776fb6414afc12c80d
SHA1 2d78877db5a8da134ab54ed952b961a7e750ec7d
SHA256 44810512af577ca70b3269b8570b10825ec2ace2b86e4297e767a0f4c0ee8bfd
SHA512 0572c6345f6a4f7f3e5c2ff858e3ca7ca54ae4478f3d59d8e18cb0f596e61dcf12aef579db229e83d63b30f15d6684ee6bb3feaea9413e5e636a503933057678

\Windows\Temp\{24FB0179-109E-45C3-A07C-05D489F11081}\.cr\python-3.12.5-amd64.exe

MD5 7d3c4418445bbdc0b7c521a747ec014c
SHA1 bff06746ba8d31cfc34637bac0b86158bc2de7ba
SHA256 f268a252ca87e394a9b653a05a9ce715e1808ccf480fb84197ebf8fbc4482146
SHA512 033ab1141c1edd39ae5b713b9b20bededf2cb9fef493d93d46c87e2f40b9f0cbe73cba7cb7c6b0f5613fa058bd67ad400aecc358bd4f544470aa8a1ca193e91a

\Windows\Temp\{B42854C7-6787-4166-B9D7-C7802507D098}\.ba\PythonBA.dll

MD5 de16adbe53c3cc500dd01a5ee9ebc813
SHA1 f4b99bd3c79bfa5c3693e37a0d649bb595422dbd
SHA256 e297b802136b33aa53b31b68183f01d421ece30dc5cc3519e45f0bcf4a47752f
SHA512 1733e6fda19be026a062585e225f4b14017fea34589e3f3fe48b0e9f69aecff772c44f4d962096b3e0c295374e79692cbc711ef3b7e4c4c4a8544c56de49c2a7

C:\Windows\Temp\{B42854C7-6787-4166-B9D7-C7802507D098}\.ba\SideBar.png

MD5 888eb713a0095756252058c9727e088a
SHA1 c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA256 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA512 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-12 15:43

Reported

2024-08-12 15:48

Platform

win10v2004-20240802-en

Max time kernel

141s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Driver Updates = "C:\\Users\\Admin\\Update List\\Window Services: Check Window Updates.exe" C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Update List\Window Services: Check Window Updates.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
File opened for modification C:\Users\Admin\Update List\Window Services: Check Window Updates.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3460 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe
PID 3460 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe
PID 592 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 592 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 592 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 3256 N/A C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe C:\Windows\system32\cmd.exe
PID 3256 wrote to memory of 3228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3256 wrote to memory of 3228 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3256 wrote to memory of 4276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3256 wrote to memory of 4276 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe

"C:\Users\Admin\AppData\Local\Temp\Smooth - Software.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x468 0x3d4

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Update List\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Update List\activate.bat""

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Windows\system32\taskkill.exe

taskkill /f /im "Smooth - Software.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI34602\python311.dll

MD5 ffd85743633296368dcc81c9ff0e8554
SHA1 ccf28c70bbf853dbd6cd258f59836f25774f1c34
SHA256 286483910be593ce685c0377463aa3250528fa22a08e1d38e831659ed81f12c1
SHA512 65b9baaf31abd0a71571c6567290fea86b986c6dba2f747cd24158226ef4a32af37ccf4ea461658c5822fda9de1525d8f4e19ed473c349c6d2db664d8d4c2b07

C:\Users\Admin\AppData\Local\Temp\_MEI34602\VCRUNTIME140.dll

MD5 49c96cecda5c6c660a107d378fdfc3d4
SHA1 00149b7a66723e3f0310f139489fe172f818ca8e
SHA256 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
SHA512 e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

memory/592-1263-0x00007FFDBBEA0000-0x00007FFDBC489000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\base_library.zip

MD5 d900650a59899d8e54982ce705883f07
SHA1 d0778376cbf84d270419a748268f123e6b73ed3d
SHA256 7bd59461ad10f9695230d7e65cc7b81c2d9b1a269982240f128a24c56ad30a99
SHA512 1b13ea45a0603bf8cb0c7f013704f8d414decb02eb3bbe9263b7d0c3fbcb67bb767faf934fc4e64f1dc94c6597b58d6cf0b7e2e7d3c72f0e9ddf8f9f9dcab405

C:\Users\Admin\AppData\Local\Temp\_MEI34602\python3.DLL

MD5 0e105f62fdd1ff4157560fe38512220b
SHA1 99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c
SHA256 803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423
SHA512 59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libffi-8.dll

MD5 013a0b2653aa0eb6075419217a1ed6bd
SHA1 1b58ff8e160b29a43397499801cf8ab0344371e7
SHA256 e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523
SHA512 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

memory/592-1273-0x00007FFDCCCE0000-0x00007FFDCCCEF000-memory.dmp

memory/592-1272-0x00007FFDCCAF0000-0x00007FFDCCB13000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_ctypes.pyd

MD5 9ce24988dbf8c853d7bf6ef10ec1736c
SHA1 17f37ded8bf43c62390c20ac7ce3e06ce119178b
SHA256 6e01731ab3137d94ea6acaf94b3beca71e6d4faeab1b8d32b63afd16e57c8dae
SHA512 918addabfa0f900c9ed1a35570ee0c975835a138aa755c7224db901e77ab75de66564063b6721655a5d226c907d8549e6cb1cf204946b8bd2b25fffc167eeb29

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_lzma.pyd

MD5 7942161d07b363e2e74b7dedf43734b5
SHA1 29ad3bc963ce6aa28ffdf569dad778f2422a3d93
SHA256 53b4b67c8b6a2a37cc72fe1e1c872af2a661a28ab4b4f1303e685daca062bab3
SHA512 f6f60e9626d8d9ec128eb02b48711e35126663990eddd8e20cd6ef07afd5f9e2b9dfb806c9ed168f163b1fb0f0e2c1b43e1ed4406423911d044ea9d519ef714f

memory/592-1279-0x00007FFDCC8A0000-0x00007FFDCC8CD000-memory.dmp

memory/592-1278-0x00007FFDCCAD0000-0x00007FFDCCAE9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_bz2.pyd

MD5 035f146d7931d46b4cef9fc45d7562d9
SHA1 b628b85033c839a1c426379dbe7edc15bee0878f
SHA256 12f0f0957d979dd3fb1a544080765d2b0452a4912b225526f470bfe89485cce3
SHA512 28a55b9233796ca1f5169fe7922ea19e6f5f8d39cda236ff1eeb2399c02bf90efb39a56083da29c884fc4300254b5893cdda761931bfd6d0e2f049f1139b45e4

memory/592-1319-0x00007FFDCC880000-0x00007FFDCC894000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libcrypto-3.dll

MD5 42d646605ec8e6f96a35bb84bf35e434
SHA1 556eeff6df9787f7168017dfa2e99a7ab216d2a8
SHA256 64ad110b93f83d9679c61a9b258851eee1849d127248f1481846d4300f29d0ad
SHA512 add37f4a3f4febff22c4d38b281671837772913034c897c2ae71777d91edb6669f13bcdfdb686c0f8526eb3feef7d2488b01dac43c0ba7692b4920efd027b76a

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_hashlib.pyd

MD5 8acc31e3366fa66e7facc08c64b71d08
SHA1 8686db41abf3e6ba19c85213e65aeeef37ba772c
SHA256 470ab920756e4af0aad0d6c23cbe7d7108f779680d3623ef4b493510e2f666c1
SHA512 54a46b955cb70b53695bb7627be2f88867038ab167c46b56944652b546ced3097ae9750541506ba0e83116d4f5e15260c8d1fce8921cdc4e49b5262024fbd9d2

memory/592-1321-0x00007FFDBB980000-0x00007FFDBBEA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_uuid.pyd

MD5 4faa479423c54d5be2a103b46ecb4d04
SHA1 011f6cdbd3badaa5c969595985a9ad18547dd7ec
SHA256 c2ad3c1b4333bc388b6a22049c89008505c434b1b85bff0823b19ef0cf48065a
SHA512 92d35824c30667af606bba883bf6e275f2a8b5cbfea2e84a77e256d122b91b3ee7e84d9f4e2a4946e903a11293af9648a45e8cfbe247cbdc3bcdea92eb5349c6

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_tkinter.pyd

MD5 a767cfb787977e55fc39a83b109bdcd0
SHA1 3abcde648969cc507a539eb7c02f0389939e96fe
SHA256 251b3a319066baff90b0981e805fcd4e789c64a3e7ed5d4b3b7ddc499d6be7e8
SHA512 c541c1bf9c1ad4022a1f135d38e47a8c00a96c152c86504224a9127b09b5e2234b924eaea1e985e4f29eefdbac4dcb43c9410ec14681d117f5dfae658f05dbe2

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_ssl.pyd

MD5 e2cc74293af6ff7bcda4427352be9f28
SHA1 603170305d22d5b550387dfc70bd610508d30894
SHA256 64fb50d81cdefc4e00d13229d88938e52d766f714e9db73e5e19bcc08b98e1e0
SHA512 13da13b992de6c600ce9c6717a751d9e5aca98cbeaa60887414f4e1eab55a7ca1cf223bbf487b86d91ee6b89dc67c826ce3c46b1541be86cdf3caf2297209195

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_sqlite3.pyd

MD5 605b5070b85a3828d9fd8c99d1c65f39
SHA1 91e911167c7753727ea20f0a28212d901bd25496
SHA256 faa16733d980a3a14d121ca475da0f8dbb3264ac651d793e17851dc2101553ea
SHA512 7401de83bc1bcd4307afc91c4a6042226ab6411c6811b59a75a7b7aac227a99fb81255fae6b3da6e38594ddf8bb9a477e5f5390d816dfc6e98d4fadd89ed27cf

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_socket.pyd

MD5 40816040b83a800dc2643e77d08cce57
SHA1 51307339f5d1a426e908048cbcb881b69ca0a17b
SHA256 0482e4980ecf2fe3cce10d43b6c7426be546d0d0a760b752554ec75b2888b36b
SHA512 98cb6f551fb7d2acae12ea0ef328f74aa5460cdd47d82c1c387e3fe35ee9caa8567bb5e970805146a1712d0547695a123c8c556d847fdaf7651ecc793fd84a9b

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_queue.pyd

MD5 4f4de668946d8191d7fbf1efbdb580c3
SHA1 19fbedcc2d4e267011aed895175486cddc9ac67d
SHA256 e828f00f393b44bd8cbae766f6afb0c046160205a1a1d45335ecda6395649331
SHA512 7eb25bc14a6068aa46910523cb4f6bbfe40dfdfbed0b450fa18525b9945a45e179d1e418dd0d8aef0c2c003fdae86b81b530ed732fc4bdcb083cd8db74aada73

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_overlapped.pyd

MD5 ca0e43ce25d485f81f7f2d2b58fc56a4
SHA1 cb77824660780b180bcca8d19b4e4d70462c8c64
SHA256 092607eb742294dea8820f4fd2fed5f8a67d02c3fb24c88d4639e93c08fd365a
SHA512 cc62d0cabad85093c6a5be635e531e2b461af7d9d13967a06cc22ada1b9168a4156206fc9b4b3944189c97e11d23b42ee526c2146c58d6819430d7b209754fb7

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_multiprocessing.pyd

MD5 801a3a476235eb8fcf9249c8a4364b9a
SHA1 aebe1f4c29f68ad1fce39b78d6a3e57b998bd79e
SHA256 61879e8db5dab209eb6e9540ab073d258a1b7287c3368fc0337c3ee35f5aa2e8
SHA512 20b47018fbd444d6b2f2439195fdc484d8c275d57d8066d750d8f0f721eba5afe4787e34db185a27016098a900075f0873e20bd019fbf9cffa15647d61183252

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_elementtree.pyd

MD5 aa14c7d9644ada44bf3fae2a324e8abf
SHA1 0db1026f9fd8fe7df3c5e4c95cba872d03620d8a
SHA256 7e5114bf2f348a3dad6ec627fd5f3c1cdf85c6510a4da6c5aa3325b4ecca6071
SHA512 17025ea0994376bb1541cb2f4f9c760e58b9b54703d0c3cca9884bc19bfffa1279ab2730752895a367fd676384a957c29c71479a66e521645dd7771e59e25bbc

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_decimal.pyd

MD5 634c013e158317ef5efe41c45f0b639d
SHA1 c1f306a21bbe79fa2de374e6f49c5453d9b0a917
SHA256 6dcb3f9874f5ecd8356761a27178c105e1f205700f23badaf9ee6758368c1231
SHA512 91bfa271275fda473a51ab777ee2015ecebaff118e401fd710d99a9fe28a3a47a1e0fa09b1064dcb3a0607ea78df016459f63679bcac39530a887c48cccde5d6

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_cffi_backend.cp311-win_amd64.pyd

MD5 e1f65dcab42d11ca55a5931a87a3740d
SHA1 89e0c217a3efed465bc9a7d67fcb11137ab942b7
SHA256 d340b566a88b6d79941d243eccc81979d3771d43e6a61f12c47ac2de6bcaa1ac
SHA512 171b652a198428c1e33ca21a9366f5b2b42875b5b3020e2a6d3efe25e08129f9aee2ccf3070074856494a186565bcea5e388de43c3799dd010c5389b6e8b5154

C:\Users\Admin\AppData\Local\Temp\_MEI34602\_asyncio.pyd

MD5 be419e5a211ec39c5c9a12cb8ebce2e0
SHA1 1894b7255a431ab15f52013d35646936cc954ce9
SHA256 ca8095f88eedea1227d3306d6c28f0b1771c9613a17cb8d7dd2d9911b7485783
SHA512 65d667785c1a00a41e77e02bb7f89b00eefc216e2096b53ad77173e2d3397682f06e11fd196428ccbd1ad4d7e3c0aa043ec4dc53c5ce9ea0b684016dfedaf954

C:\Users\Admin\AppData\Local\Temp\_MEI34602\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI34602\VCRUNTIME140_1.dll

MD5 cf0a1c4776ffe23ada5e570fc36e39fe
SHA1 2050fadecc11550ad9bde0b542bcf87e19d37f1a
SHA256 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
SHA512 d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

C:\Users\Admin\AppData\Local\Temp\_MEI34602\unicodedata.pyd

MD5 f07ab440991d3993455771874eff0829
SHA1 faf8f73867ee6f7507c3c5c0b47af8f8fc68ef40
SHA256 e4faadce34cf2af0272c4967bf886aa6acc46994821dc06a7e33b68ddfd0236b
SHA512 d8e869f4fa8816344c63d087d53c7943d3f08946674ffe3fa7b22ef70dc101ae9ae008e4e8bad3fcaf3d63f128bc9dafc1df4d86bfe1d86211efbe580f46a80a

C:\Users\Admin\AppData\Local\Temp\_MEI34602\tk86t.dll

MD5 7d85f7480f2d8389f562723090be1370
SHA1 edfa05dc669a8486977e983173ec61cc5097bbb0
SHA256 aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5
SHA512 a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

C:\Users\Admin\AppData\Local\Temp\_MEI34602\tcl86t.dll

MD5 755bec8838059147b46f8e297d05fba2
SHA1 9ff0665cddcf1eb7ff8de015b10cc9fcceb49753
SHA256 744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130
SHA512 e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

C:\Users\Admin\AppData\Local\Temp\_MEI34602\sqlite3.dll

MD5 311cf4d9cd880512a4757bc582fc3af7
SHA1 73f43910129eb13ef40e3bd912f989b46d269b67
SHA256 87366fb2e513af1958270246e2c065e5487ffc112dd2818e01417cc1b93c52a7
SHA512 8285d0ab74788fb96c30bd1e2cc6d8784ba355f0a876bb4a31ab6a3b9c47f88e9e76ed08a40b99af7047b094de9e34f908b4a424092e35b90f47c22cb84cc455

C:\Users\Admin\AppData\Local\Temp\_MEI34602\select.pyd

MD5 a05d19109a695d561ad3743b64281116
SHA1 64a223bbafd54ebfe46f03301cd62b9603177f79
SHA256 b20660d3c9b77855cfd6c66d2f2be57904e6ee60bcba445c424282b841084a07
SHA512 440aa4c440c5fc4839d04a8dfbd63fc6f28f4214f0715eb5dcd21894f83ad7e09d7833d4676549720c98c6625e358f66ad76709a5adfff1d9a418f583505bd0e

C:\Users\Admin\AppData\Local\Temp\_MEI34602\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI34602\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI34602\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI34602\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI34602\pyexpat.pyd

MD5 07c5f67084263fa3347895068a1e8de4
SHA1 07264827f186d1e2e6ccc6fe8374bc85d454e85e
SHA256 65080629dabb433d139706e3845b534c16b89957615cafc6e70edbe7078956f9
SHA512 d0086abd8f97b8a758a027f13784d84a9085e8678731e4135ab83554121fc6e06d3284beb57aa04cdfbb3c13589254db838dac32da88d515505ba175f52c71f5

C:\Users\Admin\AppData\Local\Temp\_MEI34602\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libssl-3.dll

MD5 70fd72981462ff1790c5980bcfcab4d1
SHA1 1604914850b0e7dbd9d70a7c72b29dda58218ac2
SHA256 4bff9a542d5a32e36955c3b50dbbfc426013e09614658058473b748d5d03ade4
SHA512 83026221802ad9747aec2c3c6d629addfb2e05ceb9921d864a9152796ed1a03547742722f4421beaa144e075e370e141f4e259191b886a4f3f3f3012448ceba0

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI34602\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI34602\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

memory/592-1325-0x00007FFDCCAC0000-0x00007FFDCCACD000-memory.dmp

memory/592-1324-0x00007FFDCC590000-0x00007FFDCC5A9000-memory.dmp

memory/592-1329-0x00007FFDBCC70000-0x00007FFDBCD3D000-memory.dmp

memory/592-1328-0x00007FFDCB640000-0x00007FFDCB673000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI34602\charset_normalizer\md.cp311-win_amd64.pyd

MD5 347c9de8147ee24d980ca5f0da25ca1c
SHA1 e19c268579521d20ecfdf07179ee8aa2b4f4e936
SHA256 b6c3e565d152392aa2f1ea5a73952ae2a2b80e7d337759fce0ab32cd03c44287
SHA512 977a6e6e374e46b8bf699f285496dbb9777c8488bb16d61c0d46002ae4fcf5b2f9cd8cd8fa0e35ca442c43c9c286250edc10ef6eb1d2ef56578bcaac580f9fbb

C:\Users\Admin\AppData\Local\Temp\_MEI34602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 139e752804a38934d26aaa8004717d04
SHA1 0497671e1ae3481c05eec2ef0877539db853a536
SHA256 07e4ab01b93792ea0beff08f4f6e41b2404186602774b2756854022f170a64ac
SHA512 8d62d854568decc39400dd2e4bb63999da25bf19bfc173086cfb92709a35d71a40c8a3a02dcd8f97af74d467b5d049ac26edd5a9710c58c879daecd411173347

memory/592-1336-0x00007FFDCC580000-0x00007FFDCC58B000-memory.dmp

memory/592-1335-0x00007FFDC7E20000-0x00007FFDC7E46000-memory.dmp

memory/592-1334-0x00007FFDCC640000-0x00007FFDCC64D000-memory.dmp

memory/592-1338-0x00007FFDBB860000-0x00007FFDBB97C000-memory.dmp

memory/592-1337-0x00007FFDBBEA0000-0x00007FFDBC489000-memory.dmp

memory/592-1339-0x00007FFDC6C60000-0x00007FFDC6C96000-memory.dmp

memory/592-1346-0x00007FFDCB860000-0x00007FFDCB86C000-memory.dmp

memory/592-1345-0x00007FFDCC8A0000-0x00007FFDCC8CD000-memory.dmp

memory/592-1354-0x00007FFDC2CB0000-0x00007FFDC2CBD000-memory.dmp

memory/592-1362-0x00007FFDC9EE0000-0x00007FFDC9EEC000-memory.dmp

memory/592-1361-0x00007FFDCB7D0000-0x00007FFDCB7DC000-memory.dmp

memory/592-1360-0x00007FFDCC880000-0x00007FFDCC894000-memory.dmp

memory/592-1359-0x00007FFDCB850000-0x00007FFDCB85B000-memory.dmp

memory/592-1358-0x00007FFDBD870000-0x00007FFDBD882000-memory.dmp

memory/592-1357-0x00007FFDC2C60000-0x00007FFDC2C75000-memory.dmp

memory/592-1356-0x00007FFDC2C80000-0x00007FFDC2C8C000-memory.dmp

memory/592-1355-0x00007FFDC2C90000-0x00007FFDC2CA2000-memory.dmp

memory/592-1353-0x00007FFDC3300000-0x00007FFDC330C000-memory.dmp

memory/592-1352-0x00007FFDC3310000-0x00007FFDC331C000-memory.dmp

memory/592-1351-0x00007FFDC7510000-0x00007FFDC751B000-memory.dmp

memory/592-1350-0x00007FFDC7520000-0x00007FFDC752B000-memory.dmp

memory/592-1349-0x00007FFDC7E10000-0x00007FFDC7E1C000-memory.dmp

memory/592-1348-0x00007FFDC9ED0000-0x00007FFDC9EDE000-memory.dmp

memory/592-1347-0x00007FFDBB980000-0x00007FFDBBEA0000-memory.dmp

memory/592-1344-0x00007FFDCB8D0000-0x00007FFDCB8DB000-memory.dmp

memory/592-1343-0x00007FFDCBDF0000-0x00007FFDCBDFC000-memory.dmp

memory/592-1342-0x00007FFDCBE80000-0x00007FFDCBE8B000-memory.dmp

memory/592-1341-0x00007FFDCBE90000-0x00007FFDCBE9B000-memory.dmp

memory/592-1340-0x00007FFDCCAF0000-0x00007FFDCCB13000-memory.dmp

memory/592-1363-0x00007FFDBD850000-0x00007FFDBD864000-memory.dmp

memory/592-1364-0x00007FFDCC590000-0x00007FFDCC5A9000-memory.dmp

memory/592-1365-0x00007FFDBD6C0000-0x00007FFDBD6E2000-memory.dmp

memory/592-1366-0x00007FFDCB640000-0x00007FFDCB673000-memory.dmp

memory/592-1368-0x00007FFDBD6A0000-0x00007FFDBD6B7000-memory.dmp

memory/592-1367-0x00007FFDBCC70000-0x00007FFDBCD3D000-memory.dmp

memory/592-1371-0x00007FFDBCC20000-0x00007FFDBCC6D000-memory.dmp

memory/592-1370-0x00007FFDBD680000-0x00007FFDBD699000-memory.dmp

memory/592-1369-0x00007FFDC7E20000-0x00007FFDC7E46000-memory.dmp

memory/592-1372-0x00007FFDBCC00000-0x00007FFDBCC11000-memory.dmp

memory/592-1373-0x00007FFDBB4F0000-0x00007FFDBB50E000-memory.dmp

memory/592-1375-0x00007FFDBB490000-0x00007FFDBB4ED000-memory.dmp

memory/592-1374-0x00007FFDC6C60000-0x00007FFDC6C96000-memory.dmp

memory/592-1377-0x00007FFDBB430000-0x00007FFDBB45E000-memory.dmp

memory/592-1376-0x00007FFDBB460000-0x00007FFDBB489000-memory.dmp

memory/592-1379-0x00007FFDBB270000-0x00007FFDBB3E7000-memory.dmp

memory/592-1378-0x00007FFDBB3F0000-0x00007FFDBB413000-memory.dmp

memory/592-1383-0x00007FFDBAFC0000-0x00007FFDBAFCC000-memory.dmp

memory/592-1388-0x00007FFDBAF60000-0x00007FFDBAF6C000-memory.dmp

memory/592-1387-0x00007FFDBAF70000-0x00007FFDBAF7C000-memory.dmp

memory/592-1386-0x00007FFDBAF80000-0x00007FFDBAF8B000-memory.dmp

memory/592-1385-0x00007FFDBAF90000-0x00007FFDBAF9C000-memory.dmp

memory/592-1391-0x00007FFDBAE30000-0x00007FFDBAE3C000-memory.dmp

memory/592-1390-0x00007FFDBAF50000-0x00007FFDBAF5E000-memory.dmp

memory/592-1389-0x00007FFDBD6C0000-0x00007FFDBD6E2000-memory.dmp

memory/592-1384-0x00007FFDBAFA0000-0x00007FFDBAFAB000-memory.dmp

memory/592-1393-0x00007FFDBAE20000-0x00007FFDBAE2B000-memory.dmp

memory/592-1392-0x00007FFDBD6A0000-0x00007FFDBD6B7000-memory.dmp

memory/592-1382-0x00007FFDBAFD0000-0x00007FFDBAFDB000-memory.dmp

memory/592-1381-0x00007FFDBAFE0000-0x00007FFDBAFEB000-memory.dmp

memory/592-1380-0x00007FFDBAFF0000-0x00007FFDBB008000-memory.dmp

memory/592-1397-0x00007FFDBADF0000-0x00007FFDBADFC000-memory.dmp

memory/592-1396-0x00007FFDBAE00000-0x00007FFDBAE0C000-memory.dmp

memory/592-1398-0x00007FFDBADE0000-0x00007FFDBADED000-memory.dmp

memory/592-1395-0x00007FFDBAE10000-0x00007FFDBAE1B000-memory.dmp

memory/592-1394-0x00007FFDBCC20000-0x00007FFDBCC6D000-memory.dmp

memory/592-1400-0x00007FFDBADB0000-0x00007FFDBADBC000-memory.dmp

memory/592-1399-0x00007FFDBADC0000-0x00007FFDBADD2000-memory.dmp

memory/592-1401-0x00007FFDBAD70000-0x00007FFDBADA6000-memory.dmp

memory/592-1403-0x00007FFDBACB0000-0x00007FFDBAD6C000-memory.dmp

memory/592-1402-0x00007FFDBB460000-0x00007FFDBB489000-memory.dmp

memory/592-1404-0x00007FFDBB3F0000-0x00007FFDBB413000-memory.dmp

memory/592-1406-0x00007FFDBAC80000-0x00007FFDBACAB000-memory.dmp

memory/592-1405-0x00007FFDBB270000-0x00007FFDBB3E7000-memory.dmp

memory/592-1407-0x00007FFDBA9A0000-0x00007FFDBAC7F000-memory.dmp

memory/592-1408-0x00007FFDB88A0000-0x00007FFDBA993000-memory.dmp

memory/592-1410-0x00007FFDB8850000-0x00007FFDB8871000-memory.dmp

memory/592-1409-0x00007FFDB8880000-0x00007FFDB8897000-memory.dmp

memory/592-1411-0x00007FFDB8820000-0x00007FFDB8842000-memory.dmp

memory/592-1414-0x00007FFDB8710000-0x00007FFDB8743000-memory.dmp

memory/592-1413-0x00007FFDB8750000-0x00007FFDB8780000-memory.dmp

memory/592-1412-0x00007FFDB8780000-0x00007FFDB881C000-memory.dmp

memory/592-1415-0x00007FFDB86C0000-0x00007FFDB8707000-memory.dmp

memory/592-1416-0x00007FFDBAD70000-0x00007FFDBADA6000-memory.dmp

memory/592-1417-0x00007FFDB86A0000-0x00007FFDB86BA000-memory.dmp

memory/592-1418-0x00007FFDB8660000-0x00007FFDB867D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mkowx5fd.sni.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/592-1452-0x00007FFDCCAF0000-0x00007FFDCCB13000-memory.dmp

memory/592-1451-0x00007FFDBBEA0000-0x00007FFDBC489000-memory.dmp

memory/592-1464-0x00007FFDC7E20000-0x00007FFDC7E46000-memory.dmp

memory/592-1460-0x00007FFDCB640000-0x00007FFDCB673000-memory.dmp

memory/592-1459-0x00007FFDCCAC0000-0x00007FFDCCACD000-memory.dmp

memory/592-1458-0x00007FFDCC590000-0x00007FFDCC5A9000-memory.dmp

memory/592-1453-0x00007FFDCCCE0000-0x00007FFDCCCEF000-memory.dmp

memory/592-1456-0x00007FFDCC880000-0x00007FFDCC894000-memory.dmp

memory/592-1474-0x00007FFDBCC00000-0x00007FFDBCC11000-memory.dmp

memory/592-1473-0x00007FFDBCC20000-0x00007FFDBCC6D000-memory.dmp

memory/592-1472-0x00007FFDBD680000-0x00007FFDBD699000-memory.dmp

memory/592-1471-0x00007FFDBD6A0000-0x00007FFDBD6B7000-memory.dmp

memory/592-1470-0x00007FFDBD6C0000-0x00007FFDBD6E2000-memory.dmp

memory/592-1469-0x00007FFDBD850000-0x00007FFDBD864000-memory.dmp

memory/592-1465-0x00007FFDBB860000-0x00007FFDBB97C000-memory.dmp

memory/592-1461-0x00007FFDBCC70000-0x00007FFDBCD3D000-memory.dmp

memory/592-1463-0x00007FFDCC580000-0x00007FFDCC58B000-memory.dmp

memory/592-1462-0x00007FFDCC640000-0x00007FFDCC64D000-memory.dmp

memory/592-1457-0x00007FFDBB980000-0x00007FFDBBEA0000-memory.dmp

memory/592-1455-0x00007FFDCC8A0000-0x00007FFDCC8CD000-memory.dmp

memory/592-1454-0x00007FFDCCAD0000-0x00007FFDCCAE9000-memory.dmp