Malware Analysis Report

2024-11-30 12:50

Sample ID 240814-vner5sybkp
Target Ware.exe
SHA256 18ee170db33fe7dddc61a3ea81cd0f842142aea908ced0483cdb8930f8f775e2
Tags
pyinstaller pysilon discovery upx evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

18ee170db33fe7dddc61a3ea81cd0f842142aea908ced0483cdb8930f8f775e2

Threat Level: Known bad

The file Ware.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon discovery upx evasion execution persistence

Pysilon family

Detect Pysilon

Enumerates VirtualBox DLL files

Sets file to hidden

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Detects Pyinstaller

Browser Information Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of SetWindowsHookEx

Views/modifies file attributes

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-14 17:08

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-14 17:07

Reported

2024-08-14 17:11

Platform

win7-20240704-en

Max time kernel

52s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Users\Admin\AppData\Local\Temp\Ware.exe
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Users\Admin\AppData\Local\Temp\Ware.exe
PID 2356 wrote to memory of 2212 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Users\Admin\AppData\Local\Temp\Ware.exe
PID 2904 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2988 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2128 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 1676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 1676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 1676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2904 wrote to memory of 2092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Ware.exe

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

C:\Users\Admin\AppData\Local\Temp\Ware.exe

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7c59758,0x7fef7c59768,0x7fef7c59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2788 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2856 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3800 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3660 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2620 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3076 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3704 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2792 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4120 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1048 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2432 --field-trial-handle=1312,i,12583888344099786834,11687573058922873619,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 216.58.214.170:443 content-autofill.googleapis.com tcp
FR 216.58.214.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 python.org udp
US 151.101.128.223:443 python.org tcp
US 151.101.128.223:443 python.org tcp
US 8.8.8.8:53 www.python.org udp
GB 146.75.72.223:443 www.python.org tcp
GB 146.75.72.223:443 www.python.org tcp
FR 142.250.74.227:80 www.gstatic.com tcp
GB 146.75.72.223:443 www.python.org tcp
GB 146.75.72.223:443 www.python.org tcp
GB 146.75.72.223:443 www.python.org tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 plausible.io udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
GB 143.244.38.136:443 plausible.io tcp
FR 142.250.179.74:443 ajax.googleapis.com udp
US 8.8.8.8:53 media.ethicalads.io udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 172.67.71.230:443 media.ethicalads.io tcp
FR 142.250.75.232:443 ssl.google-analytics.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 console.python.org udp
US 8.8.8.8:53 2p66nmmycsj3.statuspage.io udp
US 159.89.245.108:443 console.python.org tcp
GB 18.244.155.106:443 2p66nmmycsj3.statuspage.io tcp
FR 142.250.75.232:443 ssl.google-analytics.com udp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 52.219.109.25:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.109.25:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.109.25:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.109.25:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.109.25:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
FR 142.250.179.74:443 ajax.googleapis.com udp
US 8.8.8.8:53 www.python.org udp
US 8.8.8.8:53 plausible.io udp
FR 142.250.75.232:443 ssl.google-analytics.com udp
FR 142.250.179.74:443 ajax.googleapis.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI23562\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

MD5 141643e11c48898150daa83802dbc65f
SHA1 0445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA256 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512 ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

C:\Users\Admin\AppData\Local\Temp\_MEI23562\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

MD5 43136dde7dd276932f6197bb6d676ef4
SHA1 6b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512 e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

C:\Users\Admin\AppData\Local\Temp\_MEI23562\python312.dll

MD5 cfa2e5cdda9039831f12174573b20c7b
SHA1 c63a1ffd741a85e483fc01d6a2d0f7616b223291
SHA256 b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d
SHA512 f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

memory/2212-1365-0x000007FEF5B30000-0x000007FEF6208000-memory.dmp

\??\pipe\crashpad_2904_KZWIRDJJXPOTLATU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14ea2f1ae7ac3d3e2f8cea0816da87ec
SHA1 3c4ba99c20083f25f6a64baaf72dbff53ce413c4
SHA256 6a6f28d07d1446593ca1fd37ce7dd33d4e45c4f6c10e41cae371e5dc2d9b8564
SHA512 2abffca806f8bd7c4126f2bdb66c2f8935eb139738c31a1637d1473247de59efe18220787fe28e71598d9ba959fdd2d973941d8292036b87bb3263ad6d29208f

C:\Users\Admin\AppData\Local\Temp\CabD339.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD3A9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7cf1f4d46fba3f214d0669adde677e3
SHA1 ab5bf81c3b8184990d3516d1eb95990cc289da6f
SHA256 2474776517017a7e76e6eae18cad0caf270857a4a0e35a2e05b80298221eca05
SHA512 e02a0286aa629bea7b566ca89985a8496b813959d80fbb0a1a1f1f32a39385b3a0634c7e16c17cd08b5108100c65273b8f7b5d62fc96766ce34bf52823a9aed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 668580836623a9f3666a37e029937ed8
SHA1 42da0c22f24c2c1ad8bb5746be19d1204f8a7178
SHA256 3d0d7896be6aeabc8c1a14e6d81ec71fd7fa308578ec7875e51ce05a4159dd32
SHA512 f010d12e8939f3da0f540fcabfc8a298f7be0afe80f44caa853d9866ef4cf830c32d0823f96988578a5ce8d25f1014e75767d6dc537e08de849eec58fcabc1ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0b3ba195b80e3209d80126194cfc503
SHA1 f225ea208f5f31546df4a818f2cbb514eb8c7433
SHA256 3b0cbb7d3ce1ca2ddc9c7529cc9f72f1f7e10366cfe03484cfdc274ca1245823
SHA512 cbcbde0123cfb319ffba9cea569561ebe96f62bdbb7f29bf1b5ebee00e08dd6b736a786189117c09613c48a90edd5df0e182c9107eb05bc39b8cf7748aac203a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec5e7b660006a5d99f698690c946034d
SHA1 a6e7b04784d1eed034a0e214a0e2cc3ed69fb47c
SHA256 e42a7b763ae1ff7834f57219486f4298a740583059a22a0bfa995d9c18ef3bfd
SHA512 1600a933fba43606fe0a2ba814282f271a1af35f6dde3e5dbf176c8772b26a8a956003c82aa04de638612d1988f0a9f5df1860efd7b7c1eb2459432999de03ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff680ec293ac1e455b933ce992861d81
SHA1 d5d66acdf81fd5ab6dd6f7eb9792e16a862ad79e
SHA256 8a9133d8a778c2e0d46101450d8ddb0e1e321135d98e747141b7c81eea09a3ba
SHA512 9a2a77a3102303a61e3bf05c6714d0b87740fd4f8924474065f46f1c60370b89fc9a9a1d33267e4a19f5bccbb3ec5b9474aded528b6a873a801ce3ebf1d06a5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7bee6c86-eeea-4547-bc23-aa09b3db99a9.tmp

MD5 444c45a9e95fa48c96de59592e3b50f1
SHA1 a946617c5995c9cdd91b3523ec7d40c0f7723d50
SHA256 8c86c039c17b29ca48b36ef43c3653f0e7be696dae6ef9c2eae6c14c719d6e3c
SHA512 adaa608996cbe1a6768b99e7186b966d6fec80dec271a42a58604eb05a632b2b34275933ec1d6923f50f6820ca36d022665308ca8aed76a86490f2935c79caac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 b582b2eca79a750948dbb3777aeaaadb
SHA1 bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f
SHA256 04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82
SHA512 35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 33411bb179575dfc40cc62c61899664f
SHA1 d03c06d5893d632e1a7f826a6ffd9768ba885e11
SHA256 274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f
SHA512 dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1b1ce51a7a4ce71128a2d0d63a635a0
SHA1 95c300092176b331128bc467f17e77c2cf2369aa
SHA256 3efcbd6f3fb4d7252e379c368a0b5bb103685aeaed4d5bbf09c76629a3973f3c
SHA512 799bdce7589ca91cc09dbc71fc6bab5e36cafaf433755233ea4f12fd71d4102977fc4a257eb8ed7d2485147976ebf85f4a43a995e17703ad6175d22f36ba6ef2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a0dcc62da3f000ff4aafc313233b8c4a
SHA1 95e8d5838ab136b9cc4e8c3f3f6e6ae67314b40b
SHA256 1eb04f9d364bb8166714e56cba7599efe6904e961c664ad65d9a6e462dfcf7d0
SHA512 9dc6564d981968475cd98429ef917c0b38d0f2834cc0f1aba8bc2ebc603fdc2d5d6ade48cab2243108bf6cd860367130ba522d7ab417cf16970c6885c991a3bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 564899c0c076a583011415c5f70c13f7
SHA1 e6a8002eeeabeecb96bddd4c0b663e978d436eeb
SHA256 eb7c0dd354ce74f8dde368a24fddb2c747764486095d9280b5cd288718a2f61c
SHA512 1bd83e5f1b22cd35b0c6c568ead8490f877e3062eb9e712c6075ea3fd2ef89c8bee2b30a5f45ad6f7636d77abfa61c0e287e09201ef3fd1ff28fc15789df34c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 01d5892e6e243b52998310c2925b9f3a
SHA1 58180151b6a6ee4af73583a214b68efb9e8844d4
SHA256 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
SHA512 de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 39f22cea2dee07f1ecb7c0aee77a66b8
SHA1 b66c5a8459687135719ea7f652c547908923a497
SHA256 060056f0f572d4c68a1cbc8f7c1bafe8166f44f6e4b7ae347e8432dba1a3c035
SHA512 cf3ed4b815be2ab468d4f5b1a47fcdb4b83c4be09688ceaba28ce409f96d2852f241abc208e4b1b9632db8d553693975d38629e2b15e6392acdc1744f964b6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bdd8cf8955da5fdbe74b0b5cc5fbea47
SHA1 9d3b6c1139735f5b8a320f32bad1c77dc305484c
SHA256 8d73f9de28f168061cac1cfa6e8f3e3da6ed33f51bd6aa24bb8121c1084eb64d
SHA512 567c327b57bf3b39f50e20f250e680c86a36ad27488a8fdff4ed73f4b2238be9bc14b59b525af1838758d019b5a7c472443036e193c770c0fb29e6412b45ff44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9887ef798ba145e1037b5c795da93f0
SHA1 31e7cf6a5f53d5047765ed9eb8d74cc3268521ae
SHA256 ccf1be80e4c8ffdd2211145aa53863294f0ace48f50a2938c133a48f0f9542e3
SHA512 26846e93d9ff026c1009beb7a13d6b0b0ccaa09d1ce5786c305abd5459325556c41a0817d3a2575b7395480348336eeeed963536ce37a31a03d63c48b2d15d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af6a6f44e1c76393fa6a15dad61b4967
SHA1 ef05368e6e569a6a88c3c3ebd08dbd8f0c3330db
SHA256 db72a958b378e1ab2644d24f83995298cdd70f7540345f8baedfcd43c6d4aff0
SHA512 33d28657fb55e954f1757a94cb794b98710e427d27ceaed4140720f5b23c63746c1c35d0c6d18be99f4b504ff90c82fa0342b77f3cc8cc0984e0c630417f6ffa

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-14 17:07

Reported

2024-08-14 17:11

Platform

win10v2004-20240802-en

Max time kernel

142s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\WareFolder\WareToolz.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\WareFolder\WareToolz.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\WareFolder\WareToolz.exe N/A
N/A N/A C:\Users\Admin\WareFolder\WareToolz.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ware = "C:\\Users\\Admin\\WareFolder\\WareToolz.exe" C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\WareFolder\WareToolz.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\WareFolder\WareToolz.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\WareFolder\WareToolz.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4244 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Users\Admin\AppData\Local\Temp\Ware.exe
PID 4244 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Users\Admin\AppData\Local\Temp\Ware.exe
PID 1720 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1720 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1720 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\Ware.exe C:\Windows\system32\cmd.exe
PID 4116 wrote to memory of 2460 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4116 wrote to memory of 2460 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4116 wrote to memory of 3976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\WareFolder\WareToolz.exe
PID 4116 wrote to memory of 3976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\WareFolder\WareToolz.exe
PID 4116 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4116 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3976 wrote to memory of 2468 N/A C:\Users\Admin\WareFolder\WareToolz.exe C:\Users\Admin\WareFolder\WareToolz.exe
PID 3976 wrote to memory of 2468 N/A C:\Users\Admin\WareFolder\WareToolz.exe C:\Users\Admin\WareFolder\WareToolz.exe
PID 2468 wrote to memory of 624 N/A C:\Users\Admin\WareFolder\WareToolz.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2468 wrote to memory of 624 N/A C:\Users\Admin\WareFolder\WareToolz.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Ware.exe

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

C:\Users\Admin\AppData\Local\Temp\Ware.exe

"C:\Users\Admin\AppData\Local\Temp\Ware.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4f8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WareFolder\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\WareFolder\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\WareFolder\WareToolz.exe

"WareToolz.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "Ware.exe"

C:\Users\Admin\WareFolder\WareToolz.exe

"WareToolz.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WareFolder\""

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 127.0.0.1:63988 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
N/A 127.0.0.1:63995 tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI42442\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI42442\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

MD5 141643e11c48898150daa83802dbc65f
SHA1 0445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA256 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512 ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

C:\Users\Admin\AppData\Local\Temp\_MEI42442\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

MD5 43136dde7dd276932f6197bb6d676ef4
SHA1 6b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512 e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

C:\Users\Admin\AppData\Local\Temp\_MEI42442\python312.dll

MD5 cfa2e5cdda9039831f12174573b20c7b
SHA1 c63a1ffd741a85e483fc01d6a2d0f7616b223291
SHA256 b93e682bddb5c3e2af1f0264e83fbc40481fe6abd90c3ab26e94f246c8ce8d7d
SHA512 f1ac568bd1a16d5ab2623ac42a83aed32d9867a0e016e0ac3c922f28ceb1bb7e114dab44553949008a6e2fd3bb67fc2be8fc283560d9f4b1f1552137a0c104aa

C:\Users\Admin\AppData\Local\Temp\_MEI42442\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/1720-1367-0x00007FFC5C510000-0x00007FFC5CBE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_ctypes.pyd

MD5 c685e7b6ef76cafc4ec106b9784b6cd6
SHA1 89038e7c2ea9a07796191689ea83c530f608a437
SHA256 5dc7f9409c83d146586d27c150534db326c52abfb499d6ba09d03f98259fa0a5
SHA512 ac10ef1ec237637c5b0459aff5925348d1d04dbf717ea2c5b75992b11ecb388bcc082ef113b3899e9bda7b1132e609a5c77b77492904e66e73be40d196bc3507

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libffi-8.dll

MD5 013a0b2653aa0eb6075419217a1ed6bd
SHA1 1b58ff8e160b29a43397499801cf8ab0344371e7
SHA256 e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523
SHA512 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

memory/1720-1375-0x00007FFC6CA00000-0x00007FFC6CA25000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\python3.dll

MD5 4038af0427bce296ca8f3e98591e0723
SHA1 b2975225721959d87996454d049e6d878994cbf2
SHA256 a5bb3eb6fdfd23e0d8b2e4bccd6016290c013389e06daae6cb83964fa69e2a4f
SHA512 db762442c6355512625b36f112eca6923875d10aaf6476d79dc6f6ffc9114e8c7757ac91dbcd1fb00014122bc7f656115160cf5d62fa7fa1ba70bc71346c1ad3

C:\Users\Admin\AppData\Local\Temp\_MEI42442\base_library.zip

MD5 44db87e9a433afe94098d3073d1c86d7
SHA1 24cc76d6553563f4d739c9e91a541482f4f83e05
SHA256 2b8b36bd4b1b0ee0599e5d519a91d35d70f03cc09270921630168a386b60ac71
SHA512 55bc2961c0bca42ef6fb4732ec25ef7d7d2ec47c7fb96d8819dd2daa32d990000b326808ae4a03143d6ff2144416e218395cccf8edaa774783234ec7501db611

memory/1720-1377-0x00007FFC723F0000-0x00007FFC723FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_bz2.pyd

MD5 2eace32292e07ee5c0036b7392172f61
SHA1 5ca189cf84855d9b86865ade7060193acd560a93
SHA256 8c0571c2d937f8161626bb05acf6db121db399474be107467122b27b350310d8
SHA512 1257cbf7d1fbb5932d644b855c63dc5c31391af9d838115037aa583f119f4aac2a24da71f566039b13357af92c15275a933be311c13cd91d89dcfc272af7f1f6

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_lzma.pyd

MD5 03c89c56f917c131e6c08a222aae07b8
SHA1 1abc34d56b4cca58bf1d93463bbd27cf42d4d062
SHA256 dacc3b750b2c9d961064e3c7c35e46399405d8a2a544a6d243eb79a2b73338f4
SHA512 4a2087c7daf28b796ad6b3341d3c51226f490a4cf53f43ff230e7eaaa9af73d9b2eb6ba21465738008e996c2de66c78eaf8e655342edd382288197489fe32280

memory/1720-1381-0x00007FFC6C6D0000-0x00007FFC6C6E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_wmi.pyd

MD5 1890d5c2401a459e34a192930d1d6422
SHA1 b52c21766bee765fb6e2e24f1e9f34cb1f53aac6
SHA256 e898deac8e0ba83500383bafb0ca1abd9af84f95109e0624a30ea1ead6926b5e
SHA512 3818a2349aa25cccb9e00d0cb1350c8fd7c4dd6f85412421e483b9ca086319a6c2dc80fee7e8d761d12b190ee07bc916076de460e288ab08736ff62920e4db71

memory/1720-1423-0x00007FFC6C2D0000-0x00007FFC6C2FD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_hashlib.pyd

MD5 da977167a315fba3ce140ecb18354f11
SHA1 5d10fa5ade758675b36caf4e8cf9007ac3a99615
SHA256 8df27ad5c38c51dc55e789184ed25a31d0a71b720f646f3f8e9a44250857cf4f
SHA512 44f326c2813e407fb9c93f6a51f1ffa98a80bfa3ea58082819efc441e5fa8691da9ea631cc4f129f9c56f5f9245f777dd0ad90bac2a81667da495d821f29930d

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libcrypto-3.dll

MD5 f8076a47c6f0dac4754d2a0186f63884
SHA1 d228339ff131fba16f023ec8fa40c658991eb01f
SHA256 3423134795ab8fce58190ae156d4b5d70053bebe6c9a228bea3281855e5357fa
SHA512 a6d4144cbba4a26edf563806696d312d8a3486122b165aae2c1692defc2828f3ff6bd6a7f24df730ff11c12bc60ac4408f9475c19b543ed1116b0a5d3466300b

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_uuid.pyd

MD5 b9e2ab3d934221a25f2ad0a8c2247f94
SHA1 af792b19b81c1d90d570bdfedbd5789bdf8b9e0c
SHA256 d462f34aca50d1f37b9ea03036c881ee4452e1fd37e1b303cd6daaecc53e260e
SHA512 9a278bfe339f3cfbd02a1bb177c3bc7a7ce36eb5b4fadaaee590834ad4d29cbe91c8c4c843263d91296500c5536df6ac98c96f59f31676cecdccf93237942a72

memory/1720-1427-0x00007FFC5BC90000-0x00007FFC5C1B2000-memory.dmp

memory/1720-1426-0x00007FFC6C2B0000-0x00007FFC6C2C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_tkinter.pyd

MD5 7522da7a80c4831918d7bf26fcee6a8b
SHA1 3550d58220333943b37a59fe38625469f791ef9d
SHA256 1ed1d321870f7ab3d29fd5c21a5e2adc04664ec16d380a633c69992c45aa1ad6
SHA512 2a3961e4f7d91045ada17d24bf16b69b82a6beaa35e277109c7c01b4b5d36bc48e4de74f0cd22ea869c3d42c5cfec507a9ef5e11e937ecf1572bd61a5adbcd05

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_ssl.pyd

MD5 f106aacfa4ae591b69b9730ce57f4534
SHA1 74f68f6717ca7366a11a0b2b2d6708d1c238addc
SHA256 631d08922a56b6f046fcc6302c6f756d90f75d64e3d2801899d3ea47059f2987
SHA512 9f420af97c94ac891cd4f07bfa22da80fa20b7bf3b59f19a5bc76fb57ee7615d63de39df27c4a7e8460d754017e62a3a9cefbfb8e9d0a1858fca5c64c5d21105

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_sqlite3.pyd

MD5 e7940561d82e12a092a592c7dedfae12
SHA1 625fae53d931a3c0fbfd9a17f8d4c7342d542587
SHA256 34d5f7623f95b412e66a8bad907f6952a81538c41b14a42556a048dacea0230d
SHA512 73af6252cf879a4292e6eece4a1c053d6c494cd3db5744fe4d77eb835e77674a9fb4150da11351c7a9b43948356fd534d7c19770779a8468fe945ed6ca2a3d74

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_socket.pyd

MD5 c1cef567062a30296307c93b21d1e18c
SHA1 f11ab11aeb3dea68520c75c1c8e69d2f7a93fc64
SHA256 77c2585bf2f850decb93561da8bd6b85399a663def188d4b51b71b3fcf57df59
SHA512 f55a89b5b3ff81dea86a6ef12d0a0ed86970fc49d530569c0b1c6dbefdec9525acf9d155d651e0e9a866f97263fc077bab8b90ca10c1093bfaef9819edfd72fc

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_queue.pyd

MD5 6cf8bd2c2b4498b1b0c015752eac6240
SHA1 e019e90049ce38b484c8843ee42a294abb62d667
SHA256 addffbb7a9f83ef580c7a4f3baaa2ba6fb3c8ba87f5f6366a979404ee7bd034a
SHA512 6a47b63c0a29e816c345d9cc6c6ae376c597e9b948b91011791d75813c83a532d6855d37d9fcfb6fb966364e38ade962557656b378f39c1d1443dc8cbecaf160

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_overlapped.pyd

MD5 de12dbc5179985d360d26d86daed6e27
SHA1 a51ffb2e190bd5d31025b7081db25949c206c446
SHA256 996b793e67974eba1d2f05cfd790d7c4cae8c0631e9d860b93442c71790d4f70
SHA512 da8ec05fe50cd3b5ace716cb83423fc1b4e5a148438268b48d1b78bb868c02a080911b70bdf16fd7b4ef67cbfe567eea0967c88aa23c9e887a6f18ecf9df9472

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_multiprocessing.pyd

MD5 429fcc16a7180712d2cc0ca2e0960923
SHA1 c649b32b5ac65d96eca53f588439de14f43c0880
SHA256 2cba53a6b9c294beb6e5ac04a11b325d7e045b58d43bed9b22f92ff52be87a02
SHA512 24b843f3b132a66e454b919d77888df280494a89b372c381e1b221e14ae1c43a741a34dbba0e00a9aeaba268eb1068a11c2f77810865722aedc8bf26fa6cfe6e

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_elementtree.pyd

MD5 5313190dbe0767135c391106489cf35e
SHA1 6d008c89d7f498765c4db914664151a4b079206b
SHA256 534860e0ac8f503250530e610840d2de9211bf9197b0cbadb5e7faadbebd315c
SHA512 1e86bff644ab12097cf31461c62069acf1ba16a5a40c90492c9d11c0e2820d2dd686b0af13bc537f7320ba20aa5e504dfde59ba8a31308c1fc27dbb2366bfa0d

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_decimal.pyd

MD5 cf32b33b530159b7dda8796a32170b0f
SHA1 112daec7436a6febf3bb9b3cffc90f3554ee1132
SHA256 620daebfd9d8f56d9eb32c424cc474fc45160c09982e93d91e6e18f89050dbb3
SHA512 3175b087ad61357a0e957958a6acd2cf924c8c219de1d7e2221ed9ff783ab38c8bd7fecb640d521518d294c4783546f3ff1d677f085d6d44b1dbb6cb10f6d052

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_cffi_backend.cp312-win_amd64.pyd

MD5 61ce9c98f26db0dd41616a95af93c7df
SHA1 7e6a8c41276859748d847e0f9cf81374a1b29d0a
SHA256 9b8893ee9fef73c1d8b125af11150c9988a4ff275eb01ff86edbfbf022e18936
SHA512 baedde5d10293ebb09291ed22ab8669866647239ffc368014d7bd604f5eeb5b1e4645c47bdad749b4faeb2dbb0ff2f89b3e9bcc294ff0b13b3f5f2dbaf6ff9d8

C:\Users\Admin\AppData\Local\Temp\_MEI42442\_asyncio.pyd

MD5 eda8638c32995d8e48e5293b0b9dba21
SHA1 840b1255f62c4c8e46428277808023f6c60911a0
SHA256 db7719e7bde6c21ef4dcaf315fe3bea500ce70a80b92be61dfd0d00cb46da142
SHA512 c356d77d90a84cef84156cf053e243c94c2d9b423f52d41ef30a280426ce4a564d57df4e7c714f50c2825d9a6088fa7b774b45a9c29703e044ce521194ac36af

C:\Users\Admin\AppData\Local\Temp\_MEI42442\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI42442\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI42442\unicodedata.pyd

MD5 bbc5bf1e060d2ecc654c6f2f9bb53b40
SHA1 47be8c2ae3031cd86f3933f2620a40a1dfcf9c6a
SHA256 158c385e7186c418db48b9345b599ffc605eaca35d47280b106fa05aaa68fb3b
SHA512 7b86cfe7e4ee8bc43f3e34becffe0d6abd38ea051222a0dc880b3bfc8c9bd5ee4026b4a0017e739cb1aa62d05c394fa27b5e2588df8b95ca2284d370ca1503bd

C:\Users\Admin\AppData\Local\Temp\_MEI42442\tk86t.dll

MD5 53d85aaa8044c66f3ff69d618ecfdf47
SHA1 a681e0a044594a66144e0a193599ff68446b8f05
SHA256 b69003b8c2f30ac0486fd383a1d28cbbeec4e156ef3c962f828f90663466c49e
SHA512 84f31734a3b92e374f819a86dcf3a55bd2e124b8e8eab2089d21f7b87b49aba64dbdb4bd9b1d1b395e507fd742969b567985f97b768a2fe684f5e1dc9139c717

C:\Users\Admin\AppData\Local\Temp\_MEI42442\tcl86t.dll

MD5 d8d21c45429142d11afa87ac4e4b1844
SHA1 479360a69aed55ea34335f509bd1d06abd0193e1
SHA256 d6f817f67275cd587b1ad39055f4ead3812dc96c14010d834740388c98691d4e
SHA512 af12b41bd148ae5596b376b80a55f084b474fcd82444a0bf46afd3795f9a767b4c69e7452372fd8798ace58ab1d13d971c6c2c0997246d4b094d6d587487c37b

C:\Users\Admin\AppData\Local\Temp\_MEI42442\sqlite3.dll

MD5 72f315d0016666a9ea1bd9161185e9ff
SHA1 7fe2b599b329fd057679938dfcfa8506d136e671
SHA256 2bcdef677d17f776e622e802b2a020cf5d2597f1e7a4a2dd2ab1fcd266e5c263
SHA512 ffc1f1d8768ed94a143c0d932d9a303577e90bc5b77d3da857f90a10b49cd1de5a31760b9dd59edb98d569f880be311417a0be6f0ce744c721d0c4f6a9b5aa56

C:\Users\Admin\AppData\Local\Temp\_MEI42442\select.pyd

MD5 0c130ea965aa11fb0fe131433d6e1dd1
SHA1 fdc6fd706d82d073db432831533ab2fee5e7bd9d
SHA256 4f36ba1427114fc9f13f632baedea4984e8267c912525722a7ade73ef450e582
SHA512 58f11c095ec2c5d909b687d6a3ab9b1b556eccf4d7789f688d8eff953092bf301714e8a016a927a047babdf20d7472ebcfd0c5f7b6d19b7252614fbd0aeefbfa

C:\Users\Admin\AppData\Local\Temp\_MEI42442\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI42442\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI42442\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI42442\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI42442\pyexpat.pyd

MD5 4abfba91c47328272c9b69b2a6db4dd2
SHA1 dd95d2bc2ce19bded4a0d342a2da08f0a7778fe5
SHA256 a7a095d822ddc5d26c18b3afba8df7a158ed57a7389c0c67ccaceb5b2047fa8e
SHA512 8f19d7d648670307898df061ea2c2cec83555780c8c263992381405c188eb37f5e02bf05073c9568da101c5699b1add170e1bc2bc20cab73d5f62622303fe3c1

C:\Users\Admin\AppData\Local\Temp\_MEI42442\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libssl-3.dll

MD5 f4dd15287cd387b289143e65e37ad5ae
SHA1 f37b85d8e24b85eedda5958658cdaa36c4a14651
SHA256 6844483a33468eb919e9a3ef3561c80dd9c4cd3a11ad0961c9c4f2025b0a8dff
SHA512 8583692f19c686cbb58baaf27b4ab464d597025f1ff8596c51ec357e2f71136995b414807a2a84f5409f25a0798cb7c497ddb0018df3a96b75aba39950581a19

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI42442\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI42442\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI42442\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI42442\charset_normalizer\md.cp312-win_amd64.pyd

MD5 191c247b7e0543cc769718232ead35da
SHA1 e3f0be22199ff1f5cf131a12c1c7a58805f2fff5
SHA256 3d393309cbc6e88919c4fd472394d7c31f26f1709dffadd1c7e8895097e6cab3
SHA512 ad0316e9430308a05672e28050bf5c23bd2f7d81e7dc97e7926cd54a9fc0ba78ba904dee87b04688e7d0377ba69892a6cea7ab9f972c08e8d9da1d7c13693f97

memory/1720-1440-0x00007FFC6BEA0000-0x00007FFC6BEC7000-memory.dmp

memory/1720-1441-0x00007FFC5B8A0000-0x00007FFC5B9BB000-memory.dmp

memory/1720-1439-0x00007FFC6FD20000-0x00007FFC6FD2B000-memory.dmp

memory/1720-1438-0x00007FFC6FDD0000-0x00007FFC6FDDD000-memory.dmp

memory/1720-1435-0x00007FFC5BBC0000-0x00007FFC5BC8D000-memory.dmp

memory/1720-1434-0x00007FFC6BED0000-0x00007FFC6BF03000-memory.dmp

memory/1720-1433-0x00007FFC70070000-0x00007FFC7007D000-memory.dmp

memory/1720-1432-0x00007FFC6BF10000-0x00007FFC6BF29000-memory.dmp

memory/1720-1462-0x00007FFC63130000-0x00007FFC6313D000-memory.dmp

memory/1720-1461-0x00007FFC637E0000-0x00007FFC637EC000-memory.dmp

memory/1720-1460-0x00007FFC637F0000-0x00007FFC637FC000-memory.dmp

memory/1720-1459-0x00007FFC666E0000-0x00007FFC666EB000-memory.dmp

memory/1720-1458-0x00007FFC685E0000-0x00007FFC685EB000-memory.dmp

memory/1720-1457-0x00007FFC6A250000-0x00007FFC6A25C000-memory.dmp

memory/1720-1456-0x00007FFC6A390000-0x00007FFC6A39C000-memory.dmp

memory/1720-1455-0x00007FFC5B7A0000-0x00007FFC5B7B2000-memory.dmp

memory/1720-1454-0x00007FFC5B7C0000-0x00007FFC5B7D6000-memory.dmp

memory/1720-1453-0x00007FFC5B7E0000-0x00007FFC5B7EC000-memory.dmp

memory/1720-1452-0x00007FFC5B7F0000-0x00007FFC5B802000-memory.dmp

memory/1720-1451-0x00007FFC5C510000-0x00007FFC5CBE8000-memory.dmp

memory/1720-1450-0x00007FFC6A260000-0x00007FFC6A26E000-memory.dmp

memory/1720-1449-0x00007FFC6A270000-0x00007FFC6A27C000-memory.dmp

memory/1720-1448-0x00007FFC6A280000-0x00007FFC6A28C000-memory.dmp

memory/1720-1447-0x00007FFC6A2A0000-0x00007FFC6A2AB000-memory.dmp

memory/1720-1446-0x00007FFC6C2A0000-0x00007FFC6C2AB000-memory.dmp

memory/1720-1445-0x00007FFC6C640000-0x00007FFC6C64C000-memory.dmp

memory/1720-1444-0x00007FFC6C9F0000-0x00007FFC6C9FB000-memory.dmp

memory/1720-1443-0x00007FFC6CA90000-0x00007FFC6CA9B000-memory.dmp

memory/1720-1442-0x00007FFC6CD10000-0x00007FFC6CD1D000-memory.dmp

memory/1720-1465-0x00007FFC5B750000-0x00007FFC5B772000-memory.dmp

memory/1720-1464-0x00007FFC6CA00000-0x00007FFC6CA25000-memory.dmp

memory/1720-1463-0x00007FFC5B780000-0x00007FFC5B794000-memory.dmp

memory/1720-1466-0x00007FFC5BC90000-0x00007FFC5C1B2000-memory.dmp

memory/1720-1470-0x00007FFC5B6A0000-0x00007FFC5B6B1000-memory.dmp

memory/1720-1469-0x00007FFC5B6C0000-0x00007FFC5B70D000-memory.dmp

memory/1720-1468-0x00007FFC5B710000-0x00007FFC5B729000-memory.dmp

memory/1720-1467-0x00007FFC5B730000-0x00007FFC5B747000-memory.dmp

memory/1720-1471-0x00007FFC5B670000-0x00007FFC5B68E000-memory.dmp

memory/1720-1474-0x00007FFC5B610000-0x00007FFC5B66D000-memory.dmp

memory/1720-1473-0x00007FFC5BBC0000-0x00007FFC5BC8D000-memory.dmp

memory/1720-1472-0x00007FFC6C2B0000-0x00007FFC6C2C4000-memory.dmp

memory/1720-1475-0x00007FFC5B5D0000-0x00007FFC5B608000-memory.dmp

memory/1720-1476-0x00007FFC5B5A0000-0x00007FFC5B5C9000-memory.dmp

memory/1720-1477-0x00007FFC5B560000-0x00007FFC5B58E000-memory.dmp

memory/1720-1480-0x00007FFC5B3B0000-0x00007FFC5B526000-memory.dmp

memory/1720-1479-0x00007FFC5B530000-0x00007FFC5B554000-memory.dmp

memory/1720-1478-0x00007FFC6CD10000-0x00007FFC6CD1D000-memory.dmp

memory/1720-1495-0x00007FFC5B2C0000-0x00007FFC5B2CC000-memory.dmp

memory/1720-1501-0x00007FFC5B270000-0x00007FFC5B27C000-memory.dmp

memory/1720-1500-0x00007FFC5B280000-0x00007FFC5B292000-memory.dmp

memory/1720-1499-0x00007FFC5B6C0000-0x00007FFC5B70D000-memory.dmp

memory/1720-1498-0x00007FFC5B2A0000-0x00007FFC5B2AD000-memory.dmp

memory/1720-1496-0x00007FFC5B730000-0x00007FFC5B747000-memory.dmp

memory/1720-1497-0x00007FFC5B2B0000-0x00007FFC5B2BC000-memory.dmp

memory/1720-1494-0x00007FFC5B750000-0x00007FFC5B772000-memory.dmp

memory/1720-1493-0x00007FFC5B2D0000-0x00007FFC5B2DB000-memory.dmp

memory/1720-1492-0x00007FFC5B2E0000-0x00007FFC5B2EB000-memory.dmp

memory/1720-1491-0x00007FFC5B2F0000-0x00007FFC5B2FC000-memory.dmp

memory/1720-1490-0x00007FFC5B320000-0x00007FFC5B32C000-memory.dmp

memory/1720-1489-0x00007FFC5B300000-0x00007FFC5B30E000-memory.dmp

memory/1720-1488-0x00007FFC5B310000-0x00007FFC5B31C000-memory.dmp

memory/1720-1487-0x00007FFC5B330000-0x00007FFC5B33B000-memory.dmp

memory/1720-1486-0x00007FFC5B340000-0x00007FFC5B34C000-memory.dmp

memory/1720-1485-0x00007FFC5B350000-0x00007FFC5B35B000-memory.dmp

memory/1720-1484-0x00007FFC5B360000-0x00007FFC5B36C000-memory.dmp

memory/1720-1483-0x00007FFC5B370000-0x00007FFC5B37B000-memory.dmp

memory/1720-1482-0x00007FFC5B380000-0x00007FFC5B38B000-memory.dmp

memory/1720-1481-0x00007FFC5B390000-0x00007FFC5B3A8000-memory.dmp

memory/1720-1502-0x00007FFC5B230000-0x00007FFC5B265000-memory.dmp

memory/1720-1503-0x00007FFC5B610000-0x00007FFC5B66D000-memory.dmp

memory/1720-1504-0x00007FFC5AF50000-0x00007FFC5B230000-memory.dmp

memory/1720-1505-0x00007FFC5B5D0000-0x00007FFC5B608000-memory.dmp

memory/1720-1506-0x00007FFC58E50000-0x00007FFC5AF43000-memory.dmp

memory/1720-1510-0x00007FFC58E00000-0x00007FFC58E21000-memory.dmp

memory/1720-1509-0x00007FFC58E30000-0x00007FFC58E47000-memory.dmp

memory/1720-1508-0x00007FFC5B3B0000-0x00007FFC5B526000-memory.dmp

memory/1720-1507-0x00007FFC5B5A0000-0x00007FFC5B5C9000-memory.dmp

memory/1720-1511-0x00007FFC5B530000-0x00007FFC5B554000-memory.dmp

memory/1720-1512-0x00007FFC58B60000-0x00007FFC58B82000-memory.dmp

memory/1720-1513-0x00007FFC58AC0000-0x00007FFC58B59000-memory.dmp

memory/1720-1514-0x00007FFC58A90000-0x00007FFC58AC0000-memory.dmp

memory/1720-1521-0x00007FFC589E0000-0x00007FFC589FA000-memory.dmp

memory/1720-1520-0x00007FFC58A00000-0x00007FFC58A41000-memory.dmp

memory/1720-1519-0x00007FFC58A50000-0x00007FFC58A81000-memory.dmp

memory/1720-1518-0x00007FFC588C0000-0x00007FFC58972000-memory.dmp

memory/1720-1517-0x00007FFC58980000-0x00007FFC58994000-memory.dmp

memory/1720-1516-0x00007FFC589A0000-0x00007FFC589BC000-memory.dmp

memory/1720-1515-0x00007FFC589C0000-0x00007FFC589D9000-memory.dmp

memory/1720-1522-0x00007FFC58670000-0x00007FFC588B9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hpe0dzsm.ygz.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1720-1550-0x00007FFC6C2B0000-0x00007FFC6C2C4000-memory.dmp

memory/1720-1581-0x00007FFC5B750000-0x00007FFC5B772000-memory.dmp

memory/1720-1585-0x00007FFC5B6A0000-0x00007FFC5B6B1000-memory.dmp

memory/1720-1584-0x00007FFC5B6C0000-0x00007FFC5B70D000-memory.dmp

memory/1720-1583-0x00007FFC5B710000-0x00007FFC5B729000-memory.dmp

memory/1720-1582-0x00007FFC5B730000-0x00007FFC5B747000-memory.dmp

memory/1720-1580-0x00007FFC5B780000-0x00007FFC5B794000-memory.dmp

memory/1720-1579-0x00007FFC5B7A0000-0x00007FFC5B7B2000-memory.dmp

memory/1720-1578-0x00007FFC5B7C0000-0x00007FFC5B7D6000-memory.dmp

memory/1720-1577-0x00007FFC5B7E0000-0x00007FFC5B7EC000-memory.dmp

memory/1720-1576-0x00007FFC5B7F0000-0x00007FFC5B802000-memory.dmp

memory/1720-1575-0x00007FFC63130000-0x00007FFC6313D000-memory.dmp

memory/1720-1574-0x00007FFC637E0000-0x00007FFC637EC000-memory.dmp

memory/1720-1573-0x00007FFC637F0000-0x00007FFC637FC000-memory.dmp

memory/1720-1572-0x00007FFC666E0000-0x00007FFC666EB000-memory.dmp

memory/1720-1571-0x00007FFC685E0000-0x00007FFC685EB000-memory.dmp

memory/1720-1570-0x00007FFC6A250000-0x00007FFC6A25C000-memory.dmp

memory/1720-1569-0x00007FFC6A260000-0x00007FFC6A26E000-memory.dmp

memory/1720-1568-0x00007FFC6A270000-0x00007FFC6A27C000-memory.dmp

memory/1720-1567-0x00007FFC6A280000-0x00007FFC6A28C000-memory.dmp

memory/1720-1566-0x00007FFC6A2A0000-0x00007FFC6A2AB000-memory.dmp

memory/1720-1565-0x00007FFC6A390000-0x00007FFC6A39C000-memory.dmp

memory/1720-1564-0x00007FFC6C2A0000-0x00007FFC6C2AB000-memory.dmp

memory/1720-1563-0x00007FFC6C640000-0x00007FFC6C64C000-memory.dmp

memory/1720-1562-0x00007FFC6C9F0000-0x00007FFC6C9FB000-memory.dmp

memory/1720-1561-0x00007FFC6CA90000-0x00007FFC6CA9B000-memory.dmp

memory/1720-1560-0x00007FFC6CD10000-0x00007FFC6CD1D000-memory.dmp

memory/1720-1559-0x00007FFC5B8A0000-0x00007FFC5B9BB000-memory.dmp

memory/1720-1558-0x00007FFC6BEA0000-0x00007FFC6BEC7000-memory.dmp

memory/1720-1557-0x00007FFC6FD20000-0x00007FFC6FD2B000-memory.dmp

memory/1720-1556-0x00007FFC6FDD0000-0x00007FFC6FDDD000-memory.dmp

memory/1720-1555-0x00007FFC5BBC0000-0x00007FFC5BC8D000-memory.dmp

memory/1720-1554-0x00007FFC6BED0000-0x00007FFC6BF03000-memory.dmp

memory/1720-1553-0x00007FFC70070000-0x00007FFC7007D000-memory.dmp

memory/1720-1552-0x00007FFC6BF10000-0x00007FFC6BF29000-memory.dmp

memory/1720-1551-0x00007FFC5BC90000-0x00007FFC5C1B2000-memory.dmp

memory/1720-1549-0x00007FFC6C2D0000-0x00007FFC6C2FD000-memory.dmp

memory/1720-1548-0x00007FFC6C6D0000-0x00007FFC6C6E9000-memory.dmp

memory/1720-1547-0x00007FFC723F0000-0x00007FFC723FF000-memory.dmp

memory/1720-1546-0x00007FFC6CA00000-0x00007FFC6CA25000-memory.dmp

memory/1720-1545-0x00007FFC5C510000-0x00007FFC5CBE8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI39762\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

MD5 3b83ef96387f14655fc854ddc3c6bd57
SHA1 2b8b815229aa8a61e483fb4ba0588b8b6c491890
SHA256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30
SHA512 98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

C:\Users\Admin\AppData\Local\Temp\_MEI39762\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

MD5 0ba8d736b7b4ab182687318b0497e61e
SHA1 311ba5ffd098689179f299ef20768ee1a29f586d
SHA256 d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103
SHA512 7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

C:\Users\Admin\AppData\Local\Temp\_MEI39762\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

MD5 24019423ea7c0c2df41c8272a3791e7b
SHA1 aae9ecfb44813b68ca525ba7fa0d988615399c86
SHA256 1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e
SHA512 09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

memory/2468-3007-0x00007FFC5C510000-0x00007FFC5CBE8000-memory.dmp

memory/2468-3029-0x00007FFC6C2A0000-0x00007FFC6C2AC000-memory.dmp

memory/2468-3028-0x00007FFC6C640000-0x00007FFC6C64B000-memory.dmp

memory/2468-3027-0x00007FFC6C6D0000-0x00007FFC6C6DC000-memory.dmp

memory/2468-3026-0x00007FFC6C6E0000-0x00007FFC6C6EB000-memory.dmp

memory/2468-3025-0x00007FFC6CA90000-0x00007FFC6CA9C000-memory.dmp

memory/2468-3024-0x00007FFC6CAE0000-0x00007FFC6CAEB000-memory.dmp

memory/2468-3023-0x00007FFC6CD10000-0x00007FFC6CD1B000-memory.dmp

memory/2468-3022-0x00007FFC6FD20000-0x00007FFC6FD2D000-memory.dmp

memory/2468-3021-0x00007FFC5BF10000-0x00007FFC5C02B000-memory.dmp

memory/2468-3020-0x00007FFC6BEC0000-0x00007FFC6BEE7000-memory.dmp

memory/2468-3019-0x00007FFC6FDD0000-0x00007FFC6FDDB000-memory.dmp

memory/2468-3018-0x00007FFC70070000-0x00007FFC7007D000-memory.dmp

memory/2468-3017-0x00007FFC5C030000-0x00007FFC5C0FD000-memory.dmp

memory/2468-3016-0x00007FFC6BEF0000-0x00007FFC6BF23000-memory.dmp

memory/2468-3015-0x00007FFC70440000-0x00007FFC7044D000-memory.dmp

memory/2468-3014-0x00007FFC6C2B0000-0x00007FFC6C2C9000-memory.dmp

memory/2468-3013-0x00007FFC5D520000-0x00007FFC5DA42000-memory.dmp

memory/2468-3012-0x00007FFC6CA10000-0x00007FFC6CA24000-memory.dmp

memory/2468-3011-0x00007FFC6CAF0000-0x00007FFC6CB1D000-memory.dmp

memory/2468-3010-0x00007FFC6CBF0000-0x00007FFC6CC09000-memory.dmp

memory/2468-3009-0x00007FFC74130000-0x00007FFC7413F000-memory.dmp

memory/2468-3008-0x00007FFC6CB20000-0x00007FFC6CB45000-memory.dmp